Internet Trouble - Possible Nasty [Archive]

joe1joe1joe2

2008-01-25, 19:11

hello there, my internet continues to disconnect itself intermittently, it is not a problem with my actual connection or broadband so I fear I may have some type of nasty on the computer. I have posted a HiJackThis log below so that you can take a look for me!

Many Thanks! :-)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:09:36, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Documents and Settings\User\My Documents\Random Stuff\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/root/campaign.asp?cid=16318
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8072 bytes

joe1joe1joe2

2008-01-28, 18:17

problem is still here

ndmmxiaomayi

2008-01-29, 05:04

Hi,

You've got quite a few security programs there.

1. Symantec (Norton) Antivirus, may include firewall. Please tell me if it's just the antivirus only or it's a whole suite. Whole suite includes both firewall and antivirus.

2. AVG Antivirus

3. ZoneAlarm Security Suite, which includes a firewall and antivirus

Having more than one antivirus and more than one firewall in realtime is bad and may cause conflicts.

Please choose to keep either one. Restart your computer for the changes to take effect.

Next issue...

P2P Programs

Limewire is installed on your computer and I see that it's running. While Limewire is a clean P2P program, there's no guarantee that the files downloaded are. Please refrain from using it while cleaning your computer to prevent getting more infections.

A list of clean and infected P2P programs can be found at Malware Removal (http://p2p.malwareremoval.com/) and Spyware Info (http://www.spywareinfo.com/articles/p2p/).

The risks of using a P2P program are stated in this Sourceforge website (http://aresgalaxy.sourceforge.net/p2prisks.htm) and Information Week article (http://www.informationweek.com/security/showArticle.jhtml?articleID=53200209&pgno=2&queryText=).

Please also read this sticky (http://forums.spybot.info/showthread.php?t=282).

Thirdly...

You are using a Beta version of HijackThis.

As this is a Beta program, it may not be stable and may cause problems for your computer. Please remove this version and download the stable version from here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe). Do Not run it directly via a browser. Save it to your desktop.

Go to Start > Control Panel. Double click on Add/Remove Programs. Locate HijackThis 2.0.0 from the list of installed programs and click on the Change/Remove button to uninstall it. Close Add/Remove Programs and Control Panel.
Double click on HJTInstall.exe to install it. Click on Install. By default, it will install to C:\Program Files\Trend Micro\HijackThis.
Read through the License Agreement presented to you on the next screen and click on I Accept.
Once installed, HijackThis will start automatically. If it doesn't, please go to your desktop and double click on the HijackThis shortcut created there.
Select Do a system scan and save a logfile.
Close HijackThis.

Note: Do not click on the AnalyzeThis button.

Do not fix any lines you see in HijackThis as most entries are harmless and needed for the normal functioning of Windows.

Lastly...

Post a list of installed programs on your computer. To do so, do the following:

Please download and install CCleaner Slim (http://www.ccleaner.com/download/builds/downloading-slim).
Once installed, double click on the desktop shortcut created.
On the leftmost column, click on Tools.
On the middle column, click on Uninstall.
At the bottom right hand corner, click on the Save to text file... button.
By default, it saves this file to C:\Program Files\CCleaner named install.txt. You may want to save it to your desktop to find it easily. Click Save.
Close CCleaner.

joe1joe1joe2

2008-02-01, 17:09

ok i really have been upto no good and dowloaded something stupid....and have defonately got a nasty on here

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:07:19, on 01/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\WINDOWS\system32\wuauclt.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\User\My Documents\Random Stuff\HiJackThis_v2.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/root/campaign.asp?cid=16318
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7871 bytes

joe1joe1joe2

2008-02-01, 17:10

there is a list of installed programs :

Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Starter Edition 3.2
Apple Mobile Device Support
Apple Software Update
AVG 7.5
AVG Anti-Spyware 7.5
AXIS Media Control
Broadcom Management Programs
Bubble Struggle 1.2
CCleaner (remove only)
CinepPlayer 30 Update
Conexant HDA D110 MDC V.92 Modem
ConvertXtoDVD 2.2.3.258
Dell Driver Reset Tool
Dell Media Experience
Dell Support 3.2.1
Dell System Restore
Digital Line Detect
DivX Content Uploader
DivX Web Player
High Definition Audio Driver Package - KB835221
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java DB 10.2.2.0
Java(TM) 6 Update 2
Java(TM) SE Development Kit 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
K-Lite Mega Codec Pack 3.3.0
LimeWire 4.14.12
mCore
MCU
mDriver
mDrWiFi
MediaCoder 0.6.0
MediaDirect
Messenger Plus! 3
Messenger Plus! Live
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
mIWA
Mixer
mLogView
mMHouse
Modem Helper
Monopoly v2.00.101 Crack - By Maggot Brain
Mozilla Firefox (2.0.0.11)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
Network Stumbler 0.4.0 (remove only)
NVIDIA Photoshop Plug-ins
Open Video Joiner version 3.1
OutlookAddinSetup
PowerDVD 5.7
PurePlay Poker
QuickSet
QuickTime
Sailwave
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Sonic Activation Module
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB Demo
SwiftSwitch
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver
System Requirements Lab
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VideoEgg Publisher
Viewpoint Media Player
WebFldrs XP
Windows Communication Foundation
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Workflow Foundation
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinRAR archiver
ZoneAlarm Security Suite

joe1joe1joe2

2008-02-01, 17:11

i have zone alarm and AVG running on my computer, i got rid of norton about a year back so don't need it there.....

joe1joe1joe2

2008-02-01, 17:13

sorry here is the hackthis log with normal version and not beta

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:27, on 01/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/root/campaign.asp?cid=16318
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7664 bytes

ndmmxiaomayi

2008-02-01, 20:51

Download and run Norton Removal Tool (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039) to remove Norton completely.

After this, restart your computer.

Next...

Please download WinPFind3u (http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe) from Bleeping Computer by OldTimer and save it to your desktop.
Double click on winpfind3u.exe to run it.
Click on Extract. Once done, you will be prompted. Click OK and click Close.
Double click on the WinPFind3u folder. Double click on WinPFind3U.exe to run it.
Under Driver Services section, select Non-Microsoft.
Under Files/Folders Modified Within section, select 90 days and uncheck (untick) Non-Microsoft box.
Under Additional Scans section, check (tick) this box:
Reg - Disabled MS Config Items
Click on the Run Scan button at the top left hand corner.
WinPFind will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.

You will need several replies as this log is huge.

joe1joe1joe2

2008-02-02, 01:13

right i am doing it all now

joe1joe1joe2

2008-02-02, 01:15

norton now removed....just scanning now...

joe1joe1joe2

2008-02-02, 09:57

WinPFind3 logfile created on: 02/02/2008 00:21:24
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\User\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1014.37 Mb Total Physical Memory | 274.85 Mb Available Physical Memory | 27.10% Memory free
2.38 Gb Paging File | 1.70 Gb Available in Paging File | 71.49% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.80 Gb Total Space | 12.97 Gb Free Space | 25.54% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: JOELT
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 04/09/2007 18:04:36 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 22/10/2007 21:00:36 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 20/12/2007 17:23:40 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 20/12/2007 17:23:44 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 29/09/2007 21:25:28 | Attr = ]
distnoted.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\distnoted.exe -> [Ver = 7, 6, 440, 48 | Size = 14864 bytes | Modified Date = 15/01/2008 02:48:12 | Attr = ]
dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 479232 bytes | Modified Date = 18/10/2006 16:53:24 | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.1.21 | Size = 434176 bytes | Modified Date = 18/10/2006 17:05:18 | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 28/11/2007 19:32:00 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 12:31:10 | Attr = ]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10.5.1.18 | Size = 696320 bytes | Modified Date = 18/10/2006 16:58:16 | Attr = ]
iolodmvsvc.exe -> %ProgramFiles%\iolo\Common\Lib\ioloDMVSvc.exe -> [Ver = | Size = 460392 bytes | Modified Date = 11/06/2007 11:24:12 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 15/01/2008 03:22:44 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 15/01/2008 03:22:56 | Attr = ]
mantispm.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe -> [Ver = 5, 0, 6, 8903 | Size = 804376 bytes | Modified Date = 11/05/2007 07:50:24 | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.1.5 | Size = 327680 bytes | Modified Date = 18/10/2006 16:49:52 | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.1.3 | Size = 946176 bytes | Modified Date = 18/10/2006 16:56:52 | Attr = ]
scanningprocess.exe -> %System32%\ZoneLabs\avsys\ScanningProcess.exe -> [Ver = | Size = 135168 bytes | Modified Date = 11/09/2007 21:09:16 | Attr = ]
scanningprocess.exe -> %System32%\ZoneLabs\avsys\ScanningProcess.exe -> [Ver = | Size = 135168 bytes | Modified Date = 11/09/2007 21:09:16 | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 24/03/2006 23:30:44 | Attr = ]
swiftswitch.exe -> %ProgramFiles%\SwiftSwitch\SwiftSwitch.exe -> SwiftSwitch [Ver = 2.48 | Size = 3293184 bytes | Modified Date = 25/10/2007 05:31:22 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 08/03/2006 18:48:02 | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 14/11/2007 16:05:06 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 21/11/2007 09:19:46 | Attr = ]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 10.5.1.5 | Size = 290816 bytes | Modified Date = 18/10/2006 17:01:34 | Attr = ]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 802816 bytes | Modified Date = 18/10/2006 17:04:28 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 14/11/2007 16:05:06 | Attr = ]

joe1joe1joe2

2008-02-02, 09:58

joe1joe1joe2

2008-02-02, 09:59

(KLIF) KLIF [File_System | System | Running] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Modified Date = 19/07/2007 15:10:28 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 17/03/2004 03:04:14 | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 17/08/2001 13:52:12 | Attr = ]
(NETw3x32) Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> %System32%\drivers\NETw3x32.sys -> Intel® Corporation [Ver = 10, 5, 1, 72 | Size = 1711104 bytes | Modified Date = 17/10/2006 10:55:28 | Attr = ]
(NSNDIS5) NSNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %System32%\nsndis5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.58 | Size = 17280 bytes | Modified Date = 24/03/2004 02:12:34 | Attr = ]
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 03/08/2004 22:29:56 | Attr = ]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\drivers\omci.sys -> Dell Inc [Ver = 7, 1, 382, 0 | Size = 17153 bytes | Modified Date = 13/02/2004 16:46:00 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 10/10/2007 18:22:34 | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.27a | Size = 20576 bytes | Modified Date = 26/01/2005 02:03:00 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 17/08/2001 13:52:20 | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 17/08/2001 13:52:20 | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 17/08/2001 13:52:18 | Attr = ]
(rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %System32%\drivers\rimmptsk.sys -> REDC [Ver = 1.0.0.6 | Size = 28544 bytes | Modified Date = 14/10/2005 15:40:18 | Attr = ]
(rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %System32%\drivers\rimsptsk.sys -> REDC [Ver = 1.00.01.12 | Size = 51328 bytes | Modified Date = 14/10/2005 15:40:18 | Attr = ]
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | On_Demand | Running] -> %System32%\drivers\rixdptsk.sys -> REDC [Ver = 1.00.02.04 | Size = 307968 bytes | Modified Date = 14/10/2005 15:40:18 | Attr = ]
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %System32%\drivers\s24trans.sys -> Intel Corporation [Ver = 10.5.1.0 | Size = 12544 bytes | Modified Date = 19/10/2006 08:29:22 | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 10:25:54 | Attr = ]
(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %System32%\drivers\sfdrv01.sys -> Protection Technology [Ver = 1.37 | Size = 50688 bytes | Modified Date = 10/08/2005 12:44:06 | Attr = ]
(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfhlp02.sys -> Protection Technology [Ver = 2.3 | Size = 6656 bytes | Modified Date = 16/05/2005 13:20:40 | Attr = ]
(sfvfs02) StarForce Protection VFS Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfvfs02.sys -> Protection Technology [Ver = 2.12 | Size = 66048 bytes | Modified Date = 29/09/2005 17:01:52 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 03/08/2004 23:07:44 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 17/08/2001 14:07:44 | Attr = ]
(srescan) srescan [Kernel | Boot | Running] -> %System32%\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 189, 0 | Size = 51176 bytes | Modified Date = 26/12/2007 17:36:24 | Attr = ]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.90a | Size = 5627 bytes | Modified Date = 13/05/2005 10:37:28 | Attr = ]
(ssrtln) ssrtln [File_System | System | Running] -> %System32%\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.90a | Size = 23545 bytes | Modified Date = 13/05/2005 10:37:20 | Attr = ]
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %System32%\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.4995.1 nd446 cp1 | Size = 1156648 bytes | Modified Date = 24/03/2006 23:34:30 | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 17/08/2001 14:07:34 | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 17/08/2001 14:07:36 | Attr = ]
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %System32%\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 08/03/2007 18:10:40 | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 17/08/2001 14:07:40 | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 17/08/2001 14:07:42 | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 191872 bytes | Modified Date = 08/03/2006 18:35:10 | Attr = ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25725 bytes | Modified Date = 31/05/2005 05:33:00 | Attr = ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34845 bytes | Modified Date = 31/05/2005 05:33:00 | Attr = ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4125 bytes | Modified Date = 31/05/2005 05:33:00 | Attr = ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2241 bytes | Modified Date = 31/05/2005 05:33:00 | Attr = ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86876 bytes | Modified Date = 31/05/2005 05:33:00 | Attr = ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 15069 bytes | Modified Date = 31/05/2005 05:33:00 | Attr = ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6365 bytes | Modified Date = 31/05/2005 05:33:00 | Attr = ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98716 bytes | Modified Date = 31/05/2005 05:33:00 | Attr = ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100605 bytes | Modified Date = 31/05/2005 05:33:00 | Attr = ]
(TSP) TSP [Kernel | On_Demand | Stopped] -> %System32%\ZoneLabs\avsys\KLIF.SYS -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 17/08/2001 13:52:22 | Attr = ]
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 31/10/2007 14:09:14 | Attr = ]
(vsdatant) vsdatant [Kernel | System | Running] -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 394952 bytes | Modified Date = 14/11/2007 16:05:16 | Attr = ]
(w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\w39n51.sys -> Intel® Corporation [Ver = 10, 1, 1, 7 | Size = 1429632 bytes | Modified Date = 26/04/2006 23:13:04 | Attr = ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\wanatw4.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(Whm29) Whm29 [Kernel | Auto | Stopped] -> %System32%\Whm29.sys -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.32.00 built by: WinDDK | Size = 717952 bytes | Modified Date = 22/07/2005 03:01:00 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 20/12/2007 17:23:40 | Attr = ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10.5.1.18 | Size = 696320 bytes | Modified Date = 18/10/2006 16:58:16 | Attr = ]
IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 802816 bytes | Modified Date = 18/10/2006 17:04:28 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 15/01/2008 03:22:56 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 10/01/2008 15:27:36 | Attr = ]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 24/03/2006 23:30:44 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 08/03/2006 18:48:02 | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 14/11/2007 16:05:06 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 12:29:58 | Attr = ]
{930D35D2-094D-41B9-8E89-D1B76F2C6E97} [HKLM] -> Reg Data - Key not found [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4446 | Size = 139264 bytes | Modified Date = 13/12/2005 23:40:12 | Attr = ]

joe1joe1joe2

2008-02-02, 10:00

< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ÿÿÿÿ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://www.msn.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.google.co.uk/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 03:16:42 | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 31/05/2005 05:33:00 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 03:00:36 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:36 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 03:00:36 | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{73AF051D-941B-4B36-9CBC-2B242DDE5C09} -> (Broadcom 440x 10/100 Integrated Controller) ->
{ADF854E6-EA46-4C00-A301-196AE296031D} -> () ->
{DA74526F-6D0A-4C2A-9717-47BC02C323B3} -> (1394 Net Adapter) ->
{EA569926-D865-41B1-A2F1-3C907E082116} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> - CodeBase = http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} -> DivXBrowserPlugin Object - CodeBase = http://download.divx.com/player/DivXBrowserPlugin.cab ->
{9122D757-5A4F-4768-82C5-B4171D8556A7} -> PhotoPickConvert Class - CodeBase = http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab ->

[Registry - Additional Scans - Non-Microsoft Only]

[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 18/01/2008 14:17:00 | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063714816 bytes | Created Date = 01/01/1601 | Attr = HS]
video_join.avi -> %SystemDrive%\video_join.avi -> [Ver = | Size = 2466360 bytes | Created Date = 15/01/2008 23:48:44 | Attr = ]
$NtUninstallKB941644$ -> %SystemRoot%\$NtUninstallKB941644$ -> [Folder | Created Date = 09/01/2008 16:15:19 | Attr = H ]
$NtUninstallKB943485$ -> %SystemRoot%\$NtUninstallKB943485$ -> [Folder | Created Date = 09/01/2008 16:15:03 | Attr = H ]
QSFVExit.bat -> %SystemRoot%\QSFVExit.bat -> [Ver = | Size = 921 bytes | Created Date = 11/01/2008 09:34:57 | Attr = ]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Created Date = 10/01/2008 15:27:44 | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Created Date = 10/01/2008 15:27:46 | Attr = ]
Msft_User_WpdMtpDr_01_00_00.Wdf -> %System32%\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 14/01/2008 11:45:37 | Attr = H ]

[Files/Folders - Modified Within 90 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 08/11/2007 20:15:12 | Attr = RH ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 19/01/2008 18:24:02 | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063714816 bytes | Modified Date = 01/02/2008 16:03:54 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 01/02/2008 16:13:20 | Attr = R ]
rollback.ini -> %SystemDrive%\rollback.ini -> [Ver = | Size = 3820 bytes | Modified Date = 01/02/2008 11:00:56 | Attr = ]
ScanSectorLog.dat -> %SystemDrive%\ScanSectorLog.dat -> [Ver = | Size = 512 bytes | Modified Date = 30/11/2007 14:46:40 | Attr = ]
video_join.avi -> %SystemDrive%\video_join.avi -> [Ver = | Size = 2466360 bytes | Modified Date = 15/01/2008 23:48:50 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 01/02/2008 16:22:18 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 09/01/2008 16:12:18 | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Modified Date = 12/12/2007 16:30:18 | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Modified Date = 12/12/2007 16:32:20 | Attr = H ]
$NtUninstallKB941644$ -> %SystemRoot%\$NtUninstallKB941644$ -> [Folder | Modified Date = 09/01/2008 16:15:22 | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Modified Date = 12/12/2007 16:32:42 | Attr = H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Modified Date = 14/11/2007 20:58:02 | Attr = H ]
$NtUninstallKB943485$ -> %SystemRoot%\$NtUninstallKB943485$ -> [Folder | Modified Date = 09/01/2008 16:15:06 | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Modified Date = 12/12/2007 16:28:58 | Attr = H ]
.jagex_cache_32 -> %SystemRoot%\.jagex_cache_32 -> [Folder | Modified Date = 25/01/2008 16:48:42 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 01/02/2008 16:04:02 | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 01/02/2008 16:22:18 | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 14/01/2008 19:32:24 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 28/01/2008 17:08:18 | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 11/01/2008 09:32:38 | Attr = R S]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 12/12/2007 16:30:52 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 28/01/2008 17:08:14 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 02/02/2008 00:11:02 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 02/02/2008 00:22:02 | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 01/02/2008 16:22:18 | Attr = ]
ModemLog_Conexant HDA D110 MDC V.92 Modem.txt -> %SystemRoot%\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt -> [Ver = | Size = 4608 bytes | Modified Date = 01/02/2008 16:05:24 | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1167 bytes | Modified Date = 02/01/2008 18:17:58 | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 30/12/2007 15:52:50 | Attr = H ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 02/02/2008 00:11:12 | Attr = ]
QSFVExit.bat -> %SystemRoot%\QSFVExit.bat -> [Ver = | Size = 921 bytes | Modified Date = 11/01/2008 09:34:58 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 28/11/2007 11:23:22 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 01/02/2008 16:05:20 | Attr = H ]
sailwav2.ini -> %SystemRoot%\sailwav2.ini -> [Ver = | Size = 1784 bytes | Modified Date = 16/11/2007 10:38:34 | Attr = ]
sailwave.ini -> %SystemRoot%\sailwave.ini -> [Ver = | Size = 865 bytes | Modified Date = 16/11/2007 10:38:34 | Attr = ]
SchedLgU.Txt -> %SystemRoot%\SchedLgU.Txt -> [Ver = | Size = 32630 bytes | Modified Date = 31/01/2008 23:48:16 | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 01/02/2008 16:03:12 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 01/02/2008 16:09:36 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 01/02/2008 16:06:40 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 696 bytes | Modified Date = 12/12/2007 16:29:50 | Attr = ]
WindowsUpdate.log -> %SystemRoot%\WindowsUpdate.log -> [Ver = | Size = 2083941 bytes | Modified Date = 02/02/2008 00:14:00 | Attr = ]

joe1joe1joe2

2008-02-02, 10:03

WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 28/12/2007 20:46:16 | Attr = ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75248 bytes | Modified Date = 14/11/2007 16:05:06 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 29/01/2008 12:08:24 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 01/02/2008 16:04:22 | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 01/02/2008 14:49:58 | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 4876 bytes | Modified Date = 05/11/2007 10:17:28 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 17/01/2008 20:37:32 | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 01/02/2008 16:04:34 | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 16/11/2007 16:24:56 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 182632 bytes | Modified Date = 03/01/2008 00:32:32 | Attr = ]
libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 29/11/2007 22:30:16 | Attr = ]
lsasrv.dll -> %System32%\lsasrv.dll -> Microsoft Corporation [Ver = 5.1.2600.3249 (xpsp_sp2_gdr.071106-1716) | Size = 721920 bytes | Modified Date = 07/11/2007 09:26:56 | Attr = ]
MRT.exe -> %System32%\MRT.exe -> Microsoft Corporation [Ver = 1.37.2298.0 | Size = 17642616 bytes | Modified Date = 02/01/2008 18:21:36 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 72042 bytes | Modified Date = 01/02/2008 16:09:36 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 441174 bytes | Modified Date = 01/02/2008 16:09:36 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 522264 bytes | Modified Date = 01/02/2008 16:09:36 | Attr = ]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Modified Date = 10/01/2008 15:27:44 | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Modified Date = 10/01/2008 15:27:46 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 23/11/2007 22:57:50 | Attr = ]
ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 29/11/2007 22:30:16 | Attr = ]
tzchange.exe -> %System32%\tzchange.exe -> Microsoft Corporation [Ver = 5.1.2600.3252 (xpsp_sp2_gdr.071113-1327) | Size = 60416 bytes | Modified Date = 13/11/2007 11:31:12 | Attr = ]
TZLog.log -> %System32%\TZLog.log -> [Ver = | Size = 496224 bytes | Modified Date = 12/12/2007 16:32:40 | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 355091 bytes | Modified Date = 01/02/2008 16:05:54 | Attr = H ]
vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 83432 bytes | Modified Date = 14/11/2007 16:04:52 | Attr = ]
vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 394952 bytes | Modified Date = 14/11/2007 16:05:16 | Attr = ]
vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 157160 bytes | Modified Date = 14/11/2007 16:04:52 | Attr = ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 103912 bytes | Modified Date = 14/11/2007 16:04:52 | Attr = ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 275944 bytes | Modified Date = 14/11/2007 16:04:52 | Attr = ]
vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 71144 bytes | Modified Date = 14/11/2007 16:04:52 | Attr = ]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 472552 bytes | Modified Date = 14/11/2007 16:04:54 | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 46568 bytes | Modified Date = 14/11/2007 16:04:54 | Attr = ]
vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 99816 bytes | Modified Date = 14/11/2007 16:04:54 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 01/02/2008 16:06:30 | Attr = ]
zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 83432 bytes | Modified Date = 14/11/2007 16:04:56 | Attr = ]
zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 71144 bytes | Modified Date = 14/11/2007 16:04:56 | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 30/01/2008 16:08:06 | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 01/02/2008 14:48:08 | Attr = ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1086952 bytes | Modified Date = 14/11/2007 16:05:00 | Attr = ]
lsasrv.dll -> %System32%\dllcache\lsasrv.dll -> Microsoft Corporation [Ver = 5.1.2600.3249 (xpsp_sp2_gdr.071106-1716) | Size = 721920 bytes | Modified Date = 07/11/2007 09:26:56 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 20/12/2007 17:23:46 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 20/12/2007 17:23:30 | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 135297824 bytes | Modified Date = 02/02/2008 00:22:02 | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 1812164 bytes | Modified Date = 31/01/2008 23:48:24 | Attr = HS]
secdrv.sys -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 10:25:54 | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 14/01/2008 11:45:38 | Attr = ]
Msft_User_WpdMtpDr_01_00_00.Wdf -> %System32%\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 14/01/2008 11:45:38 | Attr = H ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.6.1.4 | Size = 740442 bytes | Modified Date = 31/05/2007 07:44:56 | Attr = ]
aspack , -> %System32%\Incinerator.dll -> [Ver = | Size = 425064 bytes | Modified Date = 18/06/2007 16:09:44 | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 07/10/2006 04:18:32 | Attr = ]
UPX! , UPX0 , -> %System32%\vbskpro2.ocx -> JB [Ver = 2.01 | Size = 412672 bytes | Modified Date = 08/08/2005 22:07:00 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 22/10/2007 21:00:30 | Attr = ]
File scan skipped for file %System32%\drivers\fidbox.dat -> File size too big (135297824 bytes) ->

< End of report >

ndmmxiaomayi

2008-02-02, 17:17

Hi,

Open WinPFind3U again.

Copy and paste the following in the Code box into Paste fix here text box.

[Driver Services - Non-Microsoft Only]
YY -> (hSONYPVh) hSONYPVh [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\User\LOCALS~1\Temp\hSONYPVh.sys

Click on Run Fix. When done, it will prompt you to restart the computer. Please do so.

In your next reply, please post:

WinPFind3U log (mmddyyyy_hhmmss.log in WinPFind3U folder, where mmddyyyy_hhmmss are numbers)
A new HijackThis log
How's your computer performing now

joe1joe1joe2

2008-02-03, 01:49

[Driver Services - Non-Microsoft Only]
Service hSONYPVh stopped successfully.
Service hSONYPVh deleted successfully.
File C:\DOCUME~1\User\LOCALS~1\Temp\hSONYPVh.sys not found.
< End of log >
Created on 02/03/2008 00:47:19

is that the right one?

joe1joe1joe2

2008-02-03, 01:53

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:53:37, on 03/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/root/campaign.asp?cid=16318
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7052 bytes

joe1joe1joe2

2008-02-03, 01:55

system is having no more problems :-)

ndmmxiaomayi

2008-02-03, 05:44

Yup, that's the correct WinPFind3U log.

You will need disable either AVG or ZoneAlarm Antivirus as running both may conflict.

Step 1

Start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
In the main screen, you should see Your Computer's Security. Next to Resident Shield, click on Change state. It should now be Inactive.
Next to Automatic Updates, click on Change state. It should now be Inactive.
Next to Last Update, click on Update now. If your firewall prompts you, tell your firewall to allow it. Should you be unable to update it, download the updates from here (http://downloads.ewido.net/avgas-signatures-full-current.exe). Save it to your desktop. Double click to run the installation and the updates will be installed. Make sure AVG Anti-Spyware is closed during the installation.
Right-click the AVG Anti-Spyware icon near the clock and uncheck (untick) Start with Windows. Confirm by clicking Yes. Now click on the Scanner button at the top.
Select the Settings tab.
Under How to act?, click on Recommended actions and select Quarantine.
Under How to scan?, check (tick) all the boxes.
Under Possibly unwanted software:, check (tick) all the boxes.
Under Reports:, uncheck (untick) the Only if threats were found box and select Do not automatically generate report.
Under What to scan?, select Scan every file.

Do not run a scan yet. You will run a scan later.

Step 2

Click on Start > All Programs > CCleaner > CCleaner.
On the Windows tab, leave the default options alone.
On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
Click on the Run Cleaner button at the bottom right hand corner.
Close CCleaner.

Step 3

Please print out or save this set of instructions as you will not have internet access during the fix.

Reboot into Safe Mode by following the instructions below:

When you see BIOS screen, start pressing F8.
A boot menu will appear shortly.
Using the up down arrows, select Safe Mode and press the Enter key.
Windows will now load.
Log in to your usual account.

Step 4

Start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
Click on the Scanner button at the top.
Select the Scan tab.
Click on Complete System Scan to start the scan.
When the scan has finished, follow the instructions below.
IMPORTANT: Don't click on the Save Scan Report button before you did hit the Apply all Actions button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Restart your computer in Normal Mode.

In your next reply, please post:

AVG Antispyware scan report
A new HijackThis log

joe1joe1joe2

2008-02-03, 13:06

STEP 1,2,3,4 all done....

AVG found absolutely nothing... :)

heres a fresh hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:37, on 03/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/root/campaign.asp?cid=16318
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7132 bytes

ndmmxiaomayi

2008-02-03, 14:12

Hi,

Please open HijackThis and select Do a system scan only.

Put a check (tick) next to these lines:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Click Fix checked. Close HijackThis.

Next...

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
When the downloads have finished, click on Next button.
Click on Scan Settings button.
Select extended under Scan using the following antivirus database:
Check (tick) these boxes under Scan options: Scan Archives
Scan Mail Bases Click OK
Click on My Computer under Please select a target to scan:
Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
Copy and paste this log in your next reply.

In your next issue, please post:

Kaspersky Antivirus scan report
A new HijackThis log

joe1joe1joe2

2008-02-03, 17:07

I have fixed the HiJackThis entries as you asked and just doing a the Kaspersky scan now...

joe1joe1joe2

2008-02-03, 17:16

just out of interest i defragmented my computer over night and there was a lot of "immovable files" (green) after it was defragmented, what are they? and can i get rid of them?

joe1joe1joe2

2008-02-03, 19:02

how do you want me to post this log its really long

ndmmxiaomayi

2008-02-04, 03:28

just out of interest i defragmented my computer over night and there was a lot of "immovable files" (green) after it was defragmented, what are they? and can i get rid of them?

Some files cannot be moved. There are 3rd party defragmentation programs which will do it.

how do you want me to post this log its really long

You can split it into multiple posts or attach it here.

joe1joe1joe2

2008-02-04, 10:16

KASPERSKY ONLINE SCANNER REPORT
Sunday, February 03, 2008 5:46:02 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/02/2008
Kaspersky Anti-Virus database records: 546374
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 68600
Number of viruses found 1
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 01:38:38

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Adobe\Acrobat\7.0\AdobeComFnt07.lst Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Adobe\Acrobat\7.0\Collab\RSS Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Adobe\Acrobat\7.0\Preferences\AutoFillDefaults.dat Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Adobe\Acrobat\7.0\Preferences\defaultHeuristics.dat Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Adobe\Acrobat\7.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\log.idx Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\l_000109.log Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\l_000110.log Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\l_000111.log Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\sched-0001.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\sched-0002.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\test-0001.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\test-0002.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\test-0003.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\test-0004.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\test-0005.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\test-0006.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\test-0007.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\test-0008.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\test-0009.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\test-0011.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\test-0012.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\test-0013.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\AVG7\user-0000.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Google\Local Search History\google%2Eimages.w Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Google\Local Search History\google%2Eweb.w Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Gtek\gtny\88D7456F-2D0E-40AA-BDBC-7BC292A1FF1A_CONFIRM.cache Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Gtek\gtny\gtuser.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\persist.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\persist.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch3\persist.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\AUAgent.exc Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\AUCommon.cfg Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\AUPNP.log Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSBrws.log Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\qdiagd_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\qdiagd_DSBrws.log Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\Settings.log Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Intel\Wireless\Settings\Settings.ini Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Intel\Wireless\WLANProfiles\Profiles.enc Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Intel\Wireless\WLANProfiles\Profiles.enc.bak Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\9THCU4YH\bin.clearspring.com\clearspring.sol Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\9THCU4YH\e.akamai.net\howfieldsw3242007.sol Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\9THCU4YH\e.akamai.net\yesothersw7242007.sol Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\9THCU4YH\vortex.accuweather.com\includes\flash\favoritelocations\fav.swf\favLoc.sol Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#e.akamai.net\settings.sol Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vortex.accuweather.com\settings.sol Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.time.com\settings.sol Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\Dad\Application Data\MailFrontier\ASD.log Object is locked skipped
C:\Documents and Settings\Dad\Application Data\MailFrontier\buddyUI.xml Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Address Book\Dad.wab Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Address Book\Dad.wab~ Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Address Book\Owner.wab Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3776980410-805778543-2296090647-1007\6b29ae44e85efac3c72ff4d1865d73f1_a256fb97-162a-4558-be23-08ae4bbcb195 Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL 9.0.lnk Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Snapfire Plus.lnk Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\UserData\WWREPR40\oWindowsUpdate[1].xml Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Office\MSO1033.acl Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Office\MSO2057.acl Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Office\Recent\index.dat Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Office\Recent\Templates.LNK Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Office\Word11.pip Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Protect\S-1-5-21-3776980410-805778543-2296090647-1003\25951051-0b25-4c82-afe1-4e58ed48f79c Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Protect\S-1-5-21-3776980410-805778543-2296090647-1003\Preferred Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Protect\S-1-5-21-3776980410-805778543-2296090647-1007\5d70d2c9-3979-4644-942a-164a46b047cc Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Protect\S-1-5-21-3776980410-805778543-2296090647-1007\7e11788f-4a6e-4b44-8ed0-34975f34b248 Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Protect\S-1-5-21-3776980410-805778543-2296090647-1007\8640d8ae-95b7-4b67-a7f4-d25516c5953f Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Protect\S-1-5-21-3776980410-805778543-2296090647-1007\e64fadc0-ec32-4959-9629-86718d9cb185 Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Protect\S-1-5-21-3776980410-805778543-2296090647-1007\Preferred Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Microsoft\Templates\~$Normal.dot Object is locked skipped
C:\Documents and Settings\Dad\Application Data\PCToolsFirewallPlus\FirewallGUI.txt Object is locked skipped
C:\Documents and Settings\Dad\Application Data\PCToolsFirewallPlus\FWPlugin.txt Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\45\62c768ed-33796155 Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\45\62c768ed-33796155.idx Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\9\3c0ee589-19aa3b3b Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\9\3c0ee589-19aa3b3b.idx Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\CoalesceContinuous.class-697a7ccf-5ec508ec.class Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\CoalesceContinuous.class-697a7ccf-5ec508ec.idx Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\log\plugin150_10.trace Object is locked skipped
C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\security\auth.dat Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@accuweather[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@adopt.euroclick[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@at.multimap[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@atwola[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@bbc.co[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@clearspring[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@com[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@dell[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@download[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@eas.apm.emediate[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@ebay.co[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@ebayobjects[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@ebay[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@element5[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@errorsafe[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@google.co[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@google[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@grisoft[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@home.accuweather[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@iopus[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@joincreditexpert.co[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@lypn[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@m.webtrends[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@medhelpinternational.112.2o7[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@medhelp[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@microsoft[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@multimap[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@myspace[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@netmediagroup[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@news.sky[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@ngd.thesun.co[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@pctools[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@peach.bskyb[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@richardcunliffe.bulldoghome[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@rya.org[1].txt

joe1joe1joe2

2008-02-04, 10:29

C:\Documents and Settings\Dad\Cookies\dad@ssl-hints.netflame[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@thesun.co[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@timeinc[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@time[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@travel-library[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@travellero[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@uk.ebayrtm[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@ukie.accuweather[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@updates.installshield[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@updateservice.sonic[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@venere[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@vhost.oddcast[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@windguru[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@www.download[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@www.errorsafe[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@www.iopus[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@www.joincreditexpert.co[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@www.joincreditexpert[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@www.multimap[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@www.rya.org[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@www.thesun.co[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@www.utarget.co[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@www.windguru[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\dad@xcweather.co[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dad\Desktop\aaw2007.exe Object is locked skipped
C:\Documents and Settings\Dad\Desktop\Dell Battery Return Program.mht Object is locked skipped
C:\Documents and Settings\Dad\Desktop\fwinstall.exe Object is locked skipped
C:\Documents and Settings\Dad\Desktop\Spyware Protection from AOL.lnk Object is locked skipped
C:\Documents and Settings\Dad\Desktop\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Dad\Favorites\Dell\Dell.url Object is locked skipped
C:\Documents and Settings\Dad\Favorites\Dell\Support.Dell.Com.url Object is locked skipped
C:\Documents and Settings\Dad\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Dad\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Dad\Favorites\Links\RealPlayer.url Object is locked skipped
C:\Documents and Settings\Dad\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\Dad\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Dad\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Dad\Favorites\Media\Real.com Radio Tuner.url Object is locked skipped
C:\Documents and Settings\Dad\Favorites\Microsoft Websites\IE Add-on site.url Object is locked skipped
C:\Documents and Settings\Dad\Favorites\Microsoft Websites\IE site on Microsoft.com.url Object is locked skipped
C:\Documents and Settings\Dad\Favorites\Microsoft Websites\Marketplace.url Object is locked skipped
C:\Documents and Settings\Dad\Favorites\Microsoft Websites\Microsoft At Home.url Object is locked skipped
C:\Documents and Settings\Dad\Favorites\Microsoft Websites\Microsoft At Work.url Object is locked skipped
C:\Documents and Settings\Dad\Favorites\Microsoft Websites\Welcome to IE7.url Object is locked skipped
C:\Documents and Settings\Dad\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Dad\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Dad\Favorites\RealPlayer Home Page.url Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\AcroFnt07.lst Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Adobe\Color\ACECache4.lst Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\ApplicationHistory\MSI35C.tmp.6a4c0999.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.bak Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\BVRP Software\NetWaiting\NetWait.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Feeds Cache\O7PVU6MN\desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Feeds Cache\O7PVU6MN\fwlink[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Feeds Cache\VZ27M2X9\desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Feeds Cache\VZ27M2X9\fwlink[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Feeds Cache\WF52JIS0\desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Feeds Cache\YF3C1GQH\desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Media Player\wmdbexport.xml Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

joe1joe1joe2

2008-02-04, 10:30

C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Works\Portfolio\wsbsamp.wsb Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\1033.MST Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\J2SE Runtime Environment 5.0 Update 6.msi Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\History\History.IE5\MSHist012007122420071231\index.dat Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\History\History.IE5\MSHist012008010720080114\index.dat Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\History\History.IE5\MSHist012008011920080120\index.dat Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\4PJMPDJI.htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\66f3_appcompat.txt Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\ASPNETSetup_00000.log Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\ASPNETSetup_00001.log Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\AUInst.log Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\BEB71B81.TMP Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\C31F31E6.TMP Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@dell[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@doubleclick[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@ebay.co[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@ebayobjects[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@google[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@uk.ebayrtm[1].txt Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@updates.installshield[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@updateservice.sonic[2].txt Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\D653F3EC.TMP Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\IMF3.tmp Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\IMF4.tmp Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\jar_cache18651.tmp Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\java_install.log Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\java_install_reg.log Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\jinstall.cfg Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\jusched.log Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\netfxsl.log Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\NetFxUpdate_v1.1.4322.log Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\PCTFireWall\pctdriver.inf Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\PCTFireWall\pctdriver_m.inf Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\PCTFireWall\pctfw.sys Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\1-275x130_charityW[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\1-idea5c[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\1-idea5d[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\1-idea5f[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\150x36_tns_spoof[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\234x60_eE_OM_listing_pages1_static[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\275x73_eE_XmasOnCore2b[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\2Ps_16x14[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\5-aol_0706_wa_c2_234x60_v3[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\78[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\82ec_0[1].jpg Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\arrow_blue[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\ascend_10x5[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\asksellerquestion_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\base_objs_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\bullet[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\buy[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\Common[1].css Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\comm[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\dellbatteryprogram[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\downgradedomain_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\ebay.co[2].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\eBayExpress_logo[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\ej2global_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\favicon[1].ico Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\favicon[2].ico Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\favicon[3].ico Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\favnavbody[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\featplus_49x44[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\feedbackinterstitial_body_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\ftr2bkgd_sailing[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\ftr2_sailing[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\GetMessages[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\hdr1bkgd_sailing[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\hdr1_sailing[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\helpimg[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\iconchance_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\iconCkoutBlue_20x20[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\iconInactMoveUp_20x20[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\iconMoveUp_20x20[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\iconNeu_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\iconPaidBlue_20x20[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\iconRtArrow_20x20[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\iconShootYllw_25x25[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\iconSIFNW_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\iconYellowStar_25x25[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\inactive;dcopt=ist;sz=260x36;tile=10;ord=1168460289078;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\inactive;dcopt=ist;sz=562x277;tile=12;ord=1168460289078;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\lexicon50[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\livehelp_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\logoEbay_150x40[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\logoVeriSign_100x65[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\ltCurve[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\menumask_96x28[1].png Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\myebaysummary;dcopt=ist;pos=1;sz=150x36;tile=1;ord=1168459936265;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\myebaysummary;dcopt=ist;pos=1;sz=150x36;tile=1;ord=1168460189484;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\myebay_mfs[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\orderstatus[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\preview[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\printers_96x120[1].png Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\productmenus[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\resize_horizontal[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\right[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\rtm[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\rtm[2] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\rtm[3] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\sellOn[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\settings[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\sliver_off_1x10[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\spacer[2].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\Star[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\suggestedfavbody[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\support_96x120[1].png Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\s[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\taboff_10x10[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\tb_centre[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\topbuttons[1].xml Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\visitor;dcopt=ist;sz=275x289;tile=13;ord=1168459876984;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\visitor;tn=3;to=h;tr=1;tw=760;ta=center;szs=234x60,234x60,234x60;ord=1168459876984;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\007AF5UO\world[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\234x60_ebaymobile[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\234x60_GGG[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\275x73_eE_XmasOnCore3b[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\275x73_jan10p07_HP1[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\3-idea5b[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\835e_0[1].jpg Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\8427_0[1].jpg Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\areaTitleDeployment_e4911uk[1].css Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\arrow_top[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\blueCurve_22x20[1].gif

joe1joe1joe2

2008-02-04, 10:33

C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\common_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\default[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\default[2].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\dellbanner[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\divider[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\ebay-ns[1].css Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\ebayfooter_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\eBayISAPI[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\eBayISAPI[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\eBayISAPI[2].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\eBayISAPI[3].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\eBayISAPI[4].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\eBayISAPI[5].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\eBayISAPI[6].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\eBayMotors_logo2[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\ebaysup_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\favicon[1].ico Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\featplusbtn_85x24[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\ftr3_sailing[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\hdr2bkgd_sailing[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\hdr2_sailing[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\headerimg[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\help[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\home50_b_sp[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\iconBestOffer_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\iconBlueStar_25x25[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\iconClose_20x20[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\iconFdbkBlu_20x20[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\iconlightbulb_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\iconNeg_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\iconPaidBlue_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\iconPrinter_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\iconRelistBlu_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\iconRelistGry_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\iconShootTeal_25x25[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\icon_doorone[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\imgDropCK_15x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\imgPurCurv_10x39[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\imgShield_25x25[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\inactive;dcopt=ist;sz=275x130;tile=11;ord=1168460289078;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\inactive;dcopt=ist;sz=275x73;tile=15;ord=1168460289078;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\leftLine_16x3[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\left_disabled[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\logoEbay_150x70[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\myebaysummary;dcopt=ist;pos=1;sz=150x36;tile=1;ord=1168460099562;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\myebay_e4911uk[1].css Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\my_ebay_summary_body_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\oo[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\portrait_disabled[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\preview[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\printimg[2] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\results2body_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\rightmost[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\rtCurve[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\rtm[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\sbhdr1_myEbayGuest_482x14[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\sbhdr2_myEbayGuest_482x14[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\secondary_sep[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\sell[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\shadow_96x3[1].png Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\signin_body_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\spacer[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\syi1_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\s[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\tabBdrLftTra[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\uk[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\viewlarger[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\visitor;dcopt=ist;sz=260x36;tile=10;ord=1168459876984;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\visitor;dcopt=ist;sz=562x277;tile=12;ord=1168459876984;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PLQ37GH\watchingbody_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\1%3B%3B~sscs%3D%3f;ord=5840725[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\275x289_post_xmas_sell_3[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\82ec_1[1].jpg Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\83c4_0[1].jpg Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\accessories_96x120_ie[1].png Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\areaTitleDeployment_SSL_e4911uk[1].css Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\barcodecirclespurple[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\common_e4911uk[1].css Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\css[1].css Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\ebaybase_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\eBayISAPI[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\eBayISAPI[2].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\eBayISAPI[3].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\eBayISAPI[4].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\editShip_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\enterprise_96x120[2].png Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\favicon[1].ico Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\favicon[2].ico Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\ftr1_sailing[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\GetMessages[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\hdr_myEbayGuest_482x24[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\homepagebody_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\iconAuction_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\iconCkoutBlue_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\iconExpress_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\iconFdbckGry_16x16[1].gif

joe1joe1joe2

2008-02-04, 10:34

C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\iconFdbkNtrGry_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\iconFixedprice_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\iconGreenStar_25x25[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\iconLtArrowG_20x20[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\iconLtArrow_20x20[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\iconRtArrowG_20x20[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\iconTealStar_25x25[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\icon_ebay[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\icon_skype2[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\imgFlex_1x25[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\inactive;dcopt=ist;sz=275x73;tile=16;ord=1168460289078;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\inactive;tn=3;to=h;tr=1;tw=760;ta=center;szs=234x60,234x60,234x60;ord=1168460289078;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\landscape[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\leavefeedbackbody_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\left1bkgd_sailing[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\left[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\login[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\menu[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\myebayforguestssummary;dcopt=ist;pos=1;sz=150x36;tile=1;ord=1168459887609;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\myebaysold;dcopt=ist;pos=1;ssmt=none;sstt=none;ssrt=none;ssat=none;spmt=none;ups=false;sz=150x36;tile=1;ord=1168460105750;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\myebaysummary;dcopt=ist;pos=1;sz=150x36;tile=1;ord=1168460311984;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\new[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\or_60x23[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\pedge_racks_homepage_728x228_en[1].jpg Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\placement_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\registernowx[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\retrieve_items_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\right1bkgd_sailing[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\right1_sailing[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\rightmost_disabled[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\rtm[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\rtm[3] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\rtm[4] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\rtm[5] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\rtm_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\secondarybg[1].jpg Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\secondary[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\shipping_calc_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\sliver_1x10[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\spacer[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\sucess[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\s[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\tabon_10x10[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\tb_back[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\tipSm[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\topLeft_12x12[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\visitor;dcopt=ist;sz=275x130;tile=11;ord=1168459876984;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\visitor;dcopt=ist;sz=275x289;tile=14;ord=1168459876984;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\visitor;dcopt=ist;sz=275x73;tile=15;ord=1168459876984;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\visitor;dcopt=ist;sz=275x73;tile=16;ord=1168459876984;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\xps710h2c_carousel_728x228_en[1].jpg Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\56NR1MDS\zoompage[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\234x60_tns_spoof[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\260x36_GGG_b[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\275x289_post_xmas_buy_1b[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\275x289_post_xmas_sell_1[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\3-idea5f[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\3115_carousel_en[1].jpg Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\562x277_top_post_christmas_2d[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\562x277_top_post_christmas_d[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\5[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\atMyeBay2[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\blueCurve_22x20[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\charcounter_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\commOn[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\css[1].css Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\dellecomicon[1].ico Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\desktops_96x120_emea[1].png Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\ebaybase[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\ebayfooter[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\eBayISAPI[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\eBayISAPI[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\eBayISAPI[2].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\ebay[1].css Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\footer_position_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\ftr1bkgd_sailing[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\ftr3bkgd_sailing[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\globals_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\greyBullet_9x4[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\guest_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\hdr3bkgd_sailing[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\hdr3_sailing[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\homepage_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\iconFdbkBlu_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\iconFdbkGry_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\iconFdbkNtrBlu_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\iconFdbkNtrBlu_20x20[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\iconInactMoveDwn_20x20[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\iconMoveDwn_20x20[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\iconPos_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\iconPurpleStar_25x25[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\iconRedStar_25x25[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\iconShipBlue_16x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\iconShipBlue_20x20[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\iconYellowStar_25x25[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\imgDropX_15x16[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\imgTabCorner_25x25[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\inactive;dcopt=ist;sz=275x289;tile=13;ord=1168460289078;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\inactive;dcopt=ist;sz=275x289;tile=14;ord=1168460289078;[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\left1_sailing[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\leftmost[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\leftmost_disabled[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\logo43[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\logo_gumtree[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\logo_shops[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\montage43[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\myebayOn[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\myebay[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\my_favorites_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\notebooks_96x120[1].png Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\optix_320_740_carousel_728x228_en[1].jpg Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\Ping[1].htm Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\portrait[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\primary[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\resize_vertical[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\reviewandsubmit_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\right_disabled[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\rtm[1] Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\signin_base_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\signin_footer_e4911uk[1].js Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\spacer[1].gif Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Internet Files\Content.IE5\H2Y9C4QX\statusCheck_28x28[1].gif

joe1joe1joe2

2008-02-04, 10:40

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Application Data\MailFrontier\ASD.log Object is locked skipped
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\422xwljw.default\cert8.db Object is locked skipped
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\422xwljw.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\422xwljw.default\history.dat Object is locked skipped
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\422xwljw.default\key3.db Object is locked skipped
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\422xwljw.default\parent.lock Object is locked skipped
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\422xwljw.default\search.sqlite Object is locked skipped
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\422xwljw.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Messenger\joe.hanson1@btinternet.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Messenger\joe.hanson1@btinternet.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Messenger\joe.hanson1@btinternet.com\SharingMetadata\Working\database_F004_4DDA_44D_A486\dfsr.db Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Messenger\joe.hanson1@btinternet.com\SharingMetadata\Working\database_F004_4DDA_44D_A486\fsr.log Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Messenger\joe.hanson1@btinternet.com\SharingMetadata\Working\database_F004_4DDA_44D_A486\fsrtmp.log Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Messenger\joe.hanson1@btinternet.com\SharingMetadata\Working\database_F004_4DDA_44D_A486\tmp.edb Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows Live Contacts\joe.hanson1@btinternet.com\real\members.stg Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows Live Contacts\joe.hanson1@btinternet.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\422xwljw.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\422xwljw.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\422xwljw.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\422xwljw.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\MSHist012008020320080204\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\hsperfdata_User\3788 Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\mirc631.exe/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Documents and Settings\User\Local Settings\Temp\mirc631.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Documents and Settings\User\Local Settings\Temp\mirc631.exe NSIS: infected - 2 skipped
C:\Documents and Settings\User\Local Settings\Temp\~DF3382.tmp Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\~DF33C5.tmp Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\~DF6898.tmp Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\~DF87F9.tmp Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\~DFB7CF.tmp Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\~DFB862.tmp Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\User\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP280\change.log Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.dat2 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx0 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx1 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx10 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx11 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx12 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx13 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx14 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx15 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx2 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx255 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx3 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx4 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx5 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx6 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx7 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx8 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx9 Object is locked skipped
C:\WINDOWS\.jagex_cache_32\random.dat Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\JOELT.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E39E4E3E-D256-4F22-95A6-556FBB482041}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM

joe1joe1joe2

2008-02-04, 10:41

C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT03226.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0322c.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

joe1joe1joe2

2008-02-04, 10:43

i left out a lot related to my dads account, the virus shouldnt be there anyway

joe1joe1joe2

2008-02-04, 10:46

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:44:57, on 04/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/root/campaign.asp?cid=16318
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6767 bytes

ndmmxiaomayi

2008-02-04, 10:57

The logs look fine. :bigthumb:

Do you guys use MIRC?

joe1joe1joe2

2008-02-04, 13:49

dunno think might have friend downloaded it and said i should try it...is it a chat bot thing....

and many thanks for your help i have been having no problems with the laptop

ndmmxiaomayi

2008-02-05, 11:45

Hi,

Open My Computer.
Go to Tools > Folder Options.
Select the View tab.
Scroll down to Hidden files and folders.
Select Show hidden files and folders.
Uncheck (untick) Hide extensions of known file types.
Uncheck (untick) Hide protected operating system files (Recommended).
Click Yes when prompted.
Click OK.
Close My Computer.

Please delete this file.

C:\Documents and Settings\User\Local Settings\Temp\mirc631.exe

Any other issues?

joe1joe1joe2

2008-02-05, 17:10

cant find that file .....

ndmmxiaomayi

2008-02-06, 07:21

Click on Start > All Programs > CCleaner > CCleaner.
On the Windows tab, leave the default options alone.
On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
Click on the Run Cleaner button at the bottom right hand corner.
Close CCleaner.Any other issues?

joe1joe1joe2

2008-02-06, 17:10

nope not really, just out of interest every now and again when i boot up outlook express for my email it tells me "it is not your defaul mail client, would you like to make it your default client" so i click yes and then it does it again....

ndmmxiaomayi

2008-02-07, 03:36

Do you have another email client? Like Microsoft Outlook?

joe1joe1joe2

2008-02-07, 12:29

nope only use outlook express

ndmmxiaomayi

2008-02-08, 12:10

I see that you have Microsoft Office installed. It seems to be preventing Outlook Express from being set as the default email client.

See if this helps - http://blogs.chron.com/helpline/archives/2006/08/cant_set_outloo.html

joe1joe1joe2

2008-02-08, 17:41

right sorted that problem out...thanks

big worry though now, was just typing some work up and computer slowed down greatly, until it just turned off and said "encountered error windows has shut down"....

i tried rebooting computer it then said "no drivers to boot" error, so i ran a diagnostics and i was given ERROR 2000-01 41

no idea what to do, i have then gone on to boot setup and just botted the first thing on the list alone and i have got my computer running hence how i am typing this...

is there a nasty again....i will post fresh log....i cant see how anything has got on, i have done no bad surfing

joe1joe1joe2

2008-02-08, 17:42

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:41:49, on 08/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\wuauclt.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/root/campaign.asp?cid=16318
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7283 bytes

joe1joe1joe2

2008-02-08, 18:00

error just occured again....

code

STOP: 0x00000077, 0xC000000E, 0xC000000E, 0x00000000, 0x0014C000

please help...

joe1joe1joe2

2008-02-08, 18:05

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

suspicious?

ndmmxiaomayi

2008-02-09, 04:29

There's nothing suspicious from the logs.

You still have to do one thing. Uninstall either AVG Antivirus or disable ZoneAlarm Antivirus. Running 2 antivirus programs will cause instabilities to a system.

joe1joe1joe2

2008-02-10, 19:33

ok how do i disable zone alarm one without getting rid of firewall

and what could be wrong with the computer then

ndmmxiaomayi

2008-02-11, 11:28

I don't use ZoneAlarm Security Suite, so I can't tell. I found this on the web, see if it helps you in disabling ZoneAlarm Antivirus.

http://forums.zonealarm.com/zonelabs/board/message?board.id=Off-Topic&message.id=18025

ndmmxiaomayi

2008-02-11, 11:37

Please also do the following:

Open WinPFind3U.
Select None for all the sections under Basic Scan Options.
Under Additional Scans, uncheck (untick) Non-Microsoft Only box. Check (tick) this box: Evnt - EventViewer Errors/Warnings.
Click on the Run Scan button at the top left hand corner.
WinPFind will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.

joe1joe1joe2

2008-02-11, 12:35

joe1joe1joe2

2008-02-11, 12:37

Doing Scan Now

joe1joe1joe2

2008-02-11, 12:48

WinPFind3 logfile created on: 11/02/2008 11:37:38
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\User\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1014.37 Mb Total Physical Memory | 425.27 Mb Available Physical Memory | 41.92% Memory free
2.38 Gb Paging File | 1.78 Gb Available in Paging File | 74.59% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.80 Gb Total Space | 20.26 Gb Free Space | 39.89% Space Free
Drive D: | 689.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: JOELT
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 04/09/2007 18:04:36 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 22/10/2007 21:00:36 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 20/12/2007 17:23:40 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 20/12/2007 17:23:44 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 29/09/2007 21:25:28 | Attr = ]
dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 479232 bytes | Modified Date = 18/10/2006 16:53:24 | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.1.21 | Size = 434176 bytes | Modified Date = 18/10/2006 17:05:18 | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 08/02/2008 17:04:04 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 12:31:10 | Attr = ]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10.5.1.18 | Size = 696320 bytes | Modified Date = 18/10/2006 16:58:16 | Attr = ]
iolodmvsvc.exe -> %ProgramFiles%\iolo\Common\Lib\ioloDMVSvc.exe -> [Ver = | Size = 460392 bytes | Modified Date = 11/06/2007 11:24:12 | Attr = ]
mantispm.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe -> [Ver = 5, 0, 6, 8903 | Size = 804376 bytes | Modified Date = 11/05/2007 07:50:24 | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.1.5 | Size = 327680 bytes | Modified Date = 18/10/2006 16:49:52 | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.1.3 | Size = 946176 bytes | Modified Date = 18/10/2006 16:56:52 | Attr = ]
scanningprocess.exe -> %System32%\ZoneLabs\avsys\ScanningProcess.exe -> [Ver = | Size = 135168 bytes | Modified Date = 11/09/2007 21:09:16 | Attr = ]
scanningprocess.exe -> %System32%\ZoneLabs\avsys\ScanningProcess.exe -> [Ver = | Size = 135168 bytes | Modified Date = 11/09/2007 21:09:16 | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 24/03/2006 23:30:44 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 08/03/2006 18:48:02 | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 14/11/2007 16:05:06 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 21/11/2007 09:19:46 | Attr = ]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 10.5.1.5 | Size = 290816 bytes | Modified Date = 18/10/2006 17:01:34 | Attr = ]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 802816 bytes | Modified Date = 18/10/2006 17:04:28 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 14/11/2007 16:05:06 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 28/12/2006 16:19:50 | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 04/09/2007 18:04:36 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 12:31:10 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 22/10/2007 21:00:36 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 29/09/2007 21:25:28 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 20/12/2007 17:23:44 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.1.21 | Size = 434176 bytes | Modified Date = 18/10/2006 17:05:18 | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(ioloDMV) iolo DMV Service [Win32_Own | Auto | Running] -> %ProgramFiles%\iolo\Common\Lib\ioloDMVSvc.exe -> [Ver = | Size = 460392 bytes | Modified Date = 11/06/2007 11:24:12 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 15/01/2008 03:22:44 | Attr = ]
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.1.5 | Size = 327680 bytes | Modified Date = 18/10/2006 16:49:52 | Attr = ]
(S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.1.3 | Size = 946176 bytes | Modified Date = 18/10/2006 16:56:52 | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 14/11/2007 16:05:06 | Attr = ]
(WLANKEEPER) Intel(R) PROSet/Wireless SSO Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 10.5.1.5 | Size = 290816 bytes | Modified Date = 18/10/2006 17:01:34 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 20/12/2007 17:23:40 | Attr = ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10.5.1.18 | Size = 696320 bytes | Modified Date = 18/10/2006 16:58:16 | Attr = ]
IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 802816 bytes | Modified Date = 18/10/2006 17:04:28 | Attr = ]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 24/03/2006 23:30:44 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 08/03/2006 18:48:02 | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 14/11/2007 16:05:06 | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 12:29:58 | Attr = ]
{930D35D2-094D-41B9-8E89-D1B76F2C6E97} [HKLM] -> Reg Data - Key not found [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4446 | Size = 139264 bytes | Modified Date = 13/12/2005 23:40:12 | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ÿÿÿÿ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://www.msn.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.google.co.uk/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 03:16:42 | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 31/05/2005 05:33:00 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 03:00:36 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:36 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 03:00:36 | Attr = ]
{2670000A-7350-4f3c-8081-5663EE0C6C49} -> Reg Data - Value does not exist [ButtonText: Send to OneNote] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{73AF051D-941B-4B36-9CBC-2B242DDE5C09} -> (Broadcom 440x 10/100 Integrated Controller) ->
{ADF854E6-EA46-4C00-A301-196AE296031D} -> () ->
{DA74526F-6D0A-4C2A-9717-47BC02C323B3} -> (1394 Net Adapter) ->
{EA569926-D865-41B1-A2F1-3C907E082116} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} -> DivXBrowserPlugin Object - CodeBase = http://download.divx.com/player/DivXBrowserPlugin.cab ->
{9122D757-5A4F-4768-82C5-B4171D8556A7} -> PhotoPickConvert Class - CodeBase = http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab ->

joe1joe1joe2

2008-02-11, 12:50

[Registry - Additional Scans - All]
< EventViewer Logs > -> Errors and Warnings -> Description
Application - Warning - 05/02/2008 00:28:04 -> Computer Name = JOELT - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 05/02/2008 10:13:35 -> Computer Name = JOELT - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 05/02/2008 10:13:51 -> Computer Name = JOELT - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 05/02/2008 10:14:53 -> Computer Name = JOELT - User Name = (blank) - Source = Application Hang -> Description = Hanging application explorerexe version 6029003156 hang module hungapp version 0000 hang address 0x00000000
Application - Warning - 06/02/2008 07:38:00 -> Computer Name = JOELT - User Name = JOELT\User - Source = WinMgmt -> Description =
Application - Warning - 06/02/2008 07:38:00 -> Computer Name = JOELT - User Name = JOELT\User - Source = WinMgmt -> Description =
Application - Warning - 06/02/2008 09:45:23 -> Computer Name = JOELT - User Name = (blank) - Source = WinMgmt -> Description =
Application - Error - 07/02/2008 08:35:11 -> Computer Name = JOELT - User Name = (blank) - Source = Application Hang -> Description = Hanging application mplayercexe version 1090 hang module hungapp version 0000 hang address 0x00000000
Application - Warning - 07/02/2008 10:16:41 -> Computer Name = JOELT - User Name = JOELT\User - Source = MsiInstaller -> Description = Detection of product 91120409-6000-11D3-8CFE-0150048383C9 feature ProductFiles component 66CD2C91-2A15-4DA4-BBD2-5EC1075F3C0E failed The resource HKEYCLASSESROOTpip does not exist
Application - Warning - 07/02/2008 10:16:41 -> Computer Name = JOELT - User Name = JOELT\User - Source = MsiInstaller -> Description = Detection of product 91120409-6000-11D3-8CFE-0150048383C9 feature WORDFiles failed during request for component 1EBDE4BC-9A51-4630-B541-2561FA45CCC5
Application - Warning - 07/02/2008 10:17:23 -> Computer Name = JOELT - User Name = JOELT\User - Source = MsiInstaller -> Description = Detection of product 91120409-6000-11D3-8CFE-0150048383C9 feature ProductFiles component 66CD2C91-2A15-4DA4-BBD2-5EC1075F3C0E failed The resource HKEYCLASSESROOTpip does not exist
Application - Warning - 07/02/2008 10:17:23 -> Computer Name = JOELT - User Name = JOELT\User - Source = MsiInstaller -> Description = Detection of product 91120409-6000-11D3-8CFE-0150048383C9 feature WORDFiles failed during request for component 1EBDE4BC-9A51-4630-B541-2561FA45CCC5
Application - Warning - 07/02/2008 10:19:31 -> Computer Name = JOELT - User Name = JOELT\User - Source = MsiInstaller -> Description = Detection of product 91120409-6000-11D3-8CFE-0150048383C9 feature ProductFiles component 66CD2C91-2A15-4DA4-BBD2-5EC1075F3C0E failed The resource HKEYCLASSESROOTpip does not exist
Application - Warning - 07/02/2008 10:19:31 -> Computer Name = JOELT - User Name = JOELT\User - Source = MsiInstaller -> Description = Detection of product 91120409-6000-11D3-8CFE-0150048383C9 feature WORDFiles failed during request for component 1EBDE4BC-9A51-4630-B541-2561FA45CCC5
Application - Error - 07/02/2008 20:29:55 -> Computer Name = JOELT - User Name = JOELT\User - Source = MsiInstaller -> Description = Product Microsoft Office Standard Edition 2003 -- Error 1311 Source file not found(cabinet) DSKU112CAB Verify that the file exists and that you can access it
Application - Error - 07/02/2008 20:30:04 -> Computer Name = JOELT - User Name = JOELT\User - Source = MsiInstaller -> Description = Product Microsoft Office Standard Edition 2003 -- Error 1311 Source file not found(cabinet) DSKU112CAB Verify that the file exists and that you can access it
Application - Error - 07/02/2008 20:30:12 -> Computer Name = JOELT - User Name = JOELT\User - Source = MsiInstaller -> Description = Product Microsoft Office Standard Edition 2003 -- Error 1311 Source file not found(cabinet) DSKU112CAB Verify that the file exists and that you can access it
Application - Error - 07/02/2008 20:30:15 -> Computer Name = JOELT - User Name = JOELT\User - Source = MsiInstaller -> Description = Product Microsoft Office Standard Edition 2003 -- Error 1311 Source file not found(cabinet) DSKU112CAB Verify that the file exists and that you can access it
Application - Warning - 07/02/2008 20:50:06 -> Computer Name = JOELT - User Name = NT AUTHORITY\SYSTEM - Source = WinMgmt -> Description =
Application - Error - 07/02/2008 21:16:39 -> Computer Name = JOELT - User Name = (blank) - Source = Microsoft Office 12 -> Description = Rejected Safe Mode action Microsoft Office Word
Application - Error - 08/02/2008 14:45:53 -> Computer Name = JOELT - User Name = (blank) - Source = Application Hang -> Description = Hanging application SwiftSwitchexe version 24800 hang module hungapp version 0000 hang address 0x00000000
Application - Warning - 10/02/2008 21:52:27 -> Computer Name = JOELT - User Name = (blank) - Source = ASP.NET 2.0.50727.0 -> Description = Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine To configure ASPNET to run in IIS please install or enable IIS and re-register ASPNET using aspnetregiisexe i
Application - Warning - 10/02/2008 21:55:20 -> Computer Name = JOELT - User Name = (blank) - Source = System.ServiceModel.Install 3.0.0.0 -> Description = Could not detect IIS installation or IIS is disabled skipping the Web Host Script Mappings component since it depends upon IIS to function properlyIf you believe this message is an error check your IIS installation to make sure it is installed properly
Application - Warning - 10/02/2008 21:56:45 -> Computer Name = JOELT - User Name = (blank) - Source = WinMgmt -> Description =
Application - Warning - 10/02/2008 21:56:45 -> Computer Name = JOELT - User Name = (blank) - Source = WinMgmt -> Description =
Application - Warning - 10/02/2008 21:56:45 -> Computer Name = JOELT - User Name = (blank) - Source = WinMgmt -> Description =
Application - Warning - 10/02/2008 21:56:45 -> Computer Name = JOELT - User Name = (blank) - Source = WinMgmt -> Description =
Application - Warning - 10/02/2008 21:58:13 -> Computer Name = JOELT - User Name = (blank) - Source = WinMgmt -> Description =
System - Error - 04/02/2008 14:52:16 -> Computer Name = JOELT - User Name = (blank) - Source = MRxSmb -> Description =
System - Warning - 04/02/2008 15:05:35 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser was unable to retrieve a list of servers from the browser master DAVE-PC on the network DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The data is the error code
System - Error - 04/02/2008 15:07:58 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser service has failed to retrieve the backup list too many times on transport DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The backup browser is stopping
System - Error - 04/02/2008 16:00:16 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service
System - Error - 04/02/2008 16:01:03 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19210050102 for the Network Card with network address 0018DE93FD02 has beendenied by the DHCP server 1921681254 (The DHCP Server sent a DHCPNACK message)
System - Error - 04/02/2008 16:13:22 -> Computer Name = JOELT - User Name = (blank) - Source = MRxSmb -> Description =
System - Warning - 04/02/2008 16:30:34 -> Computer Name = JOELT - User Name = (blank) - Source = BTHUSB -> Description =
System - Warning - 04/02/2008 16:42:42 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser was unable to retrieve a list of servers from the browser master MARKNEW on the network DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The data is the error code
System - Error - 05/02/2008 07:29:13 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Whm29 service failed to start due to the following error 2
System - Warning - 05/02/2008 07:32:49 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser was unable to retrieve a list of servers from the browser master MARKNEW on the network DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The data is the error code
System - Error - 05/02/2008 07:36:06 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser service has failed to retrieve the backup list too many times on transport DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The backup browser is stopping
System - Warning - 05/02/2008 09:20:45 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser was unable to retrieve a list of servers from the browser master DAVE-PC on the network DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The data is the error code
System - Warning - 05/02/2008 14:48:20 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE93FD02 The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 05/02/2008 14:48:22 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer has automatically configured the IP address for the NetworkCard with network address 0018DE93FD02 The IP address being used is 16925414644
System - Warning - 05/02/2008 16:19:19 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser was unable to retrieve a list of servers from the browser master MARKNEW on the network DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The data is the error code
System - Error - 05/02/2008 16:21:48 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser service has failed to retrieve the backup list too many times on transport DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The backup browser is stopping
System - Warning - 05/02/2008 21:05:14 -> Computer Name = JOELT - User Name = (blank) - Source = Tcpip -> Description =
System - Error - 05/02/2008 21:57:31 -> Computer Name = JOELT - User Name = JOELT\User - Source = DCOM -> Description =
System - Warning - 06/02/2008 09:02:58 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 06/02/2008 09:02:58 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 06/02/2008 09:02:58 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 06/02/2008 09:02:58 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 06/02/2008 09:02:58 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 06/02/2008 09:02:58 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 06/02/2008 09:02:58 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 06/02/2008 09:02:58 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 06/02/2008 09:02:58 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 06/02/2008 09:02:58 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 06/02/2008 09:02:58 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 06/02/2008 09:03:00 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 06/02/2008 09:04:10 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE93FD02 The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 06/02/2008 09:04:19 -> Computer Name = JOELT - User Name = (blank) - Source = Server -> Description = The server could not bind to the transport DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116
System - Warning - 06/02/2008 09:04:20 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer has automatically configured the IP address for the NetworkCard with network address 0018DE93FD02 The IP address being used is 16925414644
System - Error - 06/02/2008 16:03:00 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19210050102 for the Network Card with network address 0018DE93FD02 has beendenied by the DHCP server 1921681254 (The DHCP Server sent a DHCPNACK message)
System - Warning - 06/02/2008 16:03:56 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser was unable to retrieve a list of servers from the browser master MARKNEW on the network DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The data is the error code
System - Error - 06/02/2008 16:07:17 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser service has failed to retrieve the backup list too many times on transport DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The backup browser is stopping

joe1joe1joe2

2008-02-11, 12:51

System - Error - 06/02/2008 19:17:38 -> Computer Name = JOELT - User Name = JOELT\User - Source = DCOM -> Description =
System - Warning - 06/02/2008 20:32:56 -> Computer Name = JOELT - User Name = (blank) - Source = BTHUSB -> Description =
System - Warning - 07/02/2008 07:21:15 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 07/02/2008 07:21:15 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 07/02/2008 07:21:15 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 07/02/2008 07:21:15 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 07/02/2008 07:21:15 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 07/02/2008 07:21:15 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 07/02/2008 07:21:15 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 07/02/2008 07:21:15 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 07/02/2008 07:21:15 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 07/02/2008 07:21:15 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 07/02/2008 07:21:15 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 07/02/2008 07:21:15 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 07/02/2008 07:21:15 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE93FD02 The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 07/02/2008 08:05:05 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 192168175 for the Network Card with network address 0018DE93FD02 has beendenied by the DHCP server 19216807 (The DHCP Server sent a DHCPNACK message)
System - Warning - 07/02/2008 08:05:22 -> Computer Name = JOELT - User Name = (blank) - Source = Server -> Description = The server could not bind to the transport DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116
System - Error - 07/02/2008 11:03:43 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Whm29 service failed to start due to the following error 2
System - Warning - 07/02/2008 11:22:13 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE93FD02 The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 07/02/2008 11:22:25 -> Computer Name = JOELT - User Name = (blank) - Source = Server -> Description = The server could not bind to the transport DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116
System - Warning - 07/02/2008 11:22:28 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer has automatically configured the IP address for the NetworkCard with network address 0018DE93FD02 The IP address being used is 16925414644
System - Error - 07/02/2008 11:30:35 -> Computer Name = JOELT - User Name = (blank) - Source = MRxSmb -> Description =
System - Warning - 07/02/2008 14:46:15 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Error - 07/02/2008 14:52:07 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Whm29 service failed to start due to the following error 2
System - Error - 07/02/2008 16:01:24 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19210050102 for the Network Card with network address 0018DE93FD02 has beendenied by the DHCP server 1921681254 (The DHCP Server sent a DHCPNACK message)
System - Warning - 07/02/2008 16:02:04 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser was unable to retrieve a list of servers from the browser master MARKNEW on the network DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The data is the error code
System - Error - 07/02/2008 16:05:29 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser service has failed to retrieve the backup list too many times on transport DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The backup browser is stopping
System - Error - 07/02/2008 17:29:19 -> Computer Name = JOELT - User Name = (blank) - Source = MRxSmb -> Description =
System - Error - 07/02/2008 19:29:49 -> Computer Name = JOELT - User Name = (blank) - Source = MRxSmb -> Description =
System - Warning - 07/02/2008 20:41:26 -> Computer Name = JOELT - User Name = NT AUTHORITY\SYSTEM - Source = Print -> Description =
System - Warning - 07/02/2008 20:41:30 -> Computer Name = JOELT - User Name = NT AUTHORITY\SYSTEM - Source = Print -> Description =
System - Error - 07/02/2008 20:42:10 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:10 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:11 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:11 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:11 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:11 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:11 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:11 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:11 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:11 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:11 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:12 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:12 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:12 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:12 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:12 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:12 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:12 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:12 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:12 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:12 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:13 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:13 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:13 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:13 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:13 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:13 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:13 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:13 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:13 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:14 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:14 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:14 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:14 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:14 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:14 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:14 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:14 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:14 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:14 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2

joe1joe1joe2

2008-02-11, 12:51

System - Error - 07/02/2008 20:42:15 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:15 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:15 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:15 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:15 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:15 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:15 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:15 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:15 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:15 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:16 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:16 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:16 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:16 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:16 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:16 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:16 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:16 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:16 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:16 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:17 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:17 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:17 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:17 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:17 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:17 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:17 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:17 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:17 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:18 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:18 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:18 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:18 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:18 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:18 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:18 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:18 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:18 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:18 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:19 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:19 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:19 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:19 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:19 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:19 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:19 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:19 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:20 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:20 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:20 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:20 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:20 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:20 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:20 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:20 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:20 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:20 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:20 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:21 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:21 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Error - 07/02/2008 20:42:21 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 2
System - Warning - 07/02/2008 20:51:16 -> Computer Name = JOELT - User Name = NT AUTHORITY\SYSTEM - Source = Print -> Description =
System - Error - 07/02/2008 21:10:22 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Whm29 service failed to start due to the following error 2
System - Warning - 07/02/2008 21:11:23 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser was unable to retrieve a list of servers from the browser master MARKNEW on the network DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The data is the error code
System - Error - 07/02/2008 21:14:40 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser service has failed to retrieve the backup list too many times on transport DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The backup browser is stopping
System - Error - 07/02/2008 21:21:18 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer was not assigned an address from the network (by the DHCPServer) for the Network Card with network address 0018DE93FD02 The following erroroccurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 07/02/2008 21:22:22 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer has automatically configured the IP address for the NetworkCard with network address 0018DE93FD02 The IP address being used is 16925414644

joe1joe1joe2

2008-02-11, 12:52

System - Warning - 07/02/2008 21:28:26 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser was unable to retrieve a list of servers from the browser master WILLIAM on the network DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The data is the error code
System - Error - 07/02/2008 21:52:09 -> Computer Name = JOELT - User Name = (blank) - Source = MRxSmb -> Description =
System - Warning - 07/02/2008 22:09:27 -> Computer Name = JOELT - User Name = (blank) - Source = Tcpip -> Description =
System - Error - 07/02/2008 22:53:15 -> Computer Name = JOELT - User Name = (blank) - Source = MRxSmb -> Description =
System - Error - 08/02/2008 07:23:32 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Whm29 service failed to start due to the following error 2
System - Warning - 08/02/2008 11:24:04 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE93FD02 The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 08/02/2008 11:24:14 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer has automatically configured the IP address for the NetworkCard with network address 0018DE93FD02 The IP address being used is 16925414644
System - Warning - 08/02/2008 11:24:16 -> Computer Name = JOELT - User Name = (blank) - Source = Server -> Description = The server could not bind to the transport DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116
System - Warning - 08/02/2008 13:31:16 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE93FD02 The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 08/02/2008 13:31:21 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE93FD02 The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 08/02/2008 13:31:31 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE93FD02 The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 08/02/2008 13:31:41 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE93FD02 The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 08/02/2008 13:31:51 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE93FD02 The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 08/02/2008 13:31:56 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE93FD02 The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 08/02/2008 13:32:06 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE93FD02 The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 08/02/2008 13:32:16 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE93FD02 The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 08/02/2008 13:32:26 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE93FD02 The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 08/02/2008 14:44:35 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DE93FD02 The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 08/02/2008 14:44:37 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 08/02/2008 14:44:43 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 08/02/2008 14:44:43 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 08/02/2008 14:44:43 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 08/02/2008 14:44:43 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 08/02/2008 14:44:43 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 08/02/2008 14:44:43 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 08/02/2008 14:44:43 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 08/02/2008 14:44:43 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 08/02/2008 14:44:43 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 08/02/2008 14:44:43 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 08/02/2008 14:44:43 -> Computer Name = JOELT - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 08/02/2008 14:44:50 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer was unable to automatically configure the IP parameters forthe Network Card with the network address 0018DE93FD02 The following error occurredduring configuration 55
System - Warning - 08/02/2008 14:47:15 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = Your computer has automatically configured the IP address for the NetworkCard with network address 0018DE93FD02 The IP address being used is 16925414644
System - Warning - 08/02/2008 14:47:24 -> Computer Name = JOELT - User Name = (blank) - Source = Server -> Description = The server could not bind to the transport DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116
System - Error - 08/02/2008 15:08:28 -> Computer Name = JOELT - User Name = (blank) - Source = MRxSmb -> Description =
System - Error - 08/02/2008 16:00:18 -> Computer Name = JOELT - User Name = NT AUTHORITY\NETWORK SERVICE - Source = DCOM -> Description =
System - Error - 08/02/2008 16:01:28 -> Computer Name = JOELT - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19210050102 for the Network Card with network address 0018DE93FD02 has beendenied by the DHCP server 1921681254 (The DHCP Server sent a DHCPNACK message)
System - Warning - 08/02/2008 16:02:15 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser was unable to retrieve a list of servers from the browser master MARKNEW on the network DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The data is the error code
System - Error - 08/02/2008 16:05:39 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser service has failed to retrieve the backup list too many times on transport DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The backup browser is stopping
System - Error - 08/02/2008 16:37:28 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Whm29 service failed to start due to the following error 2
System - Error - 08/02/2008 16:57:48 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Whm29 service failed to start due to the following error 2
System - Error - 08/02/2008 17:09:31 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Whm29 service failed to start due to the following error 2
System - Error - 08/02/2008 17:12:18 -> Computer Name = JOELT - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description =
System - Error - 08/02/2008 17:13:18 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load APPDRVAVG Anti-Spyware DriverAvg7CoreAvg7RsWAvg7RsXPFipsintelppmKLIF
System - Error - 08/02/2008 17:20:16 -> Computer Name = JOELT - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description =
System - Error - 08/02/2008 17:21:37 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Whm29 service failed to start due to the following error 2
System - Error - 08/02/2008 17:38:58 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Whm29 service failed to start due to the following error 2
System - Error - 08/02/2008 17:44:10 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Whm29 service failed to start due to the following error 2
System - Error - 08/02/2008 18:00:57 -> Computer Name = JOELT - User Name = (blank) - Source = MRxSmb -> Description =
System - Error - 08/02/2008 18:50:56 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Whm29 service failed to start due to the following error 2
System - Error - 08/02/2008 21:02:10 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Whm29 service failed to start due to the following error 2
System - Warning - 08/02/2008 21:08:43 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser was unable to retrieve a list of servers from the browser master WILLIAM on the network DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The data is the error code
System - Error - 08/02/2008 21:11:15 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser service has failed to retrieve the backup list too many times on transport DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The backup browser is stopping
System - Error - 10/02/2008 18:29:45 -> Computer Name = JOELT - User Name = NT AUTHORITY\NETWORK SERVICE - Source = DCOM -> Description =
System - Warning - 10/02/2008 18:38:54 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser was unable to retrieve a list of servers from the browser master MARKNEW on the network DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The data is the error code
System - Error - 10/02/2008 18:41:23 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser service has failed to retrieve the backup list too many times on transport DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The backup browser is stopping
System - Error - 10/02/2008 20:30:52 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Whm29 service failed to start due to the following error 2
System - Warning - 10/02/2008 20:32:09 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser was unable to retrieve a list of servers from the browser master DB4QFK2J on the network DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The data is the error code
System - Error - 10/02/2008 20:34:59 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser service has failed to retrieve the backup list too many times on transport DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The backup browser is stopping
System - Warning - 10/02/2008 21:46:11 -> Computer Name = JOELT - User Name = NT AUTHORITY\SYSTEM - Source = Print -> Description =
System - Warning - 10/02/2008 21:46:12 -> Computer Name = JOELT - User Name = NT AUTHORITY\SYSTEM - Source = Print -> Description =
System - Warning - 10/02/2008 21:46:13 -> Computer Name = JOELT - User Name = NT AUTHORITY\SYSTEM - Source = Print -> Description =
System - Warning - 11/02/2008 10:10:19 -> Computer Name = JOELT - User Name = (blank) - Source = W32Time -> Description = The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp The system clock is unsynchronized
System - Error - 11/02/2008 11:26:08 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Whm29 service failed to start due to the following error 2
System - Error - 11/02/2008 11:26:10 -> Computer Name = JOELT - User Name = (blank) - Source = Disk -> Description = The driver detected a controller error on DeviceHarddisk0D
System - Error - 11/02/2008 11:31:17 -> Computer Name = JOELT - User Name = (blank) - Source = Service Control Manager -> Description = The Whm29 service failed to start due to the following error 2
System - Warning - 11/02/2008 11:32:30 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser was unable to retrieve a list of servers from the browser master MARKNEW on the network DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The data is the error code
System - Error - 11/02/2008 11:35:47 -> Computer Name = JOELT - User Name = (blank) - Source = BROWSER -> Description = The browser service has failed to retrieve the backup list too many times on transport DeviceNetBTTcpipEA569926-D865-41B1-A2F1-3C907E082116The backup browser is stopping

joe1joe1joe2

2008-02-11, 12:53

[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063714816 bytes | Created Date = 01/01/1601 | Attr = HS]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 07/02/2008 20:44:23 | Attr = RH ]
video_join.avi -> %SystemDrive%\video_join.avi -> [Ver = | Size = 2466360 bytes | Created Date = 15/01/2008 23:48:44 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 10/02/2008 19:11:29 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 10/02/2008 19:11:29 | Attr = H ]
SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Created Date = 07/02/2008 20:45:42 | Attr = ]
Msft_User_WpdMtpDr_01_00_00.Wdf -> %System32%\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 14/01/2008 11:45:37 | Attr = H ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063714816 bytes | Modified Date = 11/02/2008 11:30:54 | Attr = HS]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Modified Date = 07/02/2008 20:44:24 | Attr = RH ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 08/02/2008 18:52:30 | Attr = R ]
rollback.ini -> %SystemDrive%\rollback.ini -> [Ver = | Size = 1581 bytes | Modified Date = 11/02/2008 11:00:54 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 02/02/2008 09:23:26 | Attr = HS]
video_join.avi -> %SystemDrive%\video_join.avi -> [Ver = | Size = 2466360 bytes | Modified Date = 15/01/2008 23:48:50 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 10/02/2008 19:11:30 | Attr = ]
.jagex_cache_32 -> %SystemRoot%\.jagex_cache_32 -> [Folder | Modified Date = 25/01/2008 16:48:42 | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 10/02/2008 22:03:28 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 11/02/2008 11:30:56 | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 06/02/2008 16:06:00 | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 14/01/2008 19:32:24 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 28/01/2008 17:08:18 | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 07/02/2008 20:48:46 | Attr = R S]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 08/02/2008 15:34:48 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 10/02/2008 21:56:48 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 11/02/2008 11:37:42 | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 10/02/2008 22:03:42 | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 01/02/2008 16:22:18 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 11/02/2008 11:36:40 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 10/02/2008 19:11:30 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 10/02/2008 19:11:30 | Attr = H ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 01/02/2008 16:03:12 | Attr = ]
SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 07/02/2008 20:46:28 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 11/02/2008 11:35:24 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 11/02/2008 11:33:42 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 584 bytes | Modified Date = 07/02/2008 20:39:48 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 10/02/2008 21:52:12 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 29/01/2008 12:08:24 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/02/2008 11:31:00 | Attr = H ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 10/02/2008 21:56:16 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 10/02/2008 21:56:16 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 06/02/2008 09:21:04 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 17/01/2008 20:37:32 | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 11/02/2008 11:31:04 | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 10/02/2008 21:55:02 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 299640 bytes | Modified Date = 11/02/2008 11:25:44 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 73226 bytes | Modified Date = 11/02/2008 11:35:24 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 446438 bytes | Modified Date = 11/02/2008 11:35:24 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 528784 bytes | Modified Date = 11/02/2008 11:35:24 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 02/02/2008 09:23:26 | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 355091 bytes | Modified Date = 11/02/2008 11:31:58 | Attr = H ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 11/02/2008 11:31:58 | Attr = ]
XPSViewer -> %System32%\XPSViewer -> [Folder | Modified Date = 10/02/2008 21:54:58 | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 10/02/2008 18:30:04 | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 10/02/2008 20:30:28 | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 141200672 bytes | Modified Date = 11/02/2008 11:08:18 | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 1833476 bytes | Modified Date = 08/02/2008 17:10:08 | Attr = HS]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 14/01/2008 11:45:38 | Attr = ]
Msft_User_WpdMtpDr_01_00_00.Wdf -> %System32%\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 14/01/2008 11:45:38 | Attr = H ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.6.1.4 | Size = 740442 bytes | Modified Date = 31/05/2007 07:44:56 | Attr = ]
aspack , -> %System32%\Incinerator.dll -> [Ver = | Size = 425064 bytes | Modified Date = 18/06/2007 16:09:44 | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 07/10/2006 04:18:32 | Attr = ]
UPX! , UPX0 , -> %System32%\vbskpro2.ocx -> JB [Ver = 2.01 | Size = 412672 bytes | Modified Date = 08/08/2005 22:07:00 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 22/10/2007 21:00:30 | Attr = ]
File scan skipped for file %System32%\drivers\fidbox.dat -> File size too big (141200672 bytes) ->

< End of report >

ndmmxiaomayi

2008-02-12, 09:53

ok i have had yet another error on the machine....i was thinking it says any newly installed software might be the problemo i have installed microsoft office 2007 recently that mght be it?

error: win32k.sys - address BF8CEEFO base at BF800000 data stamp 45F013F6

Doesn't seem like that's the cause.

The WinPFind3U doesn't reveal anything bad.

You have to get support from some other sites that specializes in such issues.

One place is Tech Support Forum (http://www.techsupportforum.com/)

joe1joe1joe2

2008-02-16, 10:12

right ok, sent it back to Dell they had to put new memory into the laptop, its all fixed now

many thanks :)

ndmmxiaomayi

2008-02-16, 13:24

Glad to hear that. :)

Update Java Runtime Environment (JRE)

Your JRE is out of date. The current version is Java Runtime Environment (JRE) 6 Update 4.

Click on Start > Control Panel and double click on Add/Remove Programs. Locate J2SE Runtime Environment 5.0 Update 10 and click on Change/Remove to uninstall it.
Repeat for these old versions of JRE: J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1 Click here (http://java.sun.com/javase/downloads/index.jsp) to visit Java's website.
Scroll down to Java Runtime Environment (JRE) 6 Update 4. Click on Download.
For the Platform field, select Windows. For the Language field, select English.
Read through the Java License Agreement, then check (tick) I agree to the Java SE Runtime Environment 6 License Agreement.
Click on Continue.
Click on jre-6u4-windows-i586-p.exe to download it. Save this to a convenient location.
Run this installation to update your Java.

Update Adobe Reader

Please uninstall Adobe Reader 7.0.9 before installing the latest version by going to Start > Control Panel and double clicking on Add/Remove Programs. Locate Adobe Reader 7.0.9 and click on Change/Remove to uninstall it.
Click here (http://www.adobe.com/products/acrobat/readstep2.html) to download the latest version of Adobe Acrobat Reader.
Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you.

If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
Close your Internet browser and open it again.

After you've updated your programs, please post back a new HijackThis log.

joe1joe1joe2

2008-02-16, 19:21

eermmm....they gave me new memory

i lost everything on my computer :( so need to start from scratch.....

ndmmxiaomayi

2008-02-18, 13:26

:lip:

Sorry to hear that. :sad:

Here are some ways to prevent an infection again.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows

Go to Start > All Programs > Windows Update

To update Office

Open up any Office program.

Go to Help > Check for Updates

Alternatively, you can visit the links below to update Windows and Office products.

Windows Update (http://update.microsoft.com/)
Office Update (http://office.microsoft.com/en-us/officeupdate/default.aspx)

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

Go to Start > Control Panel > Automatic Updates
Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge (http://sourceforge.net/) or Pricelessware (http://www.pricelesswarehome.org/).

Stop malicious scripts

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript (http://www.symantec.com/avcenter/noscript.exe) by Symantec or Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm) by AnalogX to handle these scripts.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article (http://www.microsoft.com/athome/security/update/howbackup.mspx) to learn how to backup. Follow this article (http://support.microsoft.com/kb/309340) by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer (http://www.bleepingcomputer.com/tutorials/tutorial127.html).

Make your Internet Explorer safer

For Internet Explorer 6

Open Internet Explorer. Click on Tools > Options.
Click on the Security tab.
Click on the Internet icon.
Click on the Custom Level button.
Under Download signed ActiveX controls, select Prompt.
Under Download unsigned ActiveX controls, select Disable.
Under Initialize and script ActiveX controls not marked as safe, select Disable.
Under Installation of desktop items, select Prompt.
Under Launching programs and files in an IFRAME, select Prompt.
Under Navigate sub-frames across different domains, select Prompt.
Under Allow paste operations via script, select Disable.
Click OK to apply these settings.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Press OK to exit the Internet Properties page.
For a pictorial guide, please refer to this article (http://surfthenetsafely.com/slides/ieconfigureslide1.htm).

For Internet Explorer 7

If you intend to upgrade to Internet Explorer 7, please read this article (http://surfthenetsafely.com/ieseczone8.htm) to configure Internet Explorer 7 properly.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs (http://p2p.malwareremoval.com/) if you need to use one.

Prevent a re-infection

Winpatrol
Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here (http://www.winpatrol.com/features.html).

You can get a free copy (http://www.winpatrol.com/wpsetup.exe) of Winpatrol or use the Plus version (http://winpatrol.stores.yahoo.net/winplusmemre.html) for more features.

You can read Winpatrol's FAQ (http://www.winpatrol.com/faq.html) if you run into problems.

Spyware Blaster
SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX (http://surfthenetsafely.com/activex.htm) programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

You can download SpywareBlaster from Javacool (http://www.javacoolsoftware.com/spywareblaster.html).

If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial (http://www.bleepingcomputer.com/tutorials/tutorial49.html) at Bleeping Computer.

SpywareGuard
Just as an antivirus program scans a file for viruses before opening it, SpywareGuard does the same thing, except that it scans it for spywares.

You can download SpywareGuard from Javacool (http://www.javacoolsoftware.com/spywareguard.html).

If you need help in using SpywareGuard, you can SpywareGuard's tutorial (http://www.bleepingcomputer.com/tutorials/tutorial50.html) at Bleeping Computer.

IE-SPYAD
IE-SPYAD adds over 5000 sites to your Internet Explorer restricted zone so that you will be protected if the website turns out to be a bad one. Sites that are in the restricted zone of Internet Explorer can't have any scripts ran, no downloads and cookies. However, you can still connect to these sites.

You can download IE-SPYAD from Spyware Warrior (http://www.spywarewarrior.com/uiuc/resource.htm). Be sure to read the whole website carefully for instructions on usage of IE-SPYAD.

Hosts File
A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
Bluetack's Hosts File (http://www.bluetack.co.uk/forums/index.php?showtopic=8406)
Bluetack's Host Manager (http://www.bluetack.co.uk/forums/index.php?autocom=faq&CODE=02&qid=16)
hpHosts (http://hphosts.mysteryfcm.co.uk/?s=Download)

A tutorial (http://forum.malwareremoval.com/viewtopic.php?t=22187) about Hosts File can be found at Malware Removal.

Spybot Search and Destroy
Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week.

Spybot Search & Destroy can be downloaded from here (http://www.safer-networking.org/en/mirrors/index.html).

If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial (http://www.bleepingcomputer.com/tutorials/tutorial43.html) at Bleeping Computer.

a-squared Free
a-squared Free is also another program for scanning spywares and adwares. It doesn't have preventive features like Spybot Search & Destroy though.

You can download a-squared Free from here (http://www.emsisoft.com/en/software/download/).

Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs (http://www.spywarewarrior.com/rogue_anti-spyware.htm) and Malwarebytes RogueNET (http://www.malwarebytes.org/roguenet.php). This will save you from a lot of trouble. If in doubt, don't ever download it.

SiteHound Toolbar
SiteHound (http://www.firetrust.com/en/products/sitehound) is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.

Use an alternative Internet Browser

Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead.

Firefox (http://www.mozilla.com/en-US/firefox/)
Opera (http://www.opera.com/download/)
K-Meleon (http://kmeleon.sourceforge.net/download.php)

Use an alternative email client

If you are using Outlook Express as your default email client, try using Thunderbird (http://www.mozilla.com/en-US/thunderbird/) or Pegasus Mail (http://www.pmail.com/) instead.

Here are some more things to read about:

List of clean and infected download managers (http://www.safer-networking.org/en/articles/download-managers.html)
Configuring Skype (http://www.tcd.ie/iss/internet/skype.php)
Greater email safety (http://surfthenetsafely.com/surfsafely4.htm)
Phishing - what is it? (http://surfthenetsafely.com/phishing.htm)
Configuring Outlook Express (http://surfthenetsafely.com/slides/oeconfigureslide1.htm)
The Unofficial Cookie FAQ (http://www.cookiecentral.com/faq)
Securing your home wireless network (http://www.windowsecurity.com/articles/Wireless-Network-Security-Home.html)
80 Super Security Tips (http://www.pcmag.com/article2/0,1895,1838690,00.asp)
The different classes of security softwares (http://wiki.castlecops.com/Different_classes_of_security_software)