Thread: Please help! I've tried [almost] everything!
View Single Post
Old 04-18-2006, 09:18 PM   #6 (permalink)
jrobin
Registered User
 
Join Date: Apr 2006
Posts: 15
OS: XP Home


Thank you very much for your time. It looks like there may be some kind of progress.
I noticed when CleanUp! was run, after it asked me to log off and log back on, the problem was resolved (temporarily). I know I owe you some logs, I'll include those at the bottom. The Panda is hanging right now and I'm pretty sure it was because the Avast Antivirus had a problem with it, I may need to re-run after I figure out how to re-install the ActiveX control. I can't even close the windopw now, but it sounds like its scanning... First allow me to list what Cleanup lists as deleted (or pending deletion) while the machine is screwed up (before the log-off) - followed by a list of what it shows on a "cleanup" when the machine seems to be in perfect working order...

While not running properly:
C:\Documents and Settings\Jenifer\Local Settings\Temporary Internet Files\Content.IE5\YSLSYI3H\voice_on[1].gif - deleted
C:\Documents and Settings\Jenifer\Local Settings\Temporary Internet Files\Content.IE5\YSLSYI3H\webmail_signin_sky;!category=secure;sz=120x600;ptile=2;ord=-1489125253[1].htm - deleted
C:\Documents and Settings\Jenifer\Local Settings\Temporary Internet Files\Content.IE5\YSLSYI3H\what_over[1].gif - deleted
C:\Documents and Settings\Jenifer\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
http://www.cnn.com/.element/ssi/www/...kingNewsBanner - deleted
http://my.eimg.net/img/channels/www/header_arrow.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/ac.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...dr.wd.tech.gif - deleted
http://my.eimg.net/img/channels/www/header_back.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/logo_cnn.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/pz.gif - deleted
http://w.eimg.net/i/newNav/cart_on.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/ac_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...nav_emails.gif - deleted
http://my.eimg.net/img/channels/www/footer_back.gif - deleted
http://w.eimg.net/i/newNav/wireless_off.gif - deleted
http://w.eimg.net/i/newNav/wireless_on.gif - deleted
https://webmail.pas.earthlink.net/wa...ink/search.gif - deleted
https://ad.doubleclick.net/639995/frust_man_EL_120x600.swf?clickTag=https://ad.doubleclick.net/click%3Bh=v5|33cc|3|0|%2a|e%3B29755471%3B0-0%3B0%3B12697905%3B933-120|600%3B15710166|15728061|1%3B%3B%7Esscs%3D%3fhttp%3A//www.earthlinkcybercheck.net - deleted
http://w.eimg.net/i/newNav/home_off.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../advlinks1.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../live_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...z/hdr_line.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._watch_vid.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...d.sponsors.gif - deleted
https://webmail.pas.earthlink.net/wam/js/login.js - deleted
https://webmail.pas.earthlink.net/wa.../login/ebp.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...quote_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...biz/tab_bg.gif - deleted
http://w.eimg.net/i/newNav/cart_off.gif - deleted
https://webmail.pas.earthlink.net/wa...der2-right.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../hdr_yahoo.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...cnn_bg_red.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n_hor.dash.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...d.business.gif - deleted
http://www.earthlink.net/ - deleted
http://w.eimg.net/i/newNav/mcenter_on.gif - deleted
http://w.eimg.net/i/nav/earthlink_logo.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...z/tab_left.gif - deleted
http://w.eimg.net/i/newNav/softools_on.gif - deleted
http://i.a.cnn.net/cnn/.element/ssi/css/1.5/main.css - deleted
http://i.a.cnn.net/cnn/.element/ssi/js/1.3/main.js - deleted
http://www.cnn.com/.element/ssi/www/...SponsoredLinks - deleted
http://i.a.cnn.net/cnn/.element/img/...in/lt_grey.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...op_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._bg_orange.gif - deleted
http://www.earthlink.net/scripts/so.js - deleted
http://i.a.cnn.net/cnn/video/us/2006....prices.fp.jpg - deleted
http://www.earthlink.net/scripts/s_code_remote.js - deleted
http://i.a.cnn.net/cnn/.element/ssi/js/1.3/omniture.js - deleted
http://i.cnn.net/cnn/cnn_adspaces/da...vernursing.com - deleted
http://i.a.cnn.net/cnn/.element/img/...tner_money.gif - deleted
http://cnn.dyn.cnn.com/cookie.crumb - deleted
http://i.a.cnn.net/cnn/.element/img/...stpop_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...iz/hdr_end.gif - deleted
http://i.cnn.net/cnn/.element/img/1....z/hdr_line.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...adient_334.gif - deleted
http://i.a.cnn.net/cnn/2006/US/04/10...pizza.love.jpg - deleted
http://www.earthlink.net/scripts/common.js - deleted
http://ar.atwola.com/file/adsWrapper.js - deleted
http://i.cnn.net/cnn/.element/img/1..../tab_right.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/ld.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da...ity.306x60.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...hedule_btn.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...eft_corner.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ne_mod_hdr.jpg - deleted
https://ad.doubleclick.net/879366/DartRichMedia_1_03.js - deleted
https://webmail.pas.earthlink.net/wa.../login/icw.gif - deleted
http://i.a.cnn.net/cnn/.element/ssi/js/1.3/s_code.js - deleted
http://my.eimg.net/img/channels/www/header_right.gif - deleted
http://w.eimg.net/i/newNav/voice_off.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../btm_cwire.gif - deleted
http://i.cnn.net/cnn/.element/img/1....z/tab_left.gif - deleted
http://i.cnn.net/cnn/.element/img/1....te_blue_wt.gif - deleted
https://ad.doubleclick.net/adi/webma...d=-1489125253? - deleted
http://i.a.cnn.net/cnn/.element/img/...ories_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...hdr.wd.law.gif - deleted
http://i.a.cnn.net/cnn/.element/img/1.3/main/novell.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/pz_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...sched_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._line_edge.gif - deleted
https://webmail.pas.earthlink.net/wa.../bg2-whole.gif - deleted
http://i.cnn.net/cnn/.element/img/1....ine_ltblue.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...bottom.334.gif - deleted
http://w.eimg.net/i/newNav/net_on.gif - deleted
https://webmail.pas.earthlink.net/wa...ooter-left.gif - deleted
https://webmail.pas.earthlink.net/wa...oter-right.gif - deleted
https://webmail.pas.earthlink.net/wa...ader2-left.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...atest_news.gif - deleted
http://i.cnn.net/cnn/.element/img/1....iz/hdr_end.gif - deleted
http://www.cnn.com/SPECIALS/2005/onl...ages/tz.02.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...con.wd.xml.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/am.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n/cnn_wire.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ve_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ine_footer.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n.vert.div.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../cl/cl_bar.gif - deleted
http://cnn.dyn.cnn.com/1.gif?1145413368228 - deleted
http://i.a.cnn.net/cnn/.element/ssi/...lash_detect.js - deleted
http://i.a.cnn.net/cnn/.element/img/...rtical.dot.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....pipe.gray.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../what_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../biz/quote.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ne_hdr_end.gif - deleted
http://i.a.cnn.net/cnn/2006/images/02/27/tz.gupta.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/....wd.travel.gif - deleted
http://www.earthlink.net/scripts/common.css - deleted
http://my.eimg.net/img/channels/www/button.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../bestvideo.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...nly_on_cnn.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....quickvote.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...dr_the_web.gif - deleted
http://servedby.advertising.com/site.../bins=1/optn=1 - deleted
http://i.a.cnn.net/cnn/.element/img/...partner_si.gif - deleted
http://my.earthlink.net/scripts/track.js - deleted
http://i.a.cnn.net/cnn/.element/img/...iz/markets.gif - deleted
http://i.cnn.net/cnn/images/1.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/ng.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../tab_right.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...z/arrow.up.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...partner_ew.gif - deleted
http://w.eimg.net/i/newNav/voice_on.gif - deleted
http://i.a.cnn.net/cnn/.element/ssi/css/1.3/common.css - deleted
http://i.cnn.net/cnn/.element/img/1....ine_dkblue.gif - deleted
http://i.a.cnn.net/cnn/images/1.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...icon_video.gif - deleted
http://my.eimg.net/img/weather/31/33.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...av_cnntogo.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n/tv/ac360.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/....rt.corner.gif - deleted
http://ar.atwola.com/file/adsEnd.js - deleted
http://i.a.cnn.net/cnn/.element/img/...biz/hdr_bg.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da.../232517rgb.gif - deleted
https://webmail.pas.earthlink.net/wa...k/bg-whole.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ive_screen.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...fb.top.334.gif - deleted
http://w.eimg.net/i/newNav/home_on.gif - deleted
https://webmail.pas.earthlink.net/wa...ader-right.gif - deleted
http://w.eimg.net/i/newNav/mcenter_off.gif - deleted
http://w.eimg.net/i/nav/btn_search.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ket_update.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/am_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....wd.sports.gif - deleted
https://webmail.pas.earthlink.net/wa.../truevoice.gif - deleted
http://i.cnn.net/cnn/.element/img/1....iz/markets.gif - deleted
http://www.cnn.com/interactive/us/06...katrina/tz.gif - deleted
http://i.a.cnn.net/cnn/.element/img/1.5/ceiling/ccc.gif - deleted
http://gdyn.cnn.com/1.1/1.gif?1145413368228 - deleted
http://my.eimg.net/img/channels/www/footer_right.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...hows/sched.gif - deleted
http://my.eimg.net/img/channels/www/expedia_www.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/ld_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ideo/minus.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...asts_radio.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...sts_rt_end.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...wd.weather.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...v/time_tab.gif - deleted
http://i.a.cnn.net/cnn/1.gif - deleted
http://www.earthlink.net/scripts/nav_sub.js - deleted
https://webmail.pas.earthlink.net/wam/js/domains.js - deleted
https://webmail.pas.earthlink.net/wa...ton-signin.gif - deleted
http://servedby.advertising.com/site...=805943/optn=1 - deleted
http://i.a.cnn.net/cnn/.element/img/...ts_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/sr_over.gif - deleted
http://i.cnn.net/cnn/.element/img/1....finances_1.gif - deleted
https://webmail.pas.earthlink.net/wa.../elnk_logo.gif - deleted
https://webmail.pas.earthlink.net/wa...ink/google.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...s/lkl_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...rtner_time.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ght_corner.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...fb.generic.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...d.politics.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....education.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da...3512120x90.gif - deleted
http://www.cnn.com/ - deleted
http://i.a.cnn.net/cnn/.element/img/...bs/mostpop.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...v_podcasts.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._bg_bottom.gif - deleted
http://w.eimg.net/i/newNav/net_off.gif - deleted
http://i.cnn.net/cnn/.element/img/1....49/stream1.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...gray.arrow.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da...016logo.cb.gif - deleted
https://webmail.pas.earthlink.net/wa...link/style.css - deleted
http://i.a.cnn.net/cnn/.element/img/...on.offsite.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...wd.science.gif - deleted
http://cl.cnn.com/ctxtlink/jsp/cnn/c...txt&origin=cnn - deleted
http://w.eimg.net/i/nav/new_google_logo.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...dr_cnn_com.gif - deleted
http://i.cnn.net/cnn/.element/img/1...._bigcharts.gif - deleted
http://cl.cnn.com/ctxtlink/jsp/cnn/c...stings_default - deleted
http://my.eimg.net/img/channels/www/footer_left.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../shows/lkl.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...in/tv/10pm.gif - deleted
http://i.a.cnn.net/cnn/.element/ssi/...ainVideoMod.js - deleted
http://i.a.cnn.net/cnn/.element/img/...topstories.gif - deleted
http://i.a.cnn.net/cnn/cnn_adspaces/cnn_adspaces.js - deleted
http://i.a.cnn.net/cnn/.element/img/...in/hdr_end.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ove_Beyond.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../tabs/what.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ng/nav_rss.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ine_dkblue.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ertisement.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...llet.round.gif - deleted
http://i.cnn.net/cnn/.element/img/1.4/main/biz/ddd.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...wd.us.home.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/sr.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...hdr_search.gif - deleted
https://webmail.pas.earthlink.net/wa...eader-left.gif - deleted
http://i.a.cnn.net/cnn/2006/images/0...newyork.ap.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...abs/hdr_bg.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...eo_blue_wt.gif - deleted
http://cnn.dyn.cnn.com/weatherBox.ht...=1145413367368 - deleted
http://i.a.cnn.net/cnn/.element/img/...ft_end_red.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....wd.health.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._vert.dash.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n/hdr_bg_2.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...video/plus.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...pe_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...con.wd.pod.gif - deleted
http://my.eimg.net/img/channels/www/header_left.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/ng_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...rkets_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._separator.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...es_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...world.home.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...r_partners.gif - deleted
http://i.a.cnn.net/cnn/2006/images/0...ord_shelby.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/.../tabs/live.gif - deleted
http://i.a.cnn.net/cnn/video/health/...18/face.fp.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...this_white.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...review_btn.gif - deleted
http://i.a.cnn.net/cnn/.element/img/1.3/floor/dots.gif - deleted
http://my.eimg.net/img/channels/www/techshopPromo.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...eildivider.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ertainment.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...video_over.gif - deleted
http://m.doubleclick.net/dot.gif - deleted
http://w.eimg.net/i/newNav/biz_on.gif - deleted
http://w.eimg.net//i/newNav/cart_off.gif - deleted
https://webmail.pas.earthlink.net/wa.../navbar_bg.gif - deleted
http://my.eimg.net/img/channels/www/as_back.gif - deleted
http://w.eimg.net/i/newNav/biz_off.gif - deleted
https://secure.leadback.advertising....tq=1063=350892 - deleted
http://my.eimg.net/img/channels/www/weather.gif - deleted
https://webmail.pas.earthlink.net/wa...-footer-bg.gif - deleted
http://w.eimg.net/i/newNav/softools_off.gif - deleted
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\MSHist012006041820060419\index.dat - deleted
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\MSHist012006041820060419\ - deleted
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
'Typed URLs' (Internet Explorer) - removed from the registry.
Visited: Jenifer@http://www.cnn.com - deleted
Visited: Jenifer@http://webmail.earthlink.net - deleted
Visited: Jenifer@https://webmail.pas.earthlin...am%2Findex.jsp&x=-940270454 - deleted
C:\Documents and Settings\Jenifer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Cookies\jenifer@2o7[2].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@ads.cnn[1].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@cnn.122.2o7[1].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@cnn[2].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@earthlink[2].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@edge.ru4[1].txt - deleted
Cookie:jenifer@ads.cnn.com/ - deleted
Cookie:jenifer@edge.ru4.com/ - deleted
Cookie:jenifer@cnn.122.2o7.net/ - deleted
Cookie:jenifer@2o7.net/ - deleted
Cookie:jenifer@cnn.com/ - deleted
Cookie:jenifer@earthlink.net/ - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\HPH1.tmp - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\HPH3.tmp - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\IadHide5.dll currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\~DF2FB4.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\~DF8B54.tmp - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\_avast4_\ - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\IadHide5.dll currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\~DF2FB4.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\JET1E9F.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\Perflib_Perfdata_dc.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\_avast4_\Webshlock.txt currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\Temp\IadHide5.dll currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\Temp\~DF2FB4.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf - deleted
C:\WINDOWS\Prefetch\ASHMAISV.EXE-12E27032.pf - deleted
C:\WINDOWS\Prefetch\ASHWEBSV.EXE-0548EF0A.pf - deleted
C:\WINDOWS\Prefetch\AVAST.SETUP-032170A8.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-1B0F5664.pf - deleted
C:\WINDOWS\Prefetch\DRGTODSC.EXE-2EA93301.pf - deleted
C:\WINDOWS\Prefetch\ENGUTIL.EXE-12902716.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\WINDOWS\Prefetch\GIANTANTISPYWAREUPDATER.EXE-01DFD337.pf - deleted
C:\WINDOWS\Prefetch\HPGS2WND.EXE-06AC8C27.pf - deleted
C:\WINDOWS\Prefetch\HPGS2WNF.EXE-0E86C34B.pf - deleted
C:\WINDOWS\Prefetch\HPHIPM11.EXE-25D93894.pf - deleted
C:\WINDOWS\Prefetch\HVIDEOS2.EXE-14D68569.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted
C:\WINDOWS\Prefetch\ITOUCH.EXE-0DDF2B56.pf - deleted
C:\WINDOWS\Prefetch\JUSCHED.EXE-2ABC3D1B.pf - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\MSPMSPSV.EXE-159858D5.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\NTPTIME.EXE-26343316.pf - deleted
C:\WINDOWS\Prefetch\RESIDENCE.EXE-2ACE91B5.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CD85FD3.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-35A483DA.pf - deleted
C:\WINDOWS\Prefetch\RXMON.EXE-06BF68E3.pf - deleted
C:\WINDOWS\Prefetch\SETUP.OVR-154CE291.pf - deleted
C:\WINDOWS\Prefetch\SMC.EXE-2CDB6670.pf - deleted
C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf - deleted
C:\WINDOWS\Prefetch\SYMLCSVC.EXE-0DE3B05C.pf - deleted
C:\WINDOWS\Prefetch\SYMWSC.EXE-321AAE19.pf - deleted
C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted
C:\WINDOWS\Prefetch\WDFMGR.EXE-2CF4013B.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
C:\WINDOWS\Prefetch\WZQKPICK.EXE-350A392A.pf - deleted
'Run MRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.1 recovered 2.7 MB of disk space from 541 files.
CleanUp! finished on 04/18/06 22:23:16.
________________________________________________________________

While running properly (it seems :)
CleanUp! started on 04/18/06 22:32:01.
...
http://i.a.cnn.net/cnn/.element/img/.../advlinks1.gif - deleted
http://cl.cnn.com/ctxtlink/jsp/cnn/c...stings_default - deleted
http://castlecops.com/modules/Forums...ini_groups.gif - deleted
http://castlecops.com/modules/Forums...n_minipost.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../live_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...z/hdr_line.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._watch_vid.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...d.sponsors.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...quote_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...biz/tab_bg.gif - deleted
http://www.google.com/logos/Logo_25wht.gif - deleted
http://castlecops.com/themes/Cops_10.../footer/sl.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../hdr_yahoo.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...cnn_bg_red.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n_hor.dash.gif - deleted
http://cnn.dyn.cnn.com/weatherBox.ht...=1145413487634 - deleted
http://i.a.cnn.net/cnn/.element/img/...d.business.gif - deleted
http://castlecops.com/themes/Cops_10.../footer/ur.gif - deleted
http://www.file.net/img/spyrate0.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...z/tab_left.gif - deleted
http://castlecops.com/modules/Forums...ni_message.gif - deleted
http://castlecops.com/modules/Forums...mini_login.gif - deleted
http://castlecops.com/themes/Cops_10.../footer/lr.gif - deleted
http://i.a.cnn.net/cnn/.element/ssi/css/1.5/main.css - deleted
http://i.a.cnn.net/cnn/.element/ssi/js/1.3/main.js - deleted
http://www.cnn.com/.element/ssi/www/...SponsoredLinks - deleted
http://castlecops.com/themes/Cops_10...ks/blocktr.gif - deleted
http://castlecops.com/modules/Forums...s/chevron2.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...in/lt_grey.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...op_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._bg_orange.gif - deleted
http://www.google.com/nav_current.gif - deleted
http://castlecops.com/themes/Cops_10...ocks/mback.gif - deleted
http://pagead2.googlesyndication.com...=3&u_java=true - deleted
http://www.file.net/img/spyrate5.gif - deleted
http://i.a.cnn.net/cnn/video/us/2006....prices.fp.jpg - deleted
http://www.neuber.com/taskmanager/process/nospy.css - deleted
http://www.file.net/img/spyrate2.gif - deleted
http://i.a.cnn.net/cnn/.element/ssi/js/1.3/omniture.js - deleted
http://castlecops.com/zx/seafsee/1asp030.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da...vernursing.com - deleted
http://i.a.cnn.net/cnn/.element/img/...tner_money.gif - deleted
http://cnn.dyn.cnn.com/cookie.crumb - deleted
http://i.a.cnn.net/cnn/.element/img/...stpop_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...iz/hdr_end.gif - deleted
http://i.cnn.net/cnn/.element/img/1....z/hdr_line.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...adient_334.gif - deleted
http://i.a.cnn.net/cnn/2006/US/04/10...pizza.love.jpg - deleted
http://www.google.com/images/t4_en.gif - deleted
http://www.file.net/img/bgverlauf.jpg - deleted
http://ar.atwola.com/file/adsWrapper.js - deleted
http://i.cnn.net/cnn/.element/img/1..../tab_right.gif - deleted
http://castlecops.com/themes/Cops_1024/style/style.css - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/ld.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da...ity.306x60.jpg - deleted
http://servedby.advertising.com/site...8120472/optn=1 - deleted
http://i.a.cnn.net/cnn/.element/img/...hedule_btn.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...eft_corner.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ne_mod_hdr.jpg - deleted
http://castlecops.com/modules/Forums...lish/reply.gif - deleted
http://www.neuber.com/img/spyrate2.gif - deleted
http://www.neuber.com/img/1spychecker.gif - deleted
http://i.a.cnn.net/cnn/.element/ssi/js/1.3/s_code.js - deleted
http://i.a.cnn.net/cnn/.element/img/.../btm_cwire.gif - deleted
http://i.cnn.net/cnn/.element/img/1....z/tab_left.gif - deleted
http://i.cnn.net/cnn/.element/img/1....te_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ories_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...hdr.wd.law.gif - deleted
http://i.a.cnn.net/cnn/.element/img/1.3/main/novell.gif - deleted
http://castlecops.com/themes/Cops_10.../footer/ll.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/pz_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...sched_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._line_edge.gif - deleted
http://castlecops.com/modules/Forums.../icon_msnm.gif - deleted
http://www.neuber.com/img/spyrate4.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da...ace_120x90.gif - deleted
http://castlecops.com/themes/Cops_10...s/blockbot.gif - deleted
http://castlecops.com/modules/Forums...on_profile.gif - deleted
http://www.neuber.com/img/spyrate0.gif - deleted
http://www.neuber.com/img/6tonline.gif - deleted
http://i.cnn.net/cnn/.element/img/1....ine_ltblue.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...bottom.334.gif - deleted
http://www.google.com/nav_first.gif - deleted
http://pagead2.googlesyndication.com...=3&u_java=true - deleted
http://i.a.cnn.net/cnn/.element/img/...atest_news.gif - deleted
http://i.cnn.net/cnn/.element/img/1....iz/hdr_end.gif - deleted
http://www.cnn.com/SPECIALS/2005/onl...ages/tz.02.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...con.wd.xml.gif - deleted
http://www.google.com/intl/en/images/logo.gif - deleted
http://castlecops.com/modules/Forums...s/cellpic3.gif - deleted
http://castlecops.com/modules/Forums...tars/blank.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/am.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n/cnn_wire.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ve_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ine_footer.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n.vert.div.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../cl/cl_bar.gif - deleted
http://i.a.cnn.net/cnn/.element/ssi/...lash_detect.js - deleted
http://i.a.cnn.net/cnn/.element/img/...rtical.dot.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....pipe.gray.gif - deleted
http://pagead2.googlesyndication.com...=3&u_java=true - deleted
http://castlecops.com/themes/Cops_10...footer/top.gif - deleted
http://www.file.net/img/spyrate3.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../what_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../biz/quote.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ne_hdr_end.gif - deleted
http://i.a.cnn.net/cnn/2006/images/02/27/tz.gupta.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/....wd.travel.gif - deleted
http://castlecops.com/modules/Forums.../premium25.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../bestvideo.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...nly_on_cnn.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....quickvote.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...dr_the_web.gif - deleted
http://servedby.advertising.com/site.../bins=1/optn=1 - deleted
http://i.a.cnn.net/cnn/.element/img/...partner_si.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...iz/markets.gif - deleted
http://i.cnn.net/cnn/images/1.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/ng.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../tab_right.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...z/arrow.up.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...partner_ew.gif - deleted
http://www.google.com/search?hl=en&q=IadHide5.dll+ - deleted
http://i.a.cnn.net/cnn/.element/ssi/css/1.3/common.css - deleted
http://i.cnn.net/cnn/.element/img/1....ine_dkblue.gif - deleted
http://i.a.cnn.net/cnn/images/1.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...icon_video.gif - deleted
http://castlecops.com/modules/Forums...glish/post.gif - deleted
http://www.neuber.com/taskmanager/image/taskman_200.gif - deleted
http://www.neuber.com/img/1tucows.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...av_cnntogo.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n/tv/ac360.jpg - deleted
http://ar.atwola.com/file/adsEnd.js - deleted
http://i.a.cnn.net/cnn/.element/img/....rt.corner.gif - deleted
http://castlecops.com/modules/Forums...sh/icon_pm.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...biz/hdr_bg.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da.../232517rgb.gif - deleted
http://www.google.com/images/logo_sm.gif - deleted
http://www.google.com/nav_next.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ive_screen.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...fb.top.334.gif - deleted
http://www.google.com/ - deleted
http://castlecops.com/modules/Forums...ini_search.gif - deleted
http://castlecops.com/modules/Forums...n_mini_faq.gif - deleted
http://castlecops.com/modules/Forums.../folding25.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ket_update.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/am_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....wd.sports.gif - deleted
http://castlecops.com/modules/Forums...h/icon_aim.gif - deleted
http://castlecops.com/modules/Forums...h/icon_yim.gif - deleted
http://www.neuber.com/typograf/image/5zdstar.gif - deleted
http://i.cnn.net/cnn/.element/img/1....iz/markets.gif - deleted
http://www.cnn.com/interactive/us/06...katrina/tz.gif - deleted
http://i.a.cnn.net/cnn/.element/img/1.5/ceiling/ccc.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...hows/sched.gif - deleted
http://serve.dynasig.net/840.gif - deleted
http://www.google.com/nav_page.gif - deleted
http://castlecops.com/themes/Cops_10.../blocks/sl.gif - deleted
http://www.neuber.com/taskmanager/pr...hide5.dll.html - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/ld_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ideo/minus.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...asts_radio.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...sts_rt_end.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...v/time_tab.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...wd.weather.gif - deleted
http://i.a.cnn.net/cnn/1.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ts_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/sr_over.gif - deleted
http://i.cnn.net/cnn/.element/img/1....finances_1.gif - deleted
http://gdyn.cnn.com/1.1/1.gif?1145413488462 - deleted
http://pagead2.googlesyndication.com/pagead/show_ads.js - deleted
http://www.neuber.com/img/spyrate5.gif - deleted
http://www.file.net/img/bgmenu.jpg - deleted
http://www.file.net/img/spyrate4.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...s/lkl_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...rtner_time.gif - deleted
http://castlecops.com/postp343298.html - deleted
http://i.a.cnn.net/cnn/.element/img/...ght_corner.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...fb.generic.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...d.politics.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....education.gif - deleted
http://castlecops.com/images/topcc.gif - deleted
http://castlecops.com/modules/Forums...ks/phish25.gif - deleted
http://www.cnn.com/ - deleted
http://i.a.cnn.net/cnn/.element/img/...bs/mostpop.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...v_podcasts.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._bg_bottom.gif - deleted
http://cl.cnn.com/ctxtlink/jsp/cnn/c...txt&origin=cnn - deleted
http://i.cnn.net/cnn/.element/img/1....49/stream1.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...gray.arrow.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da...016logo.cb.gif - deleted
http://castlecops.com/modules/Forums...024/formIE.css - deleted
http://castlecops.com/modules/Forums...h/icon_www.gif - deleted
http://www.neuber.com/img/space.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...on.offsite.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...wd.science.gif - deleted
http://castlecops.com/themes/Cops_10...ocktopback.gif - deleted
http://castlecops.com/modules/Forums...icon_quote.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...dr_cnn_com.gif - deleted
http://i.cnn.net/cnn/.element/img/1...._bigcharts.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../shows/lkl.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...in/tv/10pm.gif - deleted
http://castlecops.com/modules/Forums...es/printer.gif - deleted
http://pagead2.googlesyndication.com...=3&u_java=true - deleted
http://i.a.cnn.net/cnn/.element/ssi/...ainVideoMod.js - deleted
http://i.a.cnn.net/cnn/.element/img/...topstories.gif - deleted
http://i.a.cnn.net/cnn/cnn_adspaces/cnn_adspaces.js - deleted
http://i.a.cnn.net/cnn/.element/img/...in/hdr_end.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ove_Beyond.gif - deleted
http://cnn.dyn.cnn.com/1.gif?1145413488462 - deleted
http://castlecops.com/themes/Cops_1024/images/pixel.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../tabs/what.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ng/nav_rss.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ine_dkblue.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...llet.round.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ertisement.gif - deleted
http://i.cnn.net/cnn/.element/img/1.4/main/biz/ddd.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...wd.us.home.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/sr.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...hdr_search.gif - deleted
http://castlecops.com/themes/Cops_10.../blocks/sr.gif - deleted
http://www.file.net/process/iadhide5.dll.html - deleted
http://i.a.cnn.net/cnn/2006/images/0...newyork.ap.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...abs/hdr_bg.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...eo_blue_wt.gif - deleted
http://castlecops.com/zx/Paul/x-click-but04.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ft_end_red.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....wd.health.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._vert.dash.gif - deleted
http://castlecops.com/themes/Cops_10...footer/bot.gif - deleted
http://www.file.net/img/home.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n/hdr_bg_2.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...video/plus.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...pe_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...con.wd.pod.gif - deleted
http://castlecops.com/modules/Forums...s/cellpic1.gif - deleted
http://www.neuber.com/img/spyrate1.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/ng_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...rkets_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._separator.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...es_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...world.home.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...r_partners.gif - deleted
http://i.a.cnn.net/cnn/2006/images/0...ord_shelby.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/.../tabs/live.gif - deleted
http://i.a.cnn.net/cnn/video/health/...18/face.fp.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...this_white.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...review_btn.gif - deleted
http://i.a.cnn.net/cnn/.element/img/1.3/floor/dots.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...eildivider.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ertainment.gif - deleted
http://castlecops.com/themes/Cops_10...cks/mright.gif - deleted
http://castlecops.com/themes/Cops_10.../footer/ul.gif - deleted
http://www.neuber.com/img/point.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...video_over.gif - deleted
http://m.doubleclick.net/dot.gif - deleted
http://castlecops.com/themes/Cops_10...ks/blocktl.gif - deleted
http://castlecops.com/modules/Forums...ges/spacer.gif - deleted
http://www.neuber.com/img/1pcwelt.gif - deleted
http://www.file.net/img/spyrate1.gif - deleted
http://www.neuber.com/img/spyrate3.gif - deleted
http://castlecops.com/modules/Forums...ks/premium.gif - deleted
http://castlecops.com/themes/Cops_10...ocks/mleft.gif - deleted
http://castlecops.com/themes/Cops_10.../footer/sr.gif - deleted
http://www.neuber.com/typograph/image/5filehungry.gif - deleted
http://www.file.net/img/software.gif - deleted
http://www.file.net/img/files.gif - deleted
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\MSHist012006041820060419\index.dat - deleted
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\MSHist012006041820060419\ - deleted
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
'Typed URLs' (Internet Explorer) - removed from the registry.
Visited: Jenifer@file:///C:/Documents%20and%2...sktop/f-ed.txt - deleted
Visited: Jenifer@http://www.google.com/search...q=IadHide5.dll+ - deleted
Visited: Jenifer@http://www.file.net/process/iadhide5.dll.html - deleted
Visited: Jenifer@http://www.cnn.com - deleted
Visited: Jenifer@http://castlecops.com/postp343298.html - deleted
Visited: Jenifer@http://www.neuber.com/taskma...hide5.dll.html - deleted
Visited: Jenifer@http://www.google.com - deleted
C:\Documents and Settings\Jenifer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Cookies\jenifer@ads.cnn[1].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@castlecops[2].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@cnn.122.2o7[1].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@cnn[1].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@google[1].txt - deleted
Cookie:jenifer@ads.cnn.com/ - deleted
Cookie:jenifer@cnn.122.2o7.net/ - deleted
Cookie:jenifer@castlecops.com/ - deleted
Cookie:jenifer@google.com/ - deleted
Cookie:jenifer@cnn.com/ - deleted
C:\Documents and Settings\Jenifer\Recent\f-ed.txt.lnk - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\HPH3.tmp - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\IadHide5.dll currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\jusched.log - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\~DF2FB4.tmp - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\~DFDC5A.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\_avast4_\ - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\IadHide5.dll currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\~DFDC5A.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\JET1E9F.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\Perflib_Perfdata_dc.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\_avast4_\Webshlock.txt currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\Temp\IadHide5.dll currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\Temp\~DFDC5A.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\DRGTODSC.EXE-2EA93301.pf - deleted
C:\WINDOWS\Prefetch\ENGUTIL.EXE-12902716.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\WINDOWS\Prefetch\GIANTANTISPYWAREUPDATER.EXE-01DFD337.pf - deleted
C:\WINDOWS\Prefetch\HPGS2WND.EXE-06AC8C27.pf - deleted
C:\WINDOWS\Prefetch\HPGS2WNF.EXE-0E86C34B.pf - deleted
C:\WINDOWS\Prefetch\HPHIPM11.EXE-25D93894.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf - deleted
C:\WINDOWS\Prefetch\ITOUCH.EXE-0DDF2B56.pf - deleted
C:\WINDOWS\Prefetch\JUSCHED.EXE-2ABC3D1B.pf - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\RXMON.EXE-06BF68E3.pf - deleted
C:\WINDOWS\Prefetch\SMC.EXE-2CDB6670.pf - deleted
C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted
'Run MRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.1 recovered 1.9 MB of disk space from 591 files.
CleanUp! finished on 04/18/06 22:32:02.
________________________________________________________________
Ewido:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:07:31 PM, 4/18/2006
+ Report-Checksum: 99FC284

+ Scan result:

D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@a-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@a-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@com[1].txt -> TrackingCookie.Com : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@-1shz2prbmdj6wvny-1sez2pra2dj6...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@-1shz2prbmdj6wvny-1sez2pra2dj6...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@a-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@a-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@a-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@com[1].txt -> TrackingCookie.Com : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@com[3].txt -> TrackingCookie.Com : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Local Settings\Temp\Cookies\jenifer myers@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Local Settings\Temp\Cookies\jenifer myers@prizeamerica.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup


::Report End

_________________________________________________________________
HIJACKTHIS RUN WHEN SYSTEM SEEMED "OK" - LET ME KNOW IF YOU WANT ONE AFTER REBOOT (WHEN THE SYSTEM SEEMS TO BE COMPROMISED)

Logfile of HijackThis v1.99.1
Scan saved at 11:12:53 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\NTPTIME.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jenifer\My Documents\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://mirror.worldwinner.com/games/...m/skillgam.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v47...t/brickout.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v45/pool/pool.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49...k/bjattack.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121359716830
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {90B7E2B3-2E56-4571-9E54-823E33C4B4B4} (TracMan Control) - http://www.worldwinner.com/games/v46...an/tracman.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) - http://www.worldwinner.com/games/v48/chess/chess.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {E2739AFF-FA40-4527-9A19-DE81795C2C03} (MSN Money Ticker) - http://moneycentral.msn.com/cabs/ticker.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v45...s/wwspades.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51...ol/h2hpool.cab
O18 - Protocol: bw+0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NTPTime - Unknown owner - C:\WINDOWS\SYSTEM32\NTPTIME.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
jrobin is offline