View Full Version : Smitfraud?
pt50py50
2007-03-29, 18:17
Hi,
I am having a problem with a popup window indicating "your computer is infected" System then automatically opens web pages for spyware removal.
Ran etrust online scan. It found one virus it could not remove.
A0052809.dll Win32/Startpage.NN cannot cureC:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP751\
Ran spybot. Found Smitfraud tool bar and removed
Ran hyjackthis
Logfile of HijackThis v1.99.1
Scan saved at 5:31:16 PM, on 3/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\v6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ijrbbpd] C:\WINDOWS\ptcore.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Leanne\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail -cluster 2
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\System32\v6.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\__c00D9654.dat",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken2003\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173750659656
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: __c0017E2A - C:\WINDOWS\System32\__c0017E2A.dat
O20 - Winlogon Notify: __c005EA68 - C:\WINDOWS\System32\__c005EA68.dat
O20 - Winlogon Notify: __c00FFF44 - C:\WINDOWS\System32\__c00FFF44.dat
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: Network Security Service (%AF夶À¨) - Unknown owner - C:\WINDOWS\winaj.exe (file missing)
Thanks in advance for your help.
Hello pt50py50 and welcome to the Forums :)
You got some infections
Download AboutBuster:
http://www.besttechie.net/tools/AboutBuster.zip
http://www.malwarebytes.org/AboutBuster.zip
Once downloaded, unzip it, and put the folder on your desktop. Then double-click on the AboutBuster icon to start the program.
Next, click Begin Removal.
When the scan is done, click Ok.
click Exit.
After you click Exit, that dialog box will popup, click Ok.
Then post the AboutBuster log to here.
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
pt50py50
2007-03-30, 04:19
Mr_Jak3 thanks for the quick reply.
Ran AboutBuster
AboutBuster 6.06
Scan started on [3/29/2007] at [7:43:15 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Removed Stream! C:\WINDOWS\NOTEPAD.EXE:ufakkl
Removed Stream! C:\WINDOWS\OCMSN.LOG:mgtpev
Removed Stream! C:\WINDOWS\OEWABLog.txt:fgmugy
-------------------------------------------------------------
Removed File! : C:\WINDOWS\ilzaj.dat
-------------------------------------------------------------
Removed Temp Files
Internet Explorer Settings Reset!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:47:44 PM
AboutBuster 6.06
Scan started on [3/29/2007] at [7:54:43 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:57:30 PM
Ran Vundofix.exe No problems were found.
VundoFix V6.3.18
Checking Java version...
Sun Java not detected
Scan started at 8:01:58 PM 3/29/2007
Listing files found while scanning....
No infected files were found.
Hijackthis log
Beginning removal...
Logfile of HijackThis v1.99.1
Scan saved at 8:08:07 PM, on 3/29/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\v6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ijrbbpd] C:\WINDOWS\ptcore.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Leanne\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail -cluster 2
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\System32\v6.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\__c00B4F06.dat",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken2003\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173750659656
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: __c0017E2A - C:\WINDOWS\System32\__c0017E2A.dat
O20 - Winlogon Notify: __c005EA68 - C:\WINDOWS\System32\__c005EA68.dat
O20 - Winlogon Notify: __c00FFF44 - C:\WINDOWS\System32\__c00FFF44.dat
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: Network Security Service (%AF夶À¨) - Unknown owner - C:\WINDOWS\winaj.exe (file missing)
Lots of active popups when I went to post this information. What is next?
Thanks, pt50py50
Hi again, we'll continue :)
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
==================
Stop the following processes using Task Manager (press ctrl+alt+del, select the Processes tab, highlight the first process in the list and click End Process). Continue through the list (one at a time) until all processes have been ended. If something isn't found, please continue with the next process in the list.
v6.exe
Disable the bad service
Start
Run
Type services.msc to the field and press enter.
A window opens, scroll down to Network Security Service (%AF夶À¨)
Rightclick it and choose Stop
Then choose Properties
Set Startup to Disabled
Click Apply and OK.
Then, open HijackThis.
Open the Misc Tools section
Delete an NT service
Copy the following line to the box and press OK; Network Security Service
Answer Yes
Close HIjackThis
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O4 - HKLM\..\Run: [ijrbbpd] C:\WINDOWS\ptcore.exe
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Leanne\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail -cluster 2
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\System32\v6.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\__c00B4F06.dat",setvm
O20 - Winlogon Notify: __c0017E2A - C:\WINDOWS\System32\__c0017E2A.dat
O20 - Winlogon Notify: __c005EA68 - C:\WINDOWS\System32\__c005EA68.dat
O20 - Winlogon Notify: __c00FFF44 - C:\WINDOWS\System32\__c00FFF44.dat
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Go to the My Computer and delete the following files (if present):
C:\WINDOWS\ptcore.exe
C:\WINDOWS\System32\v6.exe
C:\WINDOWS\System32\__c00B4F06.dat
C:\WINDOWS\System32\__c0017E2A.dat
C:\WINDOWS\System32\__c005EA68.dat
C:\WINDOWS\System32\__c00FFF44.dat
C:\WINDOWS\winaj.exe
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Reboot in Normal Mode.
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
================
When you're ready, please post the following logs to here:
- a fresh HijackThis log
- kaspersky report
pt50py50
2007-03-31, 03:21
I am afraid I didn't get too far. I ended V6.exe, but in services.msc "Network Security Service" was already stopped. I set it to disabled and continued with Hijackthis, but could not delete Network Security Service. The message read "not found in registry make sure you entered the short name". Is there a short name for this?
Hello :)
Please try copying this short name to the service box: %AF夶À¨
:bigthumb:
pt50py50
2007-03-31, 22:09
Ok, I entered the short name as you showed for network Security Services, but I am still getting the same not found in registry message. As a check I went back in to services.msc and tried to start Network Security Services. I got an error message that the "system can not find the file specified". Could this file me missing?
Hi :)
Ok you may skip that part for now. Continue with the instructions :bigthumb:
pt50py50
2007-04-01, 19:47
Ok Mr Jak3 thanks for the patience.
Ran hyjackthis and checked the indicated items
Found V6, but not an .exe so left it
Deleted C:\WINDOWS\System32\__c00B4F06.dat
C:\WINDOWS\System32\__c0017E2A.dat
C:\WINDOWS\System32\__c005EA68.dat
C:\WINDOWS\System32\__c00FFF44.dat
Looked for winaj.exe. Found winaj.exe-24ede9f9.pf but left it since it was not an exact match
Ran ATF cleaner
Ran on-line scan. Still has a browser redirect when I connected.
New Hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 12:33:52 PM, on 4/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ijrbbpd] C:\WINDOWS\ptcore.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Leanne\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail -cluster 2
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\__c008F646.dat",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken2003\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173750659656
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: __c0017E2A - C:\WINDOWS\System32\__c0017E2A.dat
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Kasper scan in next post
Hi again, we'll continue :)
Delete that winaj.exe-24ede9f9.pf too...
You should print these instructions or save these to a text file. Follow these instructions carefully.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
Please download the Killbox (http://www.downloads.subratam.org/KillBox.zip).
Unzip it to the desktop but do NOT run it yet.
==================
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O4 - HKLM\..\Run: [ijrbbpd] C:\WINDOWS\ptcore.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\__c008F646.dat",setvm
O20 - Winlogon Notify: __c0017E2A - C:\WINDOWS\System32\__c0017E2A.dat
Please run Killbox.
Select "Delete on Reboot".
Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\System32\__c008F646.dat
C:\WINDOWS\System32\__c0017E2A.dat
C:\WINDOWS\ptcore.exe
C:\WINDOWS\System32\v6.exe
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Select "All Files".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
================
When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
pt50py50
2007-04-01, 22:10
Correction
I was unable to delete c0017e2a.dat file was in use
PART 1
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 01, 2007 2:57:39 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 1/04/2007
Kaspersky Anti-Virus database records: 289744
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 50951
Number of viruses found: 2
Number of infected objects: 4 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:41:23
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Documents\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Leanne\Application Data\Adobe\Acrobat\Preferences\WebCaptr.prefs Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Apple Computer\iTunes\CD Info.cidb Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Apple Computer\iTunes\iTunes.pref Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\ArcSoft\ArcRegister\1.0\ArcRegister.INI Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\ArcSoft\Funhouse\1.0\Funhouse.ini Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\ArcSoft\Funhouse\1.0\MyPhoto.jpg Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\ArcSoft\Greeting Card Creator\1.0\GreetingCard.ini Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\log.idx Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000101.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000102.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000103.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000104.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000105.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000106.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000107.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000108.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000109.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000110.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000111.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000112.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000113.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000114.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000115.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000116.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000117.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000118.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\l_000119.log Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\sched-0001.cfg Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\AVG7\sched-0002.cfg Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\HP\Install\LaunchPad.htm Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\description.ini Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2005-01-24 21-55-07.txt Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2005-02-06 10-00-12.txt Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2005-04-16 10-58-56.txt Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2005-04-30 10-29-00.txt Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2007-01-22 20-11-20.txt Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2007-01-22 20-27-18.txt Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2007-03-10 07-53-46.txt Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2007-03-10 12-02-22.txt Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2007-03-10 19-04-03.txt Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\Quarantine\auto-quarantine- 2005-02-06 10-00-39.bckp Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\Quarantine\auto-quarantine- 2005-04-16 11-00-56.bckp Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\Quarantine\auto-quarantine- 2005-04-30 10-29-31.bckp Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\Quarantine\auto-quarantine- 2007-01-22 20-13-52.bckp Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\Quarantine\auto-quarantine- 2007-01-22 20-29-41.bckp Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\Quarantine\auto-quarantine- 2007-03-10 07-56-32.bckp Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\Quarantine\auto-quarantine- 2007-03-10 12-03-20.bckp Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\Quarantine\auto-quarantine- 2007-03-10 19-04-39.bckp Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\settings.awc Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Lavasoft\Ad-Aware\stats.awd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\#SharedObjects\JUCEP798\ingdirect.com\myaccount\pmfso.swf\PassMark.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\#SharedObjects\JUCEP798\mail.google.com\mail\html\audio.swf\mediaPlayerUserSettings.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\#SharedObjects\JUCEP798\pagead2.googlesyndication.com\pagead\googleadplayer.swf\mediaPlayerUserSettings.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\#SharedObjects\JUCEP798\www.picnik.com\ClientState.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\#SharedObjects\JUCEP798\www.shoprite.com\soundcookie.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\#SharedObjects\JUCEP798\www.youtube.com\soundData.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fisher-price.com\settings.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ingdirect.com\settings.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#macromedia.com\settings.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mail.google.com\settings.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pagead2.googlesyndication.com\settings.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#snapfish.com\settings.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.picnik.com\settings.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.shoprite.com\settings.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www2.snapfish.com\settings.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Address Book\Leanne.wab Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Address Book\Leanne.wa~ Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.cch Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.old Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1420413255-1099630191-1951895188-1007\1f0b60827a4c7c08356ee212eb67ae05_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Internet Explorer\BRNDLOG.TXT Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 7.0.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Internet Explorer\Quick Launch\Dell Jukebox by musicmatch.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Internet Explorer\Quick Launch\MSN Explorer.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Internet Explorer\Quick Launch\RealOne Player.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\MSDAIPP\Offline\0x00000001_R Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\MSDAIPP\Offline\0x00000003_R Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\MSDAIPP\Offline\g\00000125 Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\MSDAIPP\Offline\HashFile.dat Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Office\Excel10.pip Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Office\fbc7.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Office\MSO1033.acl Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Office\MSOut10.pip Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Office\Publis10.pip Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Office\Recent\index.dat Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Office\Recent\My Pictures.LNK Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Office\Recent\wanted.LNK Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Office\Word10.pip Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Outlook\Outlook.FAV Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Proof\CUSTOM.DIC Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Protect\S-1-5-21-1420413255-1099630191-1951895188-1003\84fc49ac-921d-4c80-b17c-a5f0f1309f45 Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Protect\S-1-5-21-1420413255-1099630191-1951895188-1003\Preferred Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Protect\S-1-5-21-1420413255-1099630191-1951895188-1007\1adddfa5-ffe0-45a2-b080-59f8b7dbd8f0 Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Protect\S-1-5-21-1420413255-1099630191-1951895188-1007\a1546c91-a4e7-4275-930f-534ec2ab31ef Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Protect\S-1-5-21-1420413255-1099630191-1951895188-1007\Preferred Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Speech\Files\UserLexicons\SP_BC22473E4B7443FA86F1D4E96BDE0278.dat Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Templates\~$Normal.dot Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\Msg\20_1173070032\IPM_MahjongFortuna1_en.swf Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\Msg\20_1173070032\MahjongFortuna_en.smi Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\Msg\Category.dat Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\Msg\Messages.dat Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\Msg\SCategory.dat Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\autonum.txt Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000001.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000002.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000003.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000004.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000005.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000006.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000007.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000008.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000009.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000010.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000011.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000012.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000013.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000014.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000015.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000016.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000017.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000018.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000019.tmd Object is locked skipped
pt50py50
2007-04-01, 22:11
PART 2
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000020.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000021.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000022.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000023.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000024.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000025.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000026.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000027.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000028.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000029.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000030.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000031.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000032.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000033.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000034.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000035.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000036.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000037.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000038.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000039.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000040.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000041.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000042.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000043.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000044.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000045.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000046.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000047.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000048.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000049.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000050.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000051.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000052.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000053.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000054.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000055.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000056.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000057.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000058.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000059.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000060.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000061.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000062.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000063.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000064.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000065.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000066.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000067.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000068.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000069.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000070.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000071.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000072.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000073.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000074.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000075.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000076.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000077.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000078.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000079.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000080.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000081.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000082.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000083.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000084.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000085.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000086.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000087.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000088.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000089.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000090.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000091.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000092.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000093.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000094.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000095.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000096.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000097.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000098.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000099.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000100.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000101.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000102.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000103.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000104.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000105.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\Backup\000\000106.tmd Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\CD.CDX Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\CD.DBF Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\CDTRAX.CDX Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\CDTRAX.DBF Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\listview.dat Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\NAMES.CDX Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\NAMES.DBF Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\PLAYGRPS.CDX Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\PLAYGRPS.DBF Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\PLAYLIST.CDX Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\playlist.dat Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\PLAYLIST.DBF Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\PLAYLIST.FPT Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\PLAYTRAX.CDX Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\PLAYTRAX.DBF Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\TRACKS.CDX Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\TRACKS.DBF Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\TRACKS.FPT Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\TRAKINFO.CDX Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\TRAKINFO.DBF Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\treestate.dat Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\VALUES.CDX Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\VALUES.DBF Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\db\version Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\History\-script-document.write(pageTitle);--script-.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\History\1[1].mpg.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\History\3[1].mpg.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\History\4[1].mpg.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\History\5[1].mpg.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\History\6[1].mpg.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\History\firstrun.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\History\Track 1.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\History\Untitled Document.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\History\Welcome to RealOne Player.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\realplayer.ste Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\skins\data\normal\state.ini Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\Temp\~rptemp0\loc\en\data.js Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\Temp\~rptemp0\loc\en\style.css Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\Temp\~rptemp1\loc\en\data.js Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\Temp\~rptemp1\loc\en\style.css Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\RealOne Player\viz.ini Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Real\rnadmin\rnsystem.dat Object is locked skipped
C:\Documents and Settings\Leanne\Application Data\Symantec\Shared\Options.VcPref Object is locked skipped
C:\Documents and Settings\Leanne\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Leanne\Desktop\AdAware.exe Object is locked skipped
C:\Documents and Settings\Leanne\Desktop\Complete IncrediMail Installation.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Desktop\desktop.ini Object is locked skipped
C:\Documents and Settings\Leanne\Desktop\iTunesSetup.exe Object is locked skipped
C:\Documents and Settings\Leanne\Desktop\Spider Solitaire.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Desktop\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Angry Alien Productions, Sase and Topsie.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Bright Horizons - Answering Young Children's Tough Questions#continued.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Charley's - Hobby Greenhouse Kits & Greenhouse Supplies.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Dell\Dell Auction.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Dell\Dell.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Dell\Dellnet.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Dell\Gigabuys.url Object is locked skipped
pt50py50
2007-04-01, 22:15
PART 3
C:\Documents and Settings\Leanne\Favorites\Dell\Support.Dell.com.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Financial Links\MSN CarPoint.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Financial Links\MSN Home.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Financial Links\MSN HomeAdvisor.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Financial Links\MSN Hotmail.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Financial Links\MSN Money.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Financial Links\MSN People & Chat.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Financial Links\MSN Shopping.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Financial Links\MSN Web Search.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Financial Resources Federal Credit Union Home.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Gmail - Compose Mail.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Gmail - Inbox (1).url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Home drug test kits, Urine Drug testing kits, Saliva Drug Tests, Pregnancy tests Buy Drug Tests.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\http--paypal.promotionexpert.com-greatshopping-list_ECS2.html.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Hunterdon County Event Calendar - Community Links @ Hunterdon Moms Online.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Hunterdon County MOMS Clubs - Make Connections @ Hunterdon Moms Online.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Hunterdon County YMCA.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Intellicast's 10 Day Forecast for Flemington.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Links\RealPlayer.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Login to Patriot Media WebMail.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Mah Jong Play Solitaire Mahjong Free, A traditional Chinese Tiles Game 02.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Mahjong. Play a free MahJongg solitaire tiles game online. Chinese towers board game..url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Media\Real.com Radio Tuner.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Microsoft bCentral.lnk Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Online Learning Games from Fisher-Price – For Infants, Toddlers & Preschoolers.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\PriceGrabber.com - Comparison Shopping Beyond Compare.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\RealPlayer Home Page.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\Slickdeals.net.url Object is locked skipped
C:\Documents and Settings\Leanne\Favorites\YMCA.url Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Apple Computer\iTunes\iTunes.pref Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\12\9cc1a2e4-96cce342-3c90cfcf-2665caa5.qtch Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\00\a056d551-a624b8c2-d3fdd11b-81ce7f9b.qtch Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\10\ca92a00a-ec9d0dcf-6e45e82b-89f40cd3.qtch Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\11\ebbb88fe-3c8fac16-36ed8eec-7abd85d4.qtch Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\AlertView.exe.8de2ebce.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\ClientApplicationFrameWork.exe.3ead1c54.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\DFolder.exe.368dcbb5.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\DNgen.exe.516df7ac.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\DReg1.exe.2e6500e7.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\ExpEval21.exe.8f3e9125.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\GUI.exe.f0196921.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\ISCallingDLL.exe.7c210265.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\Ngen.exe.89f695a3.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\prstp.exe.a15f4573.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\rng.exe.ac4aa698.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\ssIS.exe.be56f7cc.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\startDSLog.exe.c6f6cd35.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\update21GUI.exe.c94e3979.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.264e9cf4.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.4babd34.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.558269b5.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.77164975.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.ba34fb79.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.f711c2b7.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.fe78d26e.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\cleanup.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Outbox.dbx Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Microsoft\FORMS\FRMCACHE.DAT Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Microsoft\HelpCtr\D23D0028-A543-4767-B4AA-1581D8E1CDB2_1033.xml Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Microsoft\Money\10.0\urlmap.db Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Microsoft\Outlook\extend.dat Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Application Data\SONICblue\Rio Music Manager\source.db Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\10.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\10cce7.mst Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\10cce9.mst Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\11.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\12.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\13.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\130d80.mst Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\130d82.mst Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\14.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\149f2c.mst Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\149f2e.mst Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\15.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\17.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\18.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\19.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\1A.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\1B.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\1C.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\1D.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\1E.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\1F.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\20.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\21.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\22.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\23.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\2373b162.mst Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\24.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\25.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\26.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\27.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\28.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\29.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\2A.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\2B.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\2C.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\2D.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\2E.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\2F.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\30.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\31.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\32.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\33.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\34.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\35.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\36.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\37.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\38.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\39.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\3A.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\3B.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\3C.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\3D.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\3E.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\3F.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\40.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\41.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\42.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\43.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\44.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\45.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\46.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\47.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\48.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\49.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\4A.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\4B.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\4C.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\4D.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\4D8C7A.dmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\4E.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\4F.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\50.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\51.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\52.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\53.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\54.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\544cfa60dc6548c99173cec194361f53.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\55.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\56.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\57.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\59.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\5A.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\5B.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\5b280.mst Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\5C.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\63.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\66.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\68.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\69.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\6A.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\6a82a.mst Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\7608d.mst Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\876ad143.mst Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\876b956e.mst Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\AAX19.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\AAX26.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\AAX2A.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\AAX2B.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\AAX2F.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\AAX30.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\AolCoach.cab Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\b447785.msi Object is locked skipped
pt50py50
2007-04-01, 22:18
PART 4
C:\Documents and Settings\Leanne\Local Settings\Temp\b4b9e16.msi Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\b4e6eab.msi Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\b4eb430.msi Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\b4f6dcc.msi Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\b500355.msi Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\b805.mst Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\b991af2.mst Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Cookies\leanne@afy11[1].txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Cookies\leanne@cgi-bin[1].txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Cookies\leanne@dealnews[1].txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Cookies\leanne@dell[1].txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Cookies\leanne@google[1].txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Cookies\leanne@lnt[1].txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Cookies\leanne@www.lnt[1].txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\CoolCache\Piggy.CGD Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\CoolCache\Squiggly.CGD Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Dll_.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\e28c2.mst Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\F.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\fa81.rra Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\file_2.exe Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\FORB.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\FORC.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\GGG2.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\ci.dll Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\cires_en.dll Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\GoogleUpdaterAdminPrefs.exe Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\GoogleUpdaterInstallMgr.exe Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\GoogleUpdaterRestartManager.exe Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\GoogleUpdaterSetup.exe Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\32x32_ale.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\32x32_upd.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\desktop.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\earth.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\empty.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\history.htm Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\installer.htm Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\lm.htm Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\maintainer.htm Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\minus.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\msg_error.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\pack.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\picasa.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\plus.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\preferences.htm Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\proxy.htm Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\roundl_g.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\roundr_g.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\shield.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\sort_down.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\sort_up.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\talk.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\toolbar.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\ui.css Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\ui.js Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\ul.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\updates.htm Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\ur.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\video.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\HTML\waiting.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\2.0.710.26346\npCIDetect9.dll Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\gisb9875ee1\GoogleUpdater.exe Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\h2r19.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpfMSI_BufferChm.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpfMSI_Destinations.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpfMSI_DeviceFunctionQFolder.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpfMSI_DeviceManagementQFolder.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpfMSI_dj3900.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpfMSI_eSupportQFolder.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpfMSI_hpproductassistant.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpfMSI_HPSoftwareUpdate.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpfMSI_ImageZoneExpress.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpfMSI_SolutionCenter.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpfMSI_Status.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpfMSI_TrayApp.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpfMSI_WebReg.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzarp000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzarp001.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzarp002.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzarp003.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzarp004.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzarp005.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzcdl000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzchk000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzdui000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzgat000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzgat001.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\HPZIDI000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\HPZIDS.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzmsi000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzmsi001.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzmsi002.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzmsi003.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzmsi004.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzmsi005.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzmsi006.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzmsi007.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzmsi008.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzmsi009.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzmsi010.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzmsi011.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzmsi012.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpznop000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpznop001.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpznop002.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpznop003.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpznop004.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpznop005.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzopt000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzpnp000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzpnp001.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzpnp002.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzpnp003.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzprl000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzprl001.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzprl002.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzprl003.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzprl004.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzprl005.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzprl006.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzprl007.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzprl008.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzpsc000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzpsl000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzrcv000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzrcv001.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzrcv002.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzrei000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzset000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzset001.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzset002.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzset003.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzset004.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzset005.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzshl000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzshl001.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzshl002.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzshl003.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzsui000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzwis000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzwis001.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzwrp000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzwrp001.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzwrp002.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzwrp003.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\hpzwup000.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\IEC12.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\ImInstaller\ImRegFile_0.txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\ImInstaller\ImRegFile_1.txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\ImInstaller\ImRegFile_10.txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\ImInstaller\ImRegFile_2.txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\ImInstaller\ImRegFile_3.txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\ImInstaller\ImRegFile_4.txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\ImInstaller\ImRegFile_5.txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\ImInstaller\ImRegFile_6.txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\ImInstaller\ImRegFile_7.txt Object is locked skipped
pt50py50
2007-04-01, 22:24
Part 5
C:\Documents and Settings\Leanne\Local Settings\Temp\ImInstaller\ImRegFile_8.txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\ImInstaller\ImRegFile_9.txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\ImInstaller\Installer.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\ImInstaller\Installer_IncrediMail.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\IMT32.xml Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\IMT33.xml Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\IMT34.xml Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\isdefc56.rra Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\MAR1.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\MAR10C.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\MAR2.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\MAR3.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\MAR4.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\MAR5.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\MSI4d36f.LOG Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\MSI8d133.LOG Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\MSI8d134.LOG Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\MSI9667e.LOG Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\MSI9b6f5.LOG Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\MSIa6178.LOG Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\msohtml1\01\clip_image001.jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\msohtml1\01\clip_image002.jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\netfxupdate.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Perflib_Perfdata_1ec.dat Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Perflib_Perfdata_200.dat Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Perflib_Perfdata_27c.dat Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Perflib_Perfdata_310.dat Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Perflib_Perfdata_6c8.dat Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Perflib_Perfdata_6d4.dat Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Perflib_Perfdata_6f8.dat Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Perflib_Perfdata_7a0.dat Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Perflib_Perfdata_7c4.dat Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Perflib_Perfdata_7ec.dat Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Perflib_Perfdata_7f4.dat Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\QTInstallCode.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\qtplugin.log Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\rndrcus.exe Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\SetupWrapper.exe Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\STS10F.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\STS16.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\STS4.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\STS6.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\STS8.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\STS97.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\1-1v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\10-0v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\139365[2].html Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\1e-9qpr[1].htm Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\5097_1[1].html Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\660017-medium[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\660037-medium[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\660066-medium[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\7-0v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\7-1v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\9-1v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\buy_now[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\buy_now_left_corner[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\buy_now_watermark[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\CA0X674H.jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\CAKHW9OR Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\calendar-setup[1].js Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\critical[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\deals_pcw[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\desktop.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\Exclusive_deals_140x300[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\getad[2].html Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\getad[3].html Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\header_left_corner[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\header_line[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\lev0_bg1[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\linensnthings[1].htm Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\LNT_51606_banner_credit_card[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\LNT_51606_footer_US_[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\LNT_51606_header_4_new[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\LNT_53324_home_oas5[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\LNT_53324_home_oas8b[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\lnt_footer_rightCorner[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\logo[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\menu[1].htm Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\menu_items[1].js Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\orange_caret[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\pixel[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\square[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\store[1].css Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\s_code[1].js Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\topcoupons[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H2Z01EB\x2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\10300661-10[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\18647-medium[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\2-0v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\2-1v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\4628-medium[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\4821-large[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\5-0v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\6-0v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\6-1v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\ads[1].n Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\ads[2].n Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\banner_background[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\calendar-en[1].js Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\canada_flag_on[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\CASHEJSD.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\christmas[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\common[1].css Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\deals_cs[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\deals_wp[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\desktop.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\down_arrow[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\edealinfo[1].htm Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\email_bot_3[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\finalmark[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\fonts[1].css Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\free_newsletter[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\google[1] Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\google[1].js Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\gsic_welcome[2].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\header_lnt_logo[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\lb[1] Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\linensnthings[1].htm Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\LNT_51606_header_1_nate[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\lnt_bot_left_corner[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\LNT_emailSlider[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\lnt_email_tab[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\lnt_footer_leftCorner[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\logo[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\main[1].css Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\menu[1].js Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\right_caret[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\rssfeed_right_dark[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\shop_stores_light[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\signup_now[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\spacer[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\square_bullet[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\9J70V9JM\urchin[2].js Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\10-1v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\20172-medium[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\3-0v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\3-1v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\31[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\4821-medium[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\5-1v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\660065-small[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\8-0v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\8600-medium[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\968[2] Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\;srccode=DCDNEWS;&cmp=OTC-DEALNEWS;sz=140x300;ord=[timestamp][1].htm Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\afstrack[1] Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\CA0XIDJW Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\CAN29C5R Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\dealcam[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\dealink[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\dealmac[1].png Object is locked skipped
pt50py50
2007-04-01, 22:25
part 6
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\dealram[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\deals[1].css Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\desktop.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\email_submit_tan_bg[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\find_out_more[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\free_newsletter[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\getad[1].html Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\go[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\header_gobutton[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\icon[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\lnt_20_email[1].pdf Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\LNT_51606_header_2_bauer[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\LNT_51606_header_5_clearance[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\LNT_53324_home_oas7[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\lnt_clearance_468x60[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\logo_sm[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\menu_tpl[1].js Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\pixel[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\srad[1].js Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\stars[1].htm Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\store2[1].css Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\toppicks_dark[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\updated_image[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9MNG5IN\vbv_ltbg_71x57[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\1-0v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\20956-medium[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\4-0v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\4-1v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\48183[1].html Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\659662-medium[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\660019-medium[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\8-1v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\8144-medium[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\9-0v2[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\ads[1] Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\ads[1].n Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\buy_now_right_corner[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\CA5PBJBR Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\CAAJIJQP.gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\CAGNEDU5.jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\calendar-win2k-cold-1[1].htm Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\calendar[1].js Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\dealcoupon[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\default[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\desktop.ini Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\detect_browser[1].js Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\dhtml_menus[1].js Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\faded_top_background[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\faded_top_background_snowmound[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\first_visit_tab[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\getad[2].html Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\header_dotted_divider[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\helpful_dark[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\her-dealnews[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\LNT_51606_header_3_holiday[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\LNT_53324_home_aspot[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\LNT_53324_home_oas8a[1].jpg Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\lnt_bottomNav_line[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\lnt_email_tab_onState[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\nav_logo[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\nav_shadow[1].gif Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\omniture[1].js Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\quick_search[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\search[2] Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\shop_cats_dark[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\shop_stores_dark[1].png Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYVS6RTY\show_ads[2].js Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\TWAIN.LOG Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Twain001.Mtx Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Twunk001.MTX Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\Twunk002.MTX Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\wecerr.txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\WER18.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\WER18.tmp.dir00\appcompat.txt Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\ZTRA.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\ZTRB.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\_is4\_ISMSIDEL.INI Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF1033.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF1257.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF131F.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF1459.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF15E1.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF169D.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF16A.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF1AB.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF20A9.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF225B.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF2391.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF2556.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF27A8.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF291C.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF2D0.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF2D08.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF31EF.tmp Object is locked skipped
C:\Documents and Settings\Leanne\Local Settings\Temp\~DF3442.tmp Object is locked skipped
pt50py50
2007-04-01, 22:28
Mr Jak3
Initial Caspersky file was huge. I went back and cleaned out temporary internet files on the other user side of system and rescanned. Size went down significantly, but there still seem to be a lot of temp files. pt50
Hello :)
ok...did you follow the intructions in my last message ?
:bigthumb:
pt50py50
2007-04-02, 21:08
Sorry, I was concentrating on getting the Kaspersky log up and missed your post. I will complete and repost. Pt50
pt50py50
2007-04-03, 02:55
OK AVG Log
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:42:32 PM 4/2/2007
+ Scan result:
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP751\A0052809.dll -> Hijacker.StartPage : Cleaned with backup (quarantined).
C:\Documents and Settings\Steve\Cookies\steve@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Steve\Cookies\steve@ehg-kasperskylab.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Steve\Cookies\steve@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Steve\Cookies\steve@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Steve\Cookies\steve@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
::Report end
Hyjackthis log
Logfile of HijackThis v1.99.1
Scan saved at 7:51:47 PM, on 4/2/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Leanne\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail -cluster 2
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken2003\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173750659656
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
How are we doing? Why does that Incredimail installer keep coming back? What is it?
Pt50
Hello :)
Looking pretty good. How's the computer running?
Still getting popups?
That stubborn IncrediMail is a bug in HijackThis. We'll remove it.
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
pt50py50
2007-04-04, 01:40
I am glad we are looking good. The computer seems to be running pretty well. One problem that started after the last batch of fixes was that my USB travel drive is not being recognized. I get a message "USB device not recogonized... " as soon as I plug it in.
Below is the combofix log
"Steve" - 07-04-03 18:28:04 Service Pack 1
ComboFix 07-04-04 - Running from: "C:\Documents and Settings\Steve\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2007-03-03 to 2007-04-03 ))))))))))))))))))))))))))))))))))
2007-04-02 19:04 <DIR> d-------- C:\!KillBox
2007-04-02 18:47 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-04-01 11:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-03-29 21:01 <DIR> d-------- C:\VundoFix Backups
2007-03-21 09:02 118,798 --a------ C:\WINDOWS\SYSTEM32\__c007446A.dat
2007-03-20 16:53 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-03-20 16:53 <DIR> d-------- C:\Program Files\ArcSoft
2007-03-20 16:39 <DIR> d-------- C:\Program Files\Common Files\HP
2007-03-20 16:38 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-03-20 16:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-03-20 16:23 <DIR> d-------- C:\Program Files\HP
2007-03-20 16:07 78,998 --a------ C:\WINDOWS\hpfins05.dat
2007-03-20 16:07 77,824 -ra------ C:\WINDOWS\SYSTEM32\hpzids01.dll
2007-03-20 16:07 45,056 --a------ C:\WINDOWS\SYSTEM32\hpzll3xu.dll
2007-03-20 16:07 1,395 --------- C:\WINDOWS\hpfmdl05.dat
2007-03-20 16:02 24,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
2007-03-15 22:25 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-03-13 18:32 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-03-13 18:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-03-13 18:23 3,084 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-03-13 18:22 79,360 --a------ C:\WINDOWS\SYSTEM32\swxcacls.exe
2007-03-13 18:22 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-03-13 18:22 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-03-13 18:22 40,960 --a------ C:\WINDOWS\SYSTEM32\swsc.exe
2007-03-13 18:22 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-03-13 18:22 135,168 --a------ C:\WINDOWS\SYSTEM32\swreg.exe
2007-03-12 21:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-12 19:11 <DIR> d-------- C:\Program Files\a-squared Free
2007-03-10 20:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-10 16:26 22,752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-03-10 16:26 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-03-10 16:26 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-03-10 16:19 <DIR> d-------- C:\WINDOWS\SYSTEM32\Dell
2007-03-10 14:43 <DIR> d-------- C:\Program Files\Lavasoft
2007-03-10 13:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-21 09:02 118798 --a------ C:\WINDOWS\SYSTEM32\__c007446a.dat
2007-03-20 17:09 -------- d--h----- C:\Program Files\installshield installation information
2007-03-11 22:16 4212 ---h----- C:\WINDOWS\SYSTEM32\zllictbl.dat
2007-02-26 21:36 -------- d-------- C:\Program Files\itsdeductible2006
2007-02-26 21:35 -------- d-------- C:\Program Files\quicken
2007-02-26 21:33 -------- d-------- C:\Program Files\turbotax
2007-02-16 20:32 -------- d-------- C:\Program Files\google
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"RealPlayer"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BCMSMMSG"="BCMSMMSG.exe"
"MoneyStartUp10.0"="\"C:\\Program Files\\Microsoft Money\\System\\Activation.exe\""
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"DwlClient"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
"TkBellExe"="C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe -osboot"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"ImInstaller_IncrediMail"="C:\\DOCUME~1\\Leanne\\LOCALS~1\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe -startup -product IncrediMail -cluster 2 "
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\Symantec NetDetect.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?w???g?&??V??g?&??SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp????X??????????????????>?w0 ?w????3??w???g???????????g?????CY??????-?s?&??2???????????<???? @???X???X???????????????????Y?????F?Q?????
DwlClient = C:\Program Files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????X:??????x??? ???X??? ??????? ???P???? ?w? ?w)??p????????(???u????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-03 18:31:25
C:\ComboFix-quarantined-files.txt ... 07-04-03 18:31
Ok ComboFix log looks good. Are you using any software/drivers for the USB stick ?
Generate a HijackThis Startup list:
Open HijackThis: Click on "Open the Misc Tools Section"
Check the following boxes to the right of "Generate StartupList Log": List also minor sections (Full)
List empty sections (Complete)
Click "Generate StartupListLog"
Click "Yes" at the prompt.
A Notepad window will open with the contents of the HijackThis Startup list displayed
Copy & Paste that log to here
pt50py50
2007-04-05, 03:14
System is still running great!
No special drivers or software installed for the USB stick.
Start-up list log Part 1
StartupList report, 4/4/2007, 8:09:10 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Steve\Start Menu\Programs\Startup]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Billminder.lnk = C:\Program Files\Quicken\billmind.exe
Digital Line Detect.lnk = ?
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
Quicken Startup.lnk = C:\Program Files\Quicken2003\QWDLLS.EXE
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BCMSMMSG = BCMSMMSG.exe
MoneyStartUp10.0 = "C:\Program Files\Microsoft Money\System\Activation.exe"
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
RealPlayer = "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADScript\shell\open\command
(Default) = C:\WINDOWS\NOTEPAD.EXE "%1"
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry key not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry key not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry key not found*
pt50py50
2007-04-05, 03:18
Start-up log part 2
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
--------------------------------------------------
Enumerating Task Scheduler jobs:
ISP signup reminder 1.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
[SysProWmi Class]
InProcServer32 = C:\WINDOWS\System32\Dell\SystemProfiler\SysPro.ocx
CODEBASE = http://support.dell.com/systemprofiler/SysPro.CAB
[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
[{33564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173750659656
[WScanCtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\webscan.dll
CODEBASE = http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
pt50py50
2007-04-05, 03:20
Start-up log part 3
--------------------------------------------------
Enumerating Windows NT/2000/XP services
abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)
ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ati2mtaa: System32\DRIVERS\ati2mtaa.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system)
AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
BCM V.92 56K Modem: System32\DRIVERS\BCMSM.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
C-DillaCdaC11BA: C:\WINDOWS\System32\drivers\CDAC11BA.EXE (autostart)
cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)
cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)
CdaC15BA: \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel(R) PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
3Com EtherLink XL 90XB/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)
i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
i81x: System32\DRIVERS\i81xnt5.sys (manual start)
iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)
iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
InstallDriver Table Manager: C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)
IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NIC Management Service Configuration Driver: \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS (manual start)
Intel(R) NMS: C:\WINDOWS\System32\NMSSvc.exe (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OMCI WDM Device Driver: System32\DRIVERS\omci.sys (system)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
SONICblue Rio generic driver XP+: System32\Drivers\RIOXDRV.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled)
smwdm: system32\drivers\smwdm.sys (manual start)
Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
srescan: System32\ZoneLabs\srescan.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{F79A1568-D6C5-4C69-A086-936CF52DBBE3} (manual start)
symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)
sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)
ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
X10 Device Network Service: C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (autostart)
X10 USB Wireless Transceiver: System32\Drivers\x10ufx2.sys (manual start)
Network Security Service: C:\WINDOWS\winaj.exe /s (disabled)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 36,498 bytes
Report generated in 0.719 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Now that things are working what settings should I return to previous condition?
Thanks again Pt50
Hello :)
A leftover.
Open Notepad and copy the following lines into a new document:
@echo off
sc stop "Network Security Service"
sc delete "Network Security Service"
Save the document to your desktop as Remove.bat and filetype: All Files
Go to your desktop and run the file Remove.bat and allow to run it if prompted. A window will open and close, this is normal.
Then you could try to use that USB stick with another account on the same pc. Does it work ?
Glad we could help, as the problem appears to be resolved this topic has been archived.
If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.