View Full Version : Can't stop my computer from spamming
My wife's computer is infected with a virus that sends out spam. She has two IMAP email accounts (same email server) she uses with Outlook XP. Only one of the accounts is infected. Her Outlook XP inbox gets filled with "returned mail", sometimes up to 1500 messages a day (mostly in the evening hours). This has been going on for a month.
I have done the following (not necessarily in this order):
1. Ran Ad-Aware Personal & Ad-Aware 2007
2. Ran Advanced WindowsCare V2 Personal
3. Ran SpyBot 1.4 & 1.5
4. Ran ClamWin Antivirus
5. Ran online virus scanners (MCAfee, TrendMicro, Panda Security)
6. Ran Microsoft's SCANPST.EXE on Outlook PST files
7. Ran Microsoft's Malicious Software Removal Tool
8. Ran PestPatrol
9. Ran RegScrubXP registry scrubber
10. Ran DLL Toys' DLL scrubber
11. Reinstalled MS Office XP
12. Installed all the latest Windows & Office updates
13. Removed unused programs & temp files
14. Ran Evidence Eliminator
15. Ran Eraser on unused disk space
None of the above programs have found anything significant. I run Ad-Aware, Spybot, ClamWin, Eraser, PestPatrol, Evidence Eliminator and a Defragger on a regular schedule on all my computers.
I followed your steps to run Kaspersky, Spybot in safe mode and HiJackThis. The logs are zipped and attached as they are too long to copy & paste here.
Let me know of anything else I can try to get rid of this menace.
Brad
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, September 14, 2007 1:12:40 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 14/09/2007
Kaspersky Anti-Virus database records: 418617
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 60000
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:14:38
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\.clamwin\ClamWin.conf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\.clamwin\ScheduledScans Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Acronis\TrueImage\Logs\9DAF0E39-5139-493D-9575-B42144B69CF6.tib.log Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Acronis\TrueImage\Logs\F94ED354-D0A4-48D3-8034-CF10FFAC10C1.tib.log Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Collab\RSS Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AdobeDLM.log Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\dm.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Drag'n Drop CD+DVD\database\DMusiclayout.bim Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1131176026-962688612-136256493-500\a18ca4003deb042bbee7a40f15e1970b_ed0c4a57-8e46-4236-9e94-1c057952bdf0 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\MSO1033.acl Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\Templates.LNK Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Word10.pip Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1131176026-962688612-136256493-500\5377f25b-04cf-446a-8929-3adcc09df765 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1131176026-962688612-136256493-500\Preferred Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\Msg\20_1109878780\bigkahunareef1.smi Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\Msg\20_1109878780\IPM_bigkahunareef1.swf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\Msg\20_1110836881\start7.smi Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\Msg\20_1110836881\superpass_v1.swf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\Msg\3115_1110560907\050311_bom.html Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\Msg\Category.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\Msg\Messages.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\Msg\SCategory.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\cookies.txt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\Backup\iscomplete Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\CD.CDX Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\CD.DBF Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\CDTRAX.CDX Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\CDTRAX.DBF Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\PLAYGRPS.CDX Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\PLAYGRPS.DBF Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\PLAYLIST.CDX Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\PLAYLIST.DBF Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\PLAYLIST.FPT Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\PLAYTRAX.CDX Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\PLAYTRAX.DBF Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\TRACKS.DBF Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\TRACKS.FPT Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\TRACKS2.CDX Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\TRAKINFO.CDX Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\TRAKINFO.DBF Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\db\version Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\ErrorLogs\CDBurning.log Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\ErrorLogs\DownloadMgr.log Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\ErrorLogs\GenDevices.log Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\ErrorLogs\pdgenctnomad.log Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\ErrorLogs\pdgenwmdm.log Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\firstrun.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Untitled Document.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\Welcome to RealPlayer.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\realplayer.ste Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\skins\data\normal\imgcache.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\skins\data\normal\state.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\viz.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\rnadmin\rnsystem.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\MyProfile.UserProfile Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Options.VcPref Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Sessions\20050320020135375.liveReg Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@Ad-Aware-SE-Personal-Edition[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@apple[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@efax[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@element5[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@google[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@jdc.tucows[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@microsoft[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@msn[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@office.microsoft[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@pctools[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@preview[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@roxio[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@search.msn[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@suitesmart[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@sun[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@tucows[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@www.adobe[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@www.efax[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\AcroFnt07.lst Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Color\ACECache4.lst Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142070}\1033.MST Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142070}\Java 2 Runtime Environment, SE v1.4.2_07.msi Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\ASPNETSetup.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\c6b2b3.mst Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\CAPTDR73\~FILECNT.TMP Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\ClamWin1.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\ClamWin2.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\dotNetFx.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\FaxOc.inf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\FaxUnattend.inf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\ginst0.dll Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\IDSinst.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\InfoWindow.dll Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\InstHelp.dll Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\java_install.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\jupdate1.5.0.xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\jusched.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\msiutil(1).log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\mun9D.exe Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\netfx.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\offcln10.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\OfficeUpdate\OU(00001)_Msi.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\OfficeUpdate\OU(00002)_Msi.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\SNDSetup544.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\SNDUpdater544I.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\TWAIN.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\Twain001.Mtx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\Twunk001.MTX Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\Twunk002.MTX Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\VcCleanUp.exe Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\WER460.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\WER460.tmp.dir00\appcompat.txt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\708dda.DLL Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Corecomp.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Ctl3d32.dll Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ISUninst.exe Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ph.txt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\735fd4.DLL Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\Corecomp.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\Ctl3d32.dll Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\ISUninst.exe Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\ph.txt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~441.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\Class3SoftwarePublishers[1].crl Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\CommonFunc[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\commonFunc[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\CommonFunc[3].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\CommonFunc[4].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\Common[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\default[2].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\default[3].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\default[4].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\default[5].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\footer[1].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\footer[2].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\footer[3].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\footer[4].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\mstoolbar[1].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\mstoolbar[2].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\mstoolbar[3].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\mstoolbar[4].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\RSoP[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\RSoP[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\shared[3].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\shared[4].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\shared[5].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\shared[6].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\shared[7].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\shared[8].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\toc[1].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\toc[2].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\toc[3].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\toc[4].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1I64QRUU\trans_pixel[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\CommonFunc[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\commonFunc[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\Common[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\Common[3].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\Common[4].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\Common[5].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\Common[6].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\Common[7].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\default[2].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\footer[1].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\mstoolbar[1].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\RSoP[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\RSoP[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\shared[10].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\shared[11].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\shared[12].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\shared[13].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\shared[14].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\shared[3].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\shared[4].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\shared[5].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\shared[6].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\shared[7].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\shared[8].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\shared[9].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\toc[1].aspx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\trans_pixel[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\trans_pixel[2].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\trans_pixel[3].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\trans_pixel[4].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\trans_pixel[5].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[10] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[11] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[12] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[13] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[14] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[15] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[16] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[17] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[18] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[19] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[20] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[21] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[22] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[23] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[24] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[2] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[3] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[4] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[5] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[6] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[7] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[8] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPLRMA7Z\[9] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\CommonFunc[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\commonFunc[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\commonFunc[3].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\commonFunc[4].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\CommonFunc[5].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\Common[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\Common[3].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\Homepage__DESKTOP[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\Homepage__DESKTOP[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\Homepage__SHARED[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\Homepage__SHARED[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\shared[3].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\shared[4].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\shared[5].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\shared[6].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\shared[7].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\trans_pixel[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\trans_pixel[2].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LR8NSYK9\trans_pixel[3].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\commonFunc[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\Common[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\Common[3].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\Common[4].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\Common[5].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\Homepage__DESKTOP[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\Homepage__SHARED[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\shared[10].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\shared[3].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\shared[4].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\shared[5].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\shared[6].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\shared[7].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\shared[8].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UQRX29MA\shared[9].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\Announcing 1.efx Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\Announcing 2.efx Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\Appointment Reminder.efx Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\Ball.efx Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\CMID.DBF Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\Confidential 1.efx Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\Confidential 2.efx Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\confidential.gif Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\copy.gif Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\Default.efx Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\draft.gif Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\Fax 1.efx Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\Fax 2.efx Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\Fax 3.efx Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\Fax 4.efx Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\faxed.gif Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\final.gif Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\Hey!.efx Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\J2GPlus.exe-BarState Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\paid.gif Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\PBOOK.ADG Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\PBOOK.ADR Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\Pen.efx Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\Phone.efx Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\QuickTip.efx Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\StartPage.mht Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\txtstmps.dat Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\urgent.gif Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\eFax Messenger 3.5\wink.gif Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My RoboForm Data\Default Profile\RoboFormDataHere.txt Object is locked skipped
C:\Documents and Settings\Administrator\NetHood\Teri on Pc2\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\NetHood\Teri on Pc2\target.lnk Object is locked skipped
C:\Documents and Settings\Administrator\NetHood\Teri on Toshiba (Toshiba)\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\NetHood\Teri on Toshiba (Toshiba)\target.lnk Object is locked skipped
C:\Documents and Settings\Administrator\NetHood\Teri's Laptop 2-13-05 on PC (Pc1)\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\NetHood\Teri's Laptop 2-13-05 on PC (Pc1)\target.lnk Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.ini Object is locked skipped
C:\Documents and Settings\Administrator\Recent\AllAccessNumbers.pdf.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Recent\EasyStreet.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\ENGLISH.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\Eraser57Setup.zip.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\License.txt.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\LICENSES.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\Miller's Wumu congrats ltr.efx.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\Miscellaneous.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\My Received Files.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\Nero.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\NeroBurningRom_ENG.PDF.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\NFR.txt.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\OEM.txt.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\Readme.TXT.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\serial.txt.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\Setup.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\TrueImage.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\trueimage7.0_ug.en.pdf.lnk Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Drive D for Drag'n Drop CD+DVD\DATA DISC.lnk Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Drive D for Drag'n Drop CD+DVD\MUSIC CD.lnk Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\WinAce Archiver.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\RealPlayer.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Administrator\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Administrator\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\Administrator\UserData\PJB90YF4\oWindowsUpdate[1].xml Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Teri\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Teri\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Teri\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Teri\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Teri\Local Settings\History\History.IE5\MSHist012007091420070915\index.dat Object is locked skipped
C:\Documents and Settings\Teri\Local Settings\Temp\ClamWin1.log Object is locked skipped
C:\Documents and Settings\Teri\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Teri\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Teri\ntuser.dat.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{3CB41017-F5CA-4C56-934C-ED02156251E6}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}\Setup.ilg Object is locked skipped
C:\System Volume Information\_restore{FA8DD63A-C01E-4815-A9C6-4DA5A5CF2111}\RP576\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833987$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:14 PM, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\twatdog.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [TridentWatchDog] twatdog.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe /Type 24
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - S-1-5-18 Startup: TSkin.lnk = C:\Documents and Settings\Default User\Local Settings\Temp\TSkin.bat (User 'SYSTEM')
O4 - .DEFAULT Startup: TSkin.lnk = C:\Documents and Settings\Default User\Local Settings\Temp\TSkin.bat (User 'Default user')
O4 - .DEFAULT User Startup: TSkin.lnk = C:\Documents and Settings\Default User\Local Settings\Temp\TSkin.bat (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189802866251
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189802813305
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
--
End of file - 10243 bytes
shelf life
2007-09-22, 00:37
hi radar,
looks like you have done a number of things. looks like only one thing left to check:
iam pretty sure ms Malicious Software Removal Tool includes rootkit detection, but you could download and run gmer as another check.
Returned e-mail dosnt mean its originating from your computer if its been going on for a month and originating from your computer you probably would have heard from your isp by now.
gmer:
Download GMER's application from here:
http://www.gmer.net/gmer.zip
Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.
Please, do not select the "Show all" checkbox during the scan.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.
shelf life
Sorry for the delayed response. I subscribed to the post but I was not getting the email notification. Here is the GMER log:
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-09-24 23:17:20
Windows 5.1.2600 Service Pack 2
---- Kernel code sections - GMER 1.0.13 ----
? System32\Drivers\hiber_WMILIB.SYS The system cannot find the file specified.
---- Devices - GMER 1.0.13 ----
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLOSE [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_EA [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [F84C2810] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLOSE [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_EA [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [F84D3E80] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [F84D3E80] timntr.sys
---- EOF - GMER 1.0.13 ----
shelf life
2007-09-26, 02:46
hi radar,
Sorry for the delayed response
no problem.
that gmer log looks ok. not seeing any malware. between what you have run and the gmer log it would be hard for something to slip by--maybe you should contact your isp or the website where the IMAP account is. see what they have to say about it.
shelf life
My email server host says some spammer is using my email address as the reply-to address. My only option is to change email accounts and kill the old account.
I consider this issue closed.
Thanks for your help!
shelf life
2007-10-02, 01:11
hi radar,
your welcome. happy safe surfing.
shelf life