Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer Losing Functions

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer Losing Functions

Unread postby JSH » August 14th, 2006, 1:56 am

I'm using a Dell E510 running XP Pro, purchased a few months ago. It seems to be "deteriorating" . First, a drive letter access window access problem window appeared frequently when starting the computer, saying "Drive Letter Access Component has encountered a problem and needs to close....."

Later, the computer would not completely shut down from time to time. getting to Windows is saving ..... or possibly the next screen where Windows is shutting down. and stopping. I don't recall which. Yesterday, it seemed to be working fine, and then I couldn't shut down or complete the startup process. During startup it would get to the screen where the bios version is listed and freeze. After many trys, I was able to get it running, and use the control Panel Power Options to hibernate the computer. Turning off power during hibernation is no problem. I tried a bootable CD, and it didn't work. The drive light illuminated, but the CD wasn't read.

I backed everything up to an external USB hard drive with no problems, plus copying data to a number of CD/RW's. I needed another CD/RW, and formatted a new one. When I returned, the drive was not functional. The computer didn't see it, and the button didn't work. I needed to use a paper clip to open the drawer to remove the CD (which was formatted). Windows Explorer no longer displays the drive letter.

I tried to use Norton Ghost to return to an earlier image, but was told I could not do so while windows was running. I have an earlier version of Ghost installed on another computer, and was able to start it while Windows was running.

I scanned the hard drive using McAfee, and no viruses were found.

I also used Webroot Spy Sweeper and PC Tools Spyware Doctor to look for malware, but nothing serious was found.

I don't use this computer for emails.

Any suggestions? Jim
JSH
Active Member
 
Posts: 11
Joined: August 14th, 2006, 12:15 am
Location: Los Angeles area
Advertisement
Register to Remove

HyjackThis Not listed

Unread postby JSH » August 14th, 2006, 11:40 am

Not sure why, but the log was not included in my first post.

Logfile of HijackThis v1.99.1
Scan saved at 9:00:33 PM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\E510 Downloads\Spyware\Hijack This\hijackthis_sfx.exe
C:\E510 Downloads\Spyware\Hijack This\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mcafee.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [MPSExe] "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" /embedding
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Dialog Tracker.lnk = C:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6460426421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1440821546
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/3,0,0,0/mvt.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
JSH
Active Member
 
Posts: 11
Joined: August 14th, 2006, 12:15 am
Location: Los Angeles area

Unread postby Bob4 » August 16th, 2006, 6:42 pm

_________________________________
Welcome to the Malware removal forums. I will be more than happy to help you work on your problems.
The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!
Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!


I see no signs of Malware in your log. You also seem to be fairly well protected.


____________________________
Your Java is out of date it is a a security risk. Lets update it. Click here to update
You will have to accept terms then download Java Runtime Environment (JRE) 5.0 Update 8



. Allow it access to the net if any of your software asks about it.

When your finished go to start/control panel/add remove programs and uninstall the older version.
The newest version is J2SE runtime environment 5.0 update 8. Leave that one and uninstall any other update version..

Although I don't think your issue is Malware related lets run a few scans to be certain.



Ewido

Download Ewido 4.0
Install ewido
You will need to update ewido to the latest definition files.
On the top of the main screen click update
Click on Start
The update will start and a progress bar will show the updates being installed. After the updates are installed,
exit ewido.

If you have trouble updating go to
http://www.ewido.net/en/download/updates/
and download the full signature data base.
Close ewido and click on the file you just downloaded from them
Do Not Use It Yet.

________________________________________
Safe mode:
Please reboot to safe mode:
After the very first black screen start tapping the
F8 key until prompted with a list choose safe
mode.
Heres how



_________________________________________
Ewido Part 2
Ewido
Close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
Click on scanner
Click on Settings
Under How to act
Choose quarantine

Under Reports check automatically create report after every scan.
Now back to the scan tab and Click on Complete system scan

Let the program scan the machine .
When finished click apply all actions.

Post the report in your next reply.
Exit ewido.






________________________
Panda
Run Panda's Active Scan from here and perform a full system scan.
- Once you are on the Panda site click the "Scan your PC" button
- A new window will open...click the big "Check Now" button
- Enter your Country
- Enter your State/Province
- Enter your Valid Email
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Click on "Local Disks" to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
- Post Panda scan results in your next reply



In your next reply I would like to see:

  • A new HJT log
  • The report from Panda
  • The report from ewido
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: computer Losing Functions

Unread postby JSH » August 17th, 2006, 10:34 pm

Bob4 Thanks for your help.
I ran windowsupdate.microsoft.com and there were plenty of critical updates. I thought I was being updated automatically, but ........ I'm updated now.

Java
Java Runtime Environment is updated to 5.0 Update 8

Ewido
I ran ewido, and found 29 medium risk objects, which I quarantined. It certainly picked up some that Webroot SpySweeper overlooked - and I considered Webroot to be better than other applications I tried.

Ewido report follows:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:50:32 AM 8/17/2006

+ Scan result:

:mozilla.10:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.338:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.290:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.291:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.326:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.327:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.328:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.298:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.294:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.295:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.272:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.202:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.220:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@e-2dj6wfloapdjifq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@e-2dj6wfmykidpedp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@e-2dj6wgkyqnd5kho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@e-2dj6wgmyokdjehp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@e-2dj6wjk4andpwhp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@e-2dj6wjk4gpajolp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@e-2dj6wjk4khdzghq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@e-2dj6wjk4skc5cco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@e-2dj6wjk4woazkbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@e-2dj6wjkywiazgep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@e-2dj6wjny-1mczmk.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@e-2dj6wjny-1pc5gg.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@e-2dj6wjnyckcjscp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@e-2dj6wjnyolcjmep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.218:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.265:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@ehg-channelwave.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@ehg-linksys.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@ehg-oreilly.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@ehg-seagate.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@ehg-ubid.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.373:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.374:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.375:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.376:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.269:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.343:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.344:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.364:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.365:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim Hill\Cookies\jim hill@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.363:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.381:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.382:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.383:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.233:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.234:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.235:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.285:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.X10 : Cleaned with backup (quarantined).
:mozilla.222:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.X10 : Cleaned with backup (quarantined).
:mozilla.223:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.X10 : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.X10 : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Jim Hill\Application Data\Netscape\NSB\Profiles\fsecwa0x.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).

Panda
Panda found one spyware incident, but no viruses, etc. I couldn't disinfect, but maybe I could just delete this cookie using ExplorerPlus, an upgraded Windows Explorer. Do you agree? Report follows:

Incident: Spyware:Cookie/Target
Status: Not disinfected
Location: C:\Documents and Settings\Jim Hill\Cookies\jim hill@target[1].txt

New HJT Log after Ewido and Panda used:

Logfile of HijackThis v1.99.1
Scan saved at 5:44:14 PM, on 8/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\RUNONCE.EXE
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\Documents and Settings\Jim Hill\My Documents\Malware Removal - Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mcafee.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [MPSExe] "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" /embedding
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Dialog Tracker.lnk = C:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6460426421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1440821546
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/3,0,0,0/mvt.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
JSH
Active Member
 
Posts: 11
Joined: August 14th, 2006, 12:15 am
Location: Los Angeles area

Unread postby Bob4 » August 18th, 2006, 7:22 am

Your log is looking clean. We will check a few more things to be sure it isn't Malware realted.

______________________________
Download and install CCleaner from here.
NOTE: Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option .

If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.


Now open the program and click on Run Cleaner
( Do not use the Issues block to clean anything with this program. It is for experts only and it is risky).

You may opt out of cleaning cookies. If you clean them alls you will have to do is retype names and passwords for places you visit on the net 1 time.
I clean all my cookies out from time to time. It's not that big a deal if you remember passwords.
If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla



Please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then start to download the latest definition files.

Once the scanner is installed and the definitions downloaded, click Next.

Now click on Scan Settings
In the scan settings make sure that the following are selected:
Scan using the following Anti-Virus database:

Extended (If available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan select My Computer

The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information in your next post.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby JSH » August 20th, 2006, 10:14 am

Ran CCleaner as you described.

Ran Kapersky, using the Scam My Computer option, with spyware and antivirus programs disabled. (Also accidentally ran them with these programs enabled and have results, but won't send them unless asked.

One virus was listed, Email-worm.Krak.worm, which I don't think is causing my problems. I use Eudora as my email program, and have backed up emails on this computer. Eudora is not installed on this computer. Kaspersky says in http://www.viruslist.com/en/viruses/enc ... usid=26268 :

This worm is written in the Java Script language, which, for spreading, uses MS Outlook Express. The worm does not attach itself to messages as regular worm viruses do, but embeds its body in a message as a script program.

The worm is fully compatible with MS Outlook Express only. In MS Outlook, the worm is activated and infects the system, but it is not able to spread itself further, because it targets MS Outlook Express only to spread its copies. On other e-mail systems, the worm's functionality depends on that system's features.

I have never started or used MS Outlook or Outlook Express.

Kapersky scanner results follow:

KASPERSKY ONLINE SCANNER REPORT
Saturday, August 19, 2006 8:02:36 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/08/2006
Kaspersky Anti-Virus database records: 216230

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics
Total number of scanned objects 122931
Number of viruses found 1
Number of infected objects 10 / 0
Number of suspicious objects 0
Duration of the scan process 05:30:32

Infected Object Name Virus Name Last Action
C:\Backup 5-15-06\Backup Eudora\7-11-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX/[From "James M. Walker" ][Date Tue, 19 Jun 2001 11:45:15 -0400]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped

C:\Backup 5-15-06\Backup Eudora\7-11-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX Mail Berkeley mbox: infected - 1 skipped

C:\Backup 5-15-06\Backup Eudora\7-17-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX/[From "James M. Walker" ][Date Tue, 19 Jun 2001 11:45:15 -0400]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped

C:\Backup 5-15-06\Backup Eudora\7-17-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX Mail Berkeley mbox: infected - 1 skipped

C:\Backup 5-15-06\Backup Eudora\7-24-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX/[From "James M. Walker" ][Date Tue, 19 Jun 2001 11:45:15 -0400]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped

C:\Backup 5-15-06\Backup Eudora\7-24-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX Mail Berkeley mbox: infected - 1 skipped

C:\Backup 5-15-06\Backup Eudora\8-13-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX/[From "James M. Walker" ][Date Tue, 19 Jun 2001 11:45:15 -0400]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped

C:\Backup 5-15-06\Backup Eudora\8-13-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX Mail Berkeley mbox: infected - 1 skipped

C:\Backup 5-15-06\Backup Eudora\8-6-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX/[From "James M. Walker" ][Date Tue, 19 Jun 2001 11:45:15 -0400]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped

C:\Backup 5-15-06\Backup Eudora\8-6-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX Mail Berkeley mbox: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Logs\Filtering.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd001.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\Jim Hill\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped

C:\Documents and Settings\Jim Hill\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Jim Hill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Jim Hill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Jim Hill\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jim Hill\Local Settings\History\History.IE5\MSHist012006081820060819\index.dat Object is locked skipped

C:\Documents and Settings\Jim Hill\Local Settings\Temp\Perflib_Perfdata_1f4.dat Object is locked skipped

C:\Documents and Settings\Jim Hill\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jim Hill\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Jim Hill\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Jim Hill\UserData\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0672AEBB-9FC8-450F-AB81-AFE0F29F0857.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS11EF00E7-B68E-43FD-9C1E-1B759B9ECA8D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS121233BA-3A88-4DEC-9322-2214E1FBEC31.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS125FA16B-E053-4F0C-9626-E3533D97E4C9.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS13966734-DBD2-46C4-A3B9-F58ED78E191F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS187A90CF-2188-4FA3-9931-707EF6F8C6B8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1A492F0B-B619-412D-9640-65518FDE6C10.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS250ADC23-F91A-4256-A6C8-F76079E3F66E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS25296FB1-D6B5-4607-9F71-2291946B795E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS38DC2F2F-4ADF-4C94-85BA-B6985FD5FA5E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3E1A68C5-89AE-4E23-9F79-02154186D0A2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS43606A89-7D78-46D1-86DE-2361FB954CDA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS44F9E5E5-C6C1-4F9E-86E9-78900831D46E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS48414D48-C653-42D8-BF8D-04ECA62DDAC4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4A4DD9F8-E0B2-4284-9EA1-6B7555FE1B37.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4E81CB86-7AD6-433D-9DE4-81532E57D1CC.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4F53FD77-3A54-4F19-8049-7E78268FE672.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5ACAC9A6-7CA9-447D-A3C7-A1915E6EF5E3.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5F9BFD55-3B1F-467E-98AF-67514B3822FC.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS627AE24A-BCA9-47DA-8D61-202CA2C502CB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS639B5849-1E8B-4B40-8836-6865A5E1A727.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS645EC8BA-8515-4E07-B53A-F86729EA2942.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6476E798-CD1A-4C45-BC55-9806158DED90.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS64B1DF54-1C79-46F5-AD6F-4E34F4701457.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS663F085E-5529-44D1-9349-4A596137D9DA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS666D2584-7DCE-4ADE-9887-3BA073D63DB7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS697D6E5C-8ABD-4607-9364-4548B20656A4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6CB99365-5873-463D-8C50-189FED42D885.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS71554E9A-874A-46CB-A2CA-BFC591F87B37.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS74E41AAE-8140-42B6-88BD-00552BC0927A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7581516C-8D78-4812-A29D-B0714C067CA6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS78C0F55B-CF14-4304-A1A5-52E48358489C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7A575322-C692-45D5-B0DE-1D4C58139606.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7B77C410-11FB-48E3-8B0E-6B74AA34B951.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7DE64BA7-7C9B-48B7-A3A8-76D6DD06424A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7E5A7E74-04D5-4144-9983-1B92E86C164A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8D69A7ED-AAE8-4812-B1E9-DE4B4065BCDC.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS95DEFE8F-3791-4A4B-BFEF-57374AAEE5BD.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS977FCF7F-E94F-4E3D-AE1C-1B68F61AD0C2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9AB15B88-42BF-4444-908C-7EEF97E14A8B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9CC29776-1EB5-4D58-A43D-C60DC292AA41.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA65F74A3-FDFF-4FB0-A5F8-E81F56239C06.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAF6FE870-88E3-44F1-BDD7-8D287126FF85.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAF9E47F4-5F10-47B6-A8F9-38197880BED3.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFF8BA0A-AF54-4C8E-BF32-22981213D825.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB583E0B2-8389-4743-A64F-A5427FD4CDB5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB705F2F2-B4B8-43D0-B0F2-4C09A8C97411.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBA7FE4DD-1654-4C0A-988F-3D65D0958A29.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC6606A8-4428-4911-821E-FF817F0EB87A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBFE1AA38-ED4F-42DC-9128-CEA958987234.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC8C94C76-556E-4C9A-88E3-C64B0EE28DB1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCB8CB695-7F15-4FD9-B1EC-7600F1D51CBF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC656A20-3044-4F18-B697-463A29602B66.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCEF6CC3B-DCCA-46B1-851D-CE7E06A6A8D0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD2068174-0FE3-4C65-AAAC-6A382FD68677.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD534A518-8BDE-4861-86C1-5433FD1FDE14.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDB1329A7-E867-4B37-BFCC-4E8C0FD375B5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDD14D7CE-5C72-4F10-8624-522DDA0552B5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE44215A8-C4D3-4D9D-8A76-EB00423596F6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE4BC1B80-BBD1-490B-975C-A982C2B0D4CD.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE7A33F51-CA27-4752-802B-90786D6847D5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSED74125B-B49F-467A-B96D-78DAD59E53A1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF1E7F413-A70A-485E-A582-361F2BAB2260.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF3D885BB-C076-477F-9DC4-BF1EE3DBE861.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF6F0EB28-A046-4892-BE70-8814B282AAC6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF870F7D2-9E64-4ADE-BA4B-0CBC26924939.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF8C49B61-87F7-4432-9228-B422E834E7C2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFFB7CE70-9909-4A5D-BDBA-688462125850.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFFD63A60-7506-4D35-8007-4DA7966C6B6D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP109\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{C0ACB70F-B06C-4EA6-B154-A6AFEF79C814}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped

C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_d68.dat Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20061102}.CDF Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
JSH
Active Member
 
Posts: 11
Joined: August 14th, 2006, 12:15 am
Location: Los Angeles area

Unread postby Bob4 » August 20th, 2006, 12:26 pm

Two more scans to be sure.

Download and run . Blacklight


Note that you must have local administrative privileges to run the program.

Click Scan. BlackLight will use Windows Explorer (the desktop process) to scan for hidden items. Your anti-virus software or personal firewall might display a warning that says Blacklight (blbeta.exe) is trying to manipulate the Windows Explorer process (explorer.exe). If you want to continue the scan, you should allow BlackLight to do this.

When it finishes, click Next.

BlackLight beta would create a log file "fsbl-<date-and-time>.log". By default, the log file is in the same directory as the executable. Please post the log.



___________________
Please download WinPFind2.

  • Extract the files to a folder(eg: C:\WinPFind2).
  • Double click WinPFind2.exe to start the program.
  • Click the Select All button in the File Options box of the Configuration tab(this is the tab the program opens up to by default).
  • Click the Run all Scans button.
  • When its finished scanning you will see Scans Complete! at the bottom left of the program.
  • Click the Export to Text button.
  • Notepad will open with the results of the scan and the log will be saved to the folder that you extracted the program to(C:\WinPFind2\WinPFind2.txt)
  • Post the log in your next reply please. You may need to split the log over a couple posts so that it doesn't get cut off. If so please use the [Start Post #1] and [Start Post #2] deliminators in the log to split the log up.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby JSH » August 21st, 2006, 2:31 am

Ran Blacklight. No hidden items were found and there was no report provided.

I couldn't run WinPFind2. When I clicked on WinPFind2.exe, a small screen listing I/O Error 103

A WinPFind tab was seen in the bottom area to the left of the system tray, so I opened it and attempted to run it. A small screen said:

Access Violation at hex (long hex number displayed) and that was it!

I tried downloading it again, restarting the computer, and attempting to run it again. Still no success
JSH
Active Member
 
Posts: 11
Joined: August 14th, 2006, 12:15 am
Location: Los Angeles area

Unread postby Bob4 » August 21st, 2006, 6:00 pm

Try unzipping the WP2find to it's own folder. Running it from the zipped file doesn't work.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby JSH » August 22nd, 2006, 3:19 am

I tried WPFind2 again - unsuccessfully. I still have the I/O error problem. I downloaded it, saved it to a file, double clicked the zip icon, looked for the proper .exe file (winpfind2.exe), and double clicked it.

I did the same thing on an older Dell computer running XP with the same results.

You would think it came from Microsoft, with all the security precautions. I tried to move the zip file to the other computer via the LAN, but could not do so. I tried to copy the zip file to another folder on this computer, with no luck. I also tried to copy the unzipped files to another folder but was prevented from doing so.

Why don't you start a scan on your computer and see if it works for you?
Jim
JSH
Active Member
 
Posts: 11
Joined: August 14th, 2006, 12:15 am
Location: Los Angeles area

Unread postby Bob4 » August 22nd, 2006, 6:58 am

Scan runs fine here.

Forgive me if I misunderstood you.

Have you extracted the files per directions ? Or are you running it from the zip archive ?

Right click the zip Icon choose extract to desktop. Then open the WPfind folder and run from there.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby JSH » August 24th, 2006, 12:27 pm

The expanded WinPFind2 logfile is listed below. I discovered you must use Windows Explorer to open and extract the application. I was using ExplorerPlus, a much enhanced aftermarket version of WinExplorer. I uninstalled ExplorerPlus and everything worked ok.

It looks like the entire logfile is copied, as I see the last few lines.

-------------------------------------------------------------------------------

Logfile created on: 08/24/2006 09:13
WinPFind2 by OldTimer - Version 1.0.7 Folder = C:\Documents and Settings\Jim Hill\My Documents\Malware Removal - Hijack This\WinPFind2-WinExplorer\WinPFind2\
Microsoft Windows XP (Version = Service Pack 2)
Internet Explorer (Version - 6.0.2900.2180)


[Start Post #1]

Processes
Image Name---------------ProcessID--Thread Count--Parent ID--Base Priority--
#Full Path
##(Version Info)

aolacsd.exe--------------002460-----0009----------000920-----Normal---------
#c:\progra~1\common~1\aol\acs\aolacsd.exe
##(America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Date = 04/07/2004 10:07 | Attr = ])

ati2evxx.exe-------------001140-----0004----------000920-----Normal---------
#c:\windows\system32\ati2evxx.exe
##(ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Date = 08/04/2005 02:02 | Attr = ])

ccapp.exe----------------000536-----0005----------000256-----Normal---------
#c:\program files\common files\symantec shared\ccapp.exe
##(Symantec Corporation [Ver = 103.0.7.2 | Size = 59040 bytes | Date = 04/13/2006 13:20 | Attr = ])

ccevtmgr.exe-------------001688-----0018----------000920-----Normal---------
#c:\program files\common files\symantec shared\ccevtmgr.exe
##(Symantec Corporation [Ver = 103.0.7.2 | Size = 198304 bytes | Date = 04/13/2006 13:20 | Attr = ])

ccsetmgr.exe-------------001704-----0008----------000920-----Normal---------
#c:\program files\common files\symantec shared\ccsetmgr.exe
##(Symantec Corporation [Ver = 103.0.7.2 | Size = 181920 bytes | Date = 04/13/2006 13:21 | Attr = ])

cdac11ba.exe-------------002492-----0004----------000920-----Normal---------
#c:\windows\system32\drivers\cdac11ba.exe
##(C-Dilla Ltd [Ver = 4.11.040 | Size = 39936 bytes | Date = 05/18/2006 15:06 | Attr = ])

ctdvddet.exe-------------000504-----0001----------000256-----Normal---------
#c:\program files\creative\sbaudigy2zs\dvdaudio\ctdvddet.exe
##(Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Date = 06/17/2003 23:00 | Attr = ])

cthelper.exe-------------000516-----0005----------000256-----Normal---------
#c:\windows\system32\cthelper.exe
##(Creative Technology Ltd [Ver = 1, 0, 1, 4 | Size = 28672 bytes | Date = 03/11/2004 13:50 | Attr = ])

ctsvccda.exe-------------002516-----0002----------000920-----Normal---------
#c:\windows\system32\ctsvccda.exe
##(Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Date = 12/13/1999 13:01 | Attr = ])

ctsysvol.exe-------------000492-----0002----------000256-----Normal---------
#c:\program files\creative\sbaudigy2zs\surround mixer\ctsysvol.exe
##(Creative Technology Ltd [Ver = 1.4.1.0 | Size = 57344 bytes | Date = 09/17/2003 08:43 | Attr = ])

dlactrlw.exe-------------000592-----0003----------000256-----Normal---------
#c:\windows\system32\dla\dlactrlw.exe
##(Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Date = 09/08/2005 03:20 | Attr = ])

dmxlauncher.exe----------000496-----0002----------000256-----Normal---------
#c:\program files\dell\media experience\dmxlauncher.exe
##( [Ver = | Size = 94208 bytes | Date = 11/01/2005 01:12 | Attr = ])

drgtodsc.exe-------------001468-----0003----------000256-----Normal---------
#c:\program files\roxio\easy media creator 7\drag to disc\drgtodsc.exe
##(Roxio [Ver = 7.1.0.128 | Size = 1691648 bytes | Date = 07/27/2004 20:37 | Attr = ])

dsagnt.exe---------------001952-----0003----------000256--------------------
#c:\program files\dell support\dsagnt.exe
##(Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Date = 05/15/2005 00:04 | Attr = ])

ewido.exe----------------001764-----0016----------000256-----Normal---------
#c:\program files\ewido anti-spyware 4.0\ewido.exe
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 6283264 bytes | Date = 06/16/2006 07:39 | Attr = ])

gearsec.exe--------------002608-----0002----------000920-----Normal---------
#c:\windows\system32\gearsec.exe
##(GEAR Software [Ver = 1, 0, 0, 6 | Size = 53248 bytes | Date = 08/16/2005 18:05 | Attr = ])

ghosttray.exe------------000568-----0013----------000256-----Normal---------
#c:\program files\norton ghost\agent\ghosttray.exe
##(Symantec Corporation [Ver = 10.0.0.8400 | Size = 1537648 bytes | Date = 09/09/2005 19:09 | Attr = ])

guard.exe----------------002584-----0008----------000920-----Normal---------
#c:\program files\ewido anti-spyware 4.0\guard.exe
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Date = 06/16/2006 07:38 | Attr = ])

iaanotif.exe-------------000364-----0002----------000256-----Normal---------
#c:\program files\intel\intel matrix storage manager\iaanotif.exe
##(Intel Corporation [Ver = 5.1.0.1022 | Size = 139264 bytes | Date = 06/17/2005 05:56 | Attr = ])

iaantmon.exe-------------002632-----0003----------000920-----Normal---------
#c:\program files\intel\intel matrix storage manager\iaantmon.exe
##(Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Date = 06/17/2005 05:55 | Attr = ])

issch.exe----------------000584-----0001----------000256-----Normal---------
#c:\program files\common files\installshield\updateservice\issch.exe
##(InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Date = 06/10/2005 08:44 | Attr = ])

jusched.exe--------------001676-----0001----------000256-----Normal---------
#c:\program files\java\jre1.5.0_08\bin\jusched.exe
##(Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 49263 bytes | Date = 07/26/2006 03:03 | Attr = ])

mcagent.exe--------------000808-----0002----------000256-----Normal---------
#c:\progra~1\mcafee.com\agent\mcagent.exe
##(McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Date = 09/22/2005 18:29 | Attr = ])

mcdetect.exe-------------002708-----0005----------000920-----Normal---------
#c:\program files\mcafee.com\agent\mcdetect.exe
##(McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Date = 10/13/2005 19:56 | Attr = ])

mcshield.exe-------------002736-----0018----------000920-----High-----------
#c:\progra~1\mcafee.com\vso\mcshield.exe
##(McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Date = 08/10/2005 09:22 | Attr = ])

mctskshd.exe-------------002776-----0002----------000920-----Normal---------
#c:\progra~1\mcafee.com\agent\mctskshd.exe
##(McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Date = 08/24/2005 14:01 | Attr = ])

mcvsescn.exe-------------001348-----0002----------001316-----Normal---------
#c:\progra~1\mcafee.com\vso\mcvsescn.exe
##(McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 483328 bytes | Date = 07/08/2005 16:16 | Attr = ])

mcvsshld.exe-------------001316-----0002----------000256-----Normal---------
#c:\program files\mcafee.com\vso\mcvsshld.exe
##(McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Date = 08/10/2005 10:49 | Attr = ])

mm_tray.exe--------------001408-----0001----------000256-----Normal---------
#c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
##(Musicmatch, Inc. [Ver = 10.10.0097 | Size = 110592 bytes | Date = 09/08/2005 17:20 | Attr = ])

mpfagent.exe-------------000160-----0003----------001156-----Normal---------
#c:\progra~1\mcafee.com\person~1\mpfagent.exe
##(McAfee Security [Ver = 7.1.0.113 | Size = 524288 bytes | Date = 11/11/2005 16:42 | Attr = ])

mpfservice.exe-----------003192-----0009----------000920-----Normal---------
#c:\progra~1\mcafee.com\person~1\mpfservice.exe
##(McAfee Corporation [Ver = 7.1.0.113 | Size = 548864 bytes | Date = 11/11/2005 16:43 | Attr = ])

mpftray.exe--------------001404-----0010----------000256-----Normal---------
#c:\progra~1\mcafee.com\person~1\mpftray.exe
##(McAfee Security [Ver = 7.1.0.113 | Size = 1005096 bytes | Date = 11/11/2005 17:00 | Attr = ])

mscifapp.exe-------------001528-----0005----------000256-----Normal---------
#c:\progra~1\mcafee.com\mps\mscifapp.exe
##(McAfee, Inc. [Ver = 8.1.0.136 | Size = 296488 bytes | Date = 03/30/2006 14:31 | Attr = ])

mskagent.exe-------------000628-----0002----------000256-----Normal---------
#c:\progra~1\mcafee\spamki~1\mskagent.exe
##(McAfee Inc. [Ver = 7.0.2.0 | Size = 110592 bytes | Date = 09/26/2005 10:26 | Attr = ])

msksrvr.exe--------------003240-----0016----------000920-----Normal---------
#c:\progra~1\mcafee\spamki~1\msksrvr.exe
##(McAfee Inc. [Ver = 7.0.1.3 | Size = 963072 bytes | Date = 07/12/2005 16:10 | Attr = ])

oasclnt.exe--------------001004-----0002----------000256-----Normal---------
#c:\program files\mcafee.com\vso\oasclnt.exe
##(McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Date = 08/11/2005 20:02 | Attr = ])

sdhelp.exe---------------003492-----0006----------000920-----Normal---------
#c:\program files\spyware doctor\sdhelp.exe
##(PC Tools Research Pty Ltd [Ver = 3.6.0.2025 | Size = 895160 bytes | Date = 07/14/2006 08:45 | Attr = ])

sm1bg.exe----------------001500-----0001----------000256-----Normal---------
#c:\windows\sm1bg.exe
##(Cypress Semiconductor [Ver = 6.01.1000.0 | Size = 94208 bytes | Date = 08/27/2003 14:20 | Attr = R ])

spysweeper.exe-----------004048-----0034----------000920-----Normal---------
#c:\program files\webroot\spy sweeper\spysweeper.exe
##(Webroot Software, Inc. [Ver = 3,0,7,1608 | Size = 3068928 bytes | Date = 08/03/2006 20:01 | Attr = ])

spysweeperui.exe---------001544-----0008----------000256-----Normal---------
#c:\program files\webroot\spy sweeper\spysweeperui.exe
##(Webroot Software, Inc. [Ver = 5,0,7,1608 | Size = 3871744 bytes | Date = 08/03/2006 20:02 | Attr = ])

swdoctor.exe-------------002020-----0028----------000256-----Normal---------
#c:\program files\spyware doctor\swdoctor.exe
##(PC Tools Research Pty Ltd [Ver = 4.0.0.2603 | Size = 2083040 bytes | Date = 08/08/2006 09:10 | Attr = ])

symlcsvc.exe-------------003628-----0005----------000920-----Normal---------
#c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
##(Symantec Corporation [Ver = 1, 8, 54, 534 | Size = 822424 bytes | Date = 04/26/2006 01:16 | Attr = ])

vprosvc.exe--------------003372-----0013----------000920-----Normal---------
#c:\program files\norton ghost\agent\vprosvc.exe
##(Symantec Corporation [Ver = 10.0.0.8400 | Size = 2066024 bytes | Date = 09/09/2005 19:09 | Attr = ])

winpfind2.exe------------003384-----0001----------000256-----Normal---------
#c:\documents and settings\jim hill\my documents\malware removal - hijack this\winpfind2-winexplorer\winpfind2\winpfind2.exe
##(OldTimer Tools [Ver = 1.0.7.0 | Size = 386048 bytes | Date = 08/21/2006 20:39 | Attr = ])


Registry Entries

#Value
##(Version Info)

<<< >> Internet Explorer Settings << >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Page
#http://www.dell.com
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Search
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#%SystemRoot%\system32\blank.htm
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#http://us.mcafee.com/
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#C:\WINDOWS\system32\blank.htm
##

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable
#0
##

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride
#
##

<<< >> BHO's << >>>

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}
#McBrwHelper Class = c:\program files\mcafee.com\mps\mcbrhlpr.dll
##(McAfee, Inc. [Ver = 8.1.0.120 | Size = 147456 bytes | Date = 10/28/2005 10:30 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EC8255F-E043-4cae-8B3B-B191550C2A22}
#McAfee Privacy Service Popup Blocker = c:\program files\mcafee.com\mps\popupkiller.dll
##(McAfee, Inc. [Ver = 8.1.0.120 | Size = 132648 bytes | Date = 10/28/2005 10:30 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}
#McAfee AntiPhishing Filter = c:\program files\mcafee\spamkiller\mcapfbho.dll
##(McAfee, Inc. [Ver = 7.0.2.3 | Size = 348160 bytes | Date = 11/03/2005 14:10 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
#PCTools Site Guard = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
##(PC Tools [Ver = 3.6.0.2071 | Size = 825528 bytes | Date = 08/01/2006 14:27 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
#DriveLetterAccess = C:\WINDOWS\System32\DLA\DLASHX_W.DLL
##(Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Date = 09/08/2005 03:20 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}
#PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
##(PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Date = 08/01/2006 14:23 | Attr = ])

<<< >> Internet Explorer Bars, Toolbars and Extensions << >>>

<<< HKLM-> Internet Explorer Bars >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
#&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1497088 bytes | Date = 06/23/2006 04:25 | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
#Real.com = C:\WINDOWS\system32\Shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1497088 bytes | Date = 06/23/2006 04:25 | Attr = ])

<<< HKLM-> Internet Explorer ToolBars >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{BA52B914-B692-46c4-B683-905236F6F655}
#McAfee VirusScan = c:\progra~1\mcafee.com\vso\mcvsshl.dll
##(McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 07/01/2005 18:44 | Attr = ])

<<< HKCU-> Internet Explorer ToolBars >>>

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
#&Address = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1022976 bytes | Date = 06/23/2006 04:25 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
#&Address = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1022976 bytes | Date = 06/23/2006 04:25 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
#&Links = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 06:33 | Attr = ])

<<< HKCU-> Internet Explorer CmdMapping >>>

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#8192 - Sun Java Console
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
#8197 -
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}
#8195 - McAfee AntiPhishing Filter
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
#8196 -
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
#8193 -
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683}
#8194 - Windows Messenger
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\NextId
#8198
##

<<< HKLM-> Internet Explorer Extensions >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#MenuText: Sun Java Console = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#MenuText: Sun Java Console = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
#ButtonText: Spyware Doctor =
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}
#MenuText: McAfee AntiPhishing Filter = c:\program files\mcafee\spamkiller\mcapfbho.dll
##(McAfee, Inc. [Ver = 7.0.2.3 | Size = 348160 bytes | Date = 11/03/2005 14:10 | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}
#MenuText: McAfee AntiPhishing Filter = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
#ButtonText: Research =
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
#ButtonText: Real.com =
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
#ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe
##(Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Date = 10/13/2004 09:24 | Attr = ])

<<< HKCU-> Internet Explorer Menu Extensions >>>

HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
#res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
##(Microsoft Corporation [Ver = 11.0.8033 | Size = 10196752 bytes | Date = 06/23/2006 12:38 | Attr = ])

<<< >> Approved Shell Extensions (Non-Microsoft only) << >>>

<<< HKLM-> Approved Shell Extensions >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}
#Autoplay for SlideShow = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0873D142-79EF-49fa-81B5-211AAC0B0A7F}
#Target Finder Shell Extension = C:\Program Files\Roxio\Easy Media Creator 7\Creator Classic\TargetFinder.dll
##( [Ver = 1, 0, 0, 1 | Size = 172032 bytes | Date = 07/27/2004 20:24 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
#Taskbar and Start Menu = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2DF394BA-1955-4A52-900E-303836135F67}
#Directory Opus Info Tip Handler = C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
##(GP Software [Ver = 2, 0, 59, 0 | Size = 489400 bytes | Date = 06/20/2006 13:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{34F4B935-17DC-4885-8BC9-CCD1ADF42F93}
#Record ISO Image to CD = C:\Program Files\Alex Feinman\ISO Recorder\ISORecorder.dll
##(Alex Feinman [Ver = 2.0.2.0 | Size = 344064 bytes | Date = 01/05/2006 00:04 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}
#Directory Opus Shell Execute Hook = C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
##(GP Software [Ver = 2, 0, 59, 0 | Size = 489400 bytes | Date = 06/20/2006 13:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42071714-76d4-11d1-8b24-00a0c9068ff3}
#Display Panning CPL Extension = deskpan.dll
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42BEF283-A10E-472D-B105-9F2B59AFBFC8}
#Directory Opus Find Extension = C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
##(GP Software [Ver = 2, 0, 59, 0 | Size = 489400 bytes | Date = 06/20/2006 13:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5CA3D70E-1895-11CF-8E15-001234567890}
#DriveLetterAccess = C:\WINDOWS\System32\DLA\DLASHX_W.DLL
##(Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Date = 09/08/2005 03:20 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E44E225-A408-11CF-B581-008029601108}
#Roxio DragToDisc Shell Extension = C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
##(Roxio [Ver = 7.1.0.128 | Size = 319488 bytes | Date = 07/27/2004 20:37 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{764BF0E1-F219-11ce-972D-00AA00A14F56}
#Shell extensions for file compression = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A9D77BD-5403-11d2-8785-2E0420524153}
#User Accounts = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7C9D5882-CB4A-4090-96C8-430BFE8B795B}
#Webroot Spy Sweeper Context Menu Integration = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
##(Webroot Software, Inc. [Ver = 5,0,7,1608 | Size = 218112 bytes | Date = 08/03/2006 20:02 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
#Encryption Context Menu = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88895560-9AA2-1069-930E-00AA0030EBC8}
#HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll
##(Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B22A40F0-BD69-11D3-8D28-006097C82E57}
#Beyond Compare Shell Extension = C:\Program Files\Beyond Compare 2\BCShellEx.dll
##(Scooter Software [Ver = 2.4.2.0 | Size = 98816 bytes | Date = 03/03/2006 13:21 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9DD4945-1BED-4CB7-994C-F40B72B7725A}
#Directory Opus Desktop Context Menu = C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
##(GP Software [Ver = 2, 0, 59, 0 | Size = 489400 bytes | Date = 06/20/2006 13:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BBD5F00E-26A6-4FB2-BAE1-31543C0BEA47}
#Directory Opus Icon Handler = C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
##(GP Software [Ver = 2, 0, 59, 0 | Size = 489400 bytes | Date = 06/20/2006 13:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E9FE4040-3C93-11D4-8006-00201860E88A}
#Directory Opus Context Menu = C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
##(GP Software [Ver = 2, 0, 59, 0 | Size = 489400 bytes | Date = 06/20/2006 13:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F85D7E1E-9662-4B38-B1AE-3CF1E9581A3C}
#Directory Opus Drop Target = C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
##(GP Software [Ver = 2, 0, 59, 0 | Size = 489400 bytes | Date = 06/20/2006 13:00 | Attr = ])

<<< >> ContextMenuHandlers (Non-Microsoft only) << >>>

<<< HKLM-> ContextMenuHandlers >>>

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
# = c:\progra~1\mcafee.com\vso\mcvsshl.dll
##(McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 07/01/2005 18:44 | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\BCShellEx
#{B22A40F0-BD69-11D3-8D28-006097C82E57} = C:\Program Files\Beyond Compare 2\BCShellEx.dll
##(Scooter Software [Ver = 2.4.2.0 | Size = 98816 bytes | Date = 03/03/2006 13:21 | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ewido anti-spyware
#{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Date = 06/16/2006 07:38 | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\OpusZip
#{E9FE4040-3C93-11D4-8006-00201860E88A} = C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
##(GP Software [Ver = 2, 0, 59, 0 | Size = 489400 bytes | Date = 06/20/2006 13:00 | Attr = ])

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SpySweeper
#{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
##(Webroot Software, Inc. [Ver = 5,0,7,1608 | Size = 218112 bytes | Date = 08/03/2006 20:02 | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\BCShellEx
#{B22A40F0-BD69-11D3-8D28-006097C82E57} = C:\Program Files\Beyond Compare 2\BCShellEx.dll
##(Scooter Software [Ver = 2.4.2.0 | Size = 98816 bytes | Date = 03/03/2006 13:21 | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
#{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Date = 06/16/2006 07:38 | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\OpusZip
#{E9FE4040-3C93-11D4-8006-00201860E88A} = C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
##(GP Software [Ver = 2, 0, 59, 0 | Size = 489400 bytes | Date = 06/20/2006 13:00 | Attr = ])

HKLM\SOFTWARE\Classes\Directory\BackGround\shellex\ContextMenuHandlers\DOpus
#{B9DD4945-1BED-4CB7-994C-F40B72B7725A} = C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
##(GP Software [Ver = 2, 0, 59, 0 | Size = 489400 bytes | Date = 06/20/2006 13:00 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
# = c:\progra~1\mcafee.com\vso\mcvsshl.dll
##(McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 07/01/2005 18:44 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BCShellEx
#{B22A40F0-BD69-11D3-8D28-006097C82E57} = C:\Program Files\Beyond Compare 2\BCShellEx.dll
##(Scooter Software [Ver = 2.4.2.0 | Size = 98816 bytes | Date = 03/03/2006 13:21 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Create ISO Image from directory
#{34F4B935-17DC-4885-8BC9-CCD1ADF42F93} = C:\Program Files\Alex Feinman\ISO Recorder\ISORecorder.dll
##(Alex Feinman [Ver = 2.0.2.0 | Size = 344064 bytes | Date = 01/05/2006 00:04 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
#{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
##(Webroot Software, Inc. [Ver = 5,0,7,1608 | Size = 218112 bytes | Date = 08/03/2006 20:02 | Attr = ])

<<< >> ColumnHandlers (Non-Microsoft only) << >>>

<<< HKLM-> ColumnHandlers >>>

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
#PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
##(Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Date = 12/14/2004 02:20 | Attr = ])

<<< >> Registry Run Keys << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\
#
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\!ewido
#"C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 6283264 bytes | Date = 06/16/2006 07:39 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ATIPTA
#"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
##(ATI Technologies, Inc. [Ver = 6.14.10.5160 | Size = 344064 bytes | Date = 08/05/2005 19:05 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ccApp
#"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
##(Symantec Corporation [Ver = 103.0.7.2 | Size = 59040 bytes | Date = 04/13/2006 13:20 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CTDVDDET
#"C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
##(Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Date = 06/17/2003 23:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CTHelper
#CTHELPER.EXE
##(Creative Technology Ltd [Ver = 1, 0, 1, 4 | Size = 28672 bytes | Date = 03/11/2004 13:50 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CTSysVol
#"C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
##(Creative Technology Ltd [Ver = 1.4.1.0 | Size = 57344 bytes | Date = 09/17/2003 08:43 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DLA
#C:\WINDOWS\System32\DLA\DLACTRLW.EXE
##(Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Date = 09/08/2005 03:20 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DMXLauncher
#"C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
##( [Ver = | Size = 94208 bytes | Date = 11/01/2005 01:12 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IAAnotif
#"C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
##(Intel Corporation [Ver = 5.1.0.1022 | Size = 139264 bytes | Date = 06/17/2005 05:56 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup
#"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
##(InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Date = 06/10/2005 08:44 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler
#"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
##(InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Date = 06/10/2005 08:44 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MCAgentExe
#c:\PROGRA~1\mcafee.com\agent\mcagent.exe
##(McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Date = 09/22/2005 18:29 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MCUpdateExe
#C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
##(McAfee, Inc [Ver = 6, 0, 0, 21 | Size = 212992 bytes | Date = 01/11/2006 12:05 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MMTray
#"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
##(Musicmatch, Inc. [Ver = 10.10.0097 | Size = 110592 bytes | Date = 09/08/2005 17:20 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MPFExe
#C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
##(McAfee Security [Ver = 7.1.0.113 | Size = 1005096 bytes | Date = 11/11/2005 17:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MPSExe
#"c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" /embedding
##(McAfee, Inc. [Ver = 8.1.0.136 | Size = 296488 bytes | Date = 03/30/2006 14:31 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSKAGENTEXE
#C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
##(McAfee Inc. [Ver = 7.0.2.0 | Size = 110592 bytes | Date = 09/26/2005 10:26 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSKDetectorExe
#"C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
##(McAfee, Inc. [Ver = 7.0.1.6 | Size = 1121792 bytes | Date = 08/12/2005 16:16 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Norton Ghost 10.0
#"C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
##(Symantec Corporation [Ver = 10.0.0.8400 | Size = 1537648 bytes | Date = 09/09/2005 19:09 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\OASClnt
#"C:\Program Files\McAfee.com\VSO\oasclnt.exe"
##(McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Date = 08/11/2005 20:02 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RoxioDragToDisc
#"C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
##(Roxio [Ver = 7.1.0.128 | Size = 1691648 bytes | Date = 07/27/2004 20:37 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SigmatelSysTrayApp
#stsystra.exe
##(SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Date = 03/22/2005 21:20 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SM1BG
#C:\WINDOWS\SM1BG.EXE
##(Cypress Semiconductor [Ver = 6.01.1000.0 | Size = 94208 bytes | Date = 08/27/2003 14:20 | Attr = R ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpySweeper
#"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
##(Webroot Software, Inc. [Ver = 5,0,7,1608 | Size = 3871744 bytes | Date = 08/03/2006 20:02 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched
#"C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
##(Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 49263 bytes | Date = 07/26/2006 03:03 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\UpdReg
#C:\WINDOWS\UpdReg.EXE
##(Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Date = 05/10/2000 23:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VirusScan Online
#"C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
##(McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Date = 08/10/2005 10:49 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VSOCheckTask
#"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
##(McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 151552 bytes | Date = 07/08/2005 18:18 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\ppupdstub
#C:\PROGRA~1\COMMON~1\Scanner\PPUPDS~1.EXE "C:\PROGRA~1\COMMON~1\Scanner\ppctl.dll" "C:\DOCUME~1\JIMHIL~1\LOCALS~1\Temp\PPCTLD~1.PPU"
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
#Installed = 1
##

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
#Installed = 1
##

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
#Installed = 1
##

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe
#C:\WINDOWS\system32\ctfmon.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DellSupport
#"C:\Program Files\Dell Support\DSAgnt.exe" /startup
##(Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Date = 05/15/2005 00:04 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Spyware Doctor
#"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
##(PC Tools Research Pty Ltd [Ver = 4.0.0.2603 | Size = 2083040 bytes | Date = 08/08/2006 09:10 | Attr = ])


#
##

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
#C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
##(Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Date = 09/23/2005 22:05 | Attr = ])

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
#C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
##( [Ver = | Size = 84 bytes | Date = 08/11/2004 15:15 | Attr = HS])

C:\Documents and Settings\Jim Hill\Start Menu\Programs\Startup\desktop.ini
#C:\Documents and Settings\Jim Hill\Start Menu\Programs\Startup\desktop.ini
##( [Ver = | Size = 84 bytes | Date = 08/11/2004 15:15 | Attr = HS])

<<< >> Disabled MSConfig Items << >>>

<<< >> User Agent Post Platform << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\SV1
#
##

<<< >> AppInit DLLs << >>>

<<< >> Image File Execution Options << >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
#Debugger = ntsd -d
##

<<< >> Shell Service Object Delay Load << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn
#{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 06:33 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder
#{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 06:33 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysTray
#{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck
#{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Date = 08/04/2004 03:00 | Attr = ])

<<< >> Shell Execute Hooks << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}
#Directory Opus Shell Execute Hook = C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
##(GP Software [Ver = 2, 0, 59, 0 | Size = 489400 bytes | Date = 06/20/2006 13:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}
#CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 73728 bytes | Date = 06/16/2006 07:38 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972}
#URL Exec Hook = shell32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 06:33 | Attr = ])

<<< >> Shared Task Scheduler << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{438755C2-A8BA-11D1-B96B-00A0C90312E1}
#Browseui preloader = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1022976 bytes | Date = 06/23/2006 04:25 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{8C7461EF-2B13-11d2-BE35-3078302C2030}
#Component Categories cache daemon = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1022976 bytes | Date = 06/23/2006 04:25 | Attr = ])

<<< >> Winlogon << >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
#C:\WINDOWS\system32\userinit.exe,
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
#Explorer.exe
##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System
#
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
#crypt32.dll
##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
#cryptnet.dll
##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
#cscdll.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
#sclgntfy.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
#WlNotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
#WgaLogon.dll
##(Microsoft Corporation [Ver = 1.5.0540.0 | Size = 702768 bytes | Date = 06/19/2006 16:20 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
#WRLogonNTF.dll
##(Webroot Software, Inc. [Ver = 3,0,7,1608 | Size = 208896 bytes | Date = 08/03/2006 20:01 | Attr = ])

<<< >> DNS Name Servers << >>>

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{85FC8C47-6B49-4F38-A35A-F53D8945E8EC}
# (Intel(R) PRO/100 VE Network Connection)
##

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E6C3723E-A7AC-4898-AEAF-6A0CFCE4B2B6}
# (1394 Net Adapter)
##

<<< >> All Winsock2 Catalogs << >>>

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
#%SystemRoot%\System32\winrnr.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 16896 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
#CC:\WINDOWS\system32\mclsp.dll
##(File not found)

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
#CC:\WINDOWS\system32\mclsp.dll
##(File not found)

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
#CC:\WINDOWS\system32\mclsp.dll
##(File not found)

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
#CC:\WINDOWS\system32\mclsp.dll
##(File not found)

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
#CC:\WINDOWS\system32\mclsp.dll
##(File not found)

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
#CC:\WINDOWS\system32\mclsp.dll
##(File not found)

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
#CC:\WINDOWS\system32\mclsp.dll
##(File not found)

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
#CC:\WINDOWS\system32\mclsp.dll
##(File not found)

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
#CC:\WINDOWS\system32\mclsp.dll
##(File not found)

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
#CC:\WINDOWS\system32\mclsp.dll
##(File not found)

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
#CC:\WINDOWS\system32\mclsp.dll
##(File not found)

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
#CC:\WINDOWS\system32\mclsp.dll
##(File not found)

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
#CC:\WINDOWS\system32\mclsp.dll
##(File not found)

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
#%SystemRoot%\system32\rsvpsp.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018
#%SystemRoot%\system32\rsvpsp.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/04/2004 03:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000027
#CC:\WINDOWS\system32\mclsp.dll
##(File not found)

<<< >> Protocol Handlers (Non-Microsoft only) << >>>

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ipp
#
##(File not found)

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp
#
##(File not found)

<<< >> Protocol Filters (Non-Microsoft only) << >>>



[Start Post #2]

Services
Name--Internal Name--Startup Type--State--Service Type--
#Path
##(Version Info)

AOL Connectivity Service--AOL ACS--Automatic--Running--Win32, running in it's own process--
#C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
##(America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Date = 04/07/2004 10:07 | Attr = ])

Ati HotKey Poller--Ati HotKey Poller--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\Ati2evxx.exe
##(ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Date = 08/04/2005 02:02 | Attr = ])

C-DillaCdaC11BA--C-DillaCdaC11BA--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\drivers\CDAC11BA.EXE
##(C-Dilla Ltd [Ver = 4.11.040 | Size = 39936 bytes | Date = 05/18/2006 15:06 | Attr = ])

Symantec Event Manager--ccEvtMgr--Automatic--Running--Win32, running in it's own process--
#"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
##(Symantec Corporation [Ver = 103.0.7.2 | Size = 198304 bytes | Date = 04/13/2006 13:20 | Attr = ])

Symantec Settings Manager--ccSetMgr--Automatic--Running--Win32, running in it's own process--
#"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
##(Symantec Corporation [Ver = 103.0.7.2 | Size = 181920 bytes | Date = 04/13/2006 13:21 | Attr = ])

Creative Service for CDROM Access--Creative Service for CDROM Access--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\CTsvcCDA.EXE
##(Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Date = 12/13/1999 13:01 | Attr = ])

ewido anti-spyware 4.0 guard--ewido anti-spyware 4.0 guard--Automatic--Running--Win32, running in it's own process--
#C:\Program Files\ewido anti-spyware 4.0\guard.exe
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Date = 06/16/2006 07:38 | Attr = ])

GEARSecurity--GEARSecurity--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\System32\GEARSec.exe
##(GEAR Software [Ver = 1, 0, 0, 6 | Size = 53248 bytes | Date = 08/16/2005 18:05 | Attr = ])

Intel(R) Matrix Storage Event Monitor--IAANTMon--Automatic--Running--Win32, running in it's own process--
#C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
##(Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Date = 06/17/2005 05:55 | Attr = ])

McAfee WSC Integration--McDetect.exe--Automatic--Running--Win32, running in it's own process--
#c:\program files\mcafee.com\agent\mcdetect.exe
##(McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Date = 10/13/2005 19:56 | Attr = ])

McAfee.com McShield--McShield--Automatic--Running--Win32, running in it's own process--
#c:\PROGRA~1\mcafee.com\vso\mcshield.exe
##(McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Date = 08/10/2005 09:22 | Attr = ])

McAfee Task Scheduler--McTskshd.exe--Automatic--Running--Win32, running in it's own process--
#c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
##(McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Date = 08/24/2005 14:01 | Attr = ])

McAfee Personal Firewall Service--MpfService--Automatic--Running--Win32, running in it's own process--
#C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
##(McAfee Corporation [Ver = 7.1.0.113 | Size = 548864 bytes | Date = 11/11/2005 16:43 | Attr = ])

McAfee SpamKiller Server--MskService--Automatic--Running--Win32, running in it's own process--
#C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
##(McAfee Inc. [Ver = 7.0.1.3 | Size = 963072 bytes | Date = 07/12/2005 16:10 | Attr = ])

Norton Ghost--Norton Ghost--Automatic--Running--Win32, running in it's own process--
#C:\Program Files\Norton Ghost\Agent\VProSvc.exe
##(Symantec Corporation [Ver = 10.0.0.8400 | Size = 2066024 bytes | Date = 09/09/2005 19:09 | Attr = ])

PC Tools Spyware Doctor--SDhelper--Automatic--Running--Win32, running in it's own process--
#C:\Program Files\Spyware Doctor\sdhelp.exe
##(PC Tools Research Pty Ltd [Ver = 3.6.0.2025 | Size = 895160 bytes | Date = 07/14/2006 08:45 | Attr = ])

Symantec Core LC--Symantec Core LC--Automatic--Running--Win32, running in it's own process--
#C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
##(Symantec Corporation [Ver = 1, 8, 54, 534 | Size = 822424 bytes | Date = 04/26/2006 01:16 | Attr = ])

Webroot Spy Sweeper Engine--WebrootSpySweeperService--Automatic--Running--Win32, running in it's own process--
#C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
##(Webroot Software, Inc. [Ver = 3,0,7,1608 | Size = 3068928 bytes | Date = 08/03/2006 20:01 | Attr = ])


Files
Full Path
#Details

%SystemDrive%
#

%ProgramFilesDir%
#

%WinDir%
#

%System%
#

C:\WINDOWS\SYSTEM32\dfrg.msc
#AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213( [Ver = | Size = 41397 bytes | Date = 08/04/2004 03:00 | Attr = ])

C:\WINDOWS\SYSTEM32\DivXdec.ax
#FSg! (DivXNetworks, Inc. [Ver = 5.1.1.1031 | Size = 236544 bytes | Date = 11/11/2003 16:00 | Attr = ])

C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
#RIMAPPTECHNOLOGIES (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 571184 bytes | Date = 06/19/2006 16:19 | Attr = ])

C:\WINDOWS\SYSTEM32\MRT.exe
#(PeCompact2) (Microsoft Corporation [Ver = 1.19.1567.0 | Size = 8325544 bytes | Date = 08/09/2006 12:03 | Attr = ])

C:\WINDOWS\SYSTEM32\MRT.exe
#(ASPack) (Microsoft Corporation [Ver = 1.19.1567.0 | Size = 8325544 bytes | Date = 08/09/2006 12:03 | Attr = ])

C:\WINDOWS\SYSTEM32\ntbackup.exe
#VWSuD (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1200128 bytes | Date = 08/04/2004 03:00 | Attr = ])

C:\WINDOWS\SYSTEM32\ntdll.dll
#.aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 08/04/2004 03:00 | Attr = ])

C:\WINDOWS\SYSTEM32\nusrmgr.cpl
#Pln``pmlidb_[ZYWSUdxa\^`^Tsfbeffhjol(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 03:00 | Attr = ])

C:\WINDOWS\SYSTEM32\rasdlg.dll
#\DuMonitor SendMessage(WM_RASEVENT) done(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 08/04/2004 03:00 | Attr = ])

C:\WINDOWS\SYSTEM32\wbdbase.deu
#msubjsuchsullsupeswinsyncszens( [Ver = | Size = 1309184 bytes | Date = 08/04/2004 03:00 | Attr = ])

C:\WINDOWS\SYSTEM32\WgaTray.exe
#RIMAPPTECHNOLOGIES (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Date = 06/19/2006 16:19 | Attr = ])

%System%\Drivers folder and sub-folders
#

%windir% + sub-dirs for System or Hidden files less than 60 days old
#

C:\WINDOWS\bootstat.dat
# ( [Ver = | Size = 2048 bytes | Date = 08/24/2006 08:36 | Attr = S])

C:\WINDOWS\QTFont.qfn
# ( [Ver = | Size = 54156 bytes | Date = 08/20/2006 07:21 | Attr = H ])

C:\WINDOWS\inf\oem18.inf
# ( [Ver = | Size = 0 bytes | Date = 06/28/2006 07:06 | Attr = H ])

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\813e0a95fdfeb1f729c9fb87b7dc71fe\BIT126.tmp
# ( [Ver = | Size = 0 bytes | Date = 08/12/2006 20:21 | Attr = H ])

C:\WINDOWS\system32\F3BEF78FA5.sys
# ( [Ver = | Size = 88 bytes | Date = 06/26/2006 15:06 | Attr = RHS])

C:\WINDOWS\system32\KGyGaAvL.sys
# ( [Ver = | Size = 3350 bytes | Date = 06/26/2006 15:06 | Attr = HS])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917422.cat
# ( [Ver = | Size = 10925 bytes | Date = 07/05/2006 05:21 | Attr = S])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat
# ( [Ver = | Size = 23751 bytes | Date = 07/28/2006 05:16 | Attr = S])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat
# ( [Ver = | Size = 10337 bytes | Date = 07/27/2006 07:00 | Attr = S])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat
# ( [Ver = | Size = 10925 bytes | Date = 07/21/2006 02:03 | Attr = S])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920683.cat
# ( [Ver = | Size = 11929 bytes | Date = 06/26/2006 12:47 | Attr = S])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921398.cat
# ( [Ver = | Size = 13050 bytes | Date = 07/13/2006 07:24 | Attr = S])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921883.cat
# ( [Ver = | Size = 10925 bytes | Date = 07/14/2006 09:13 | Attr = S])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922616.cat
# ( [Ver = | Size = 10925 bytes | Date = 07/14/2006 08:53 | Attr = S])

C:\WINDOWS\system32\config\default.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/24/2006 08:37 | Attr = H ])

C:\WINDOWS\system32\config\SAM.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/24/2006 08:36 | Attr = H ])

C:\WINDOWS\system32\config\SECURITY.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/24/2006 08:37 | Attr = H ])

C:\WINDOWS\system32\config\software.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/24/2006 09:07 | Attr = H ])

C:\WINDOWS\system32\config\system.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/24/2006 08:43 | Attr = H ])

C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/15/2006 07:59 | Attr = H ])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
# ( [Ver = | Size = 558 bytes | Date = 07/09/2006 17:40 | Attr = S])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
# ( [Ver = | Size = 144 bytes | Date = 07/09/2006 17:40 | Attr = S])

C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\91433285-87ba-4de6-9703-5b10f6cd0ce6
# ( [Ver = | Size = 388 bytes | Date = 07/31/2006 22:22 | Attr = HS])

C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
# ( [Ver = | Size = 24 bytes | Date = 07/31/2006 22:22 | Attr = HS])

C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\ede0a245-dbef-4871-8531-2a3d81f822b6
# ( [Ver = | Size = 388 bytes | Date = 07/31/2006 22:45 | Attr = HS])

C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
# ( [Ver = | Size = 24 bytes | Date = 07/31/2006 22:45 | Attr = HS])

C:\WINDOWS\Tasks\SA.DAT
# ( [Ver = | Size = 6 bytes | Date = 08/24/2006 08:36 | Attr = H ])

C:\WINDOWS\Temp\History\History.IE5\desktop.ini
# ( [Ver = | Size = 113 bytes | Date = 08/18/2006 11:51 | Attr = HS])

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 08/18/2006 11:51 | Attr = HS])

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\092XMPSH\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 08/18/2006 11:51 | Attr = HS])

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B46LI39H\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 08/18/2006 11:51 | Attr = HS])

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SXMB6HQ3\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 08/18/2006 11:51 | Attr = HS])

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YNA9OJWF\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 08/18/2006 11:51 | Attr = HS])

CPL files
#

C:\WINDOWS\SYSTEM32\access.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 03:00 | Attr = ])

C:\WINDOWS\SYSTEM32\appwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/04/2004 03:00 | Attr = ])

C:\WINDOWS\SYSTEM32\bdeadmin.cpl
# (Borland Software Corporation [Ver = 5.2.0.2 | Size = 184320 bytes | Date = 10/07/2003 11:39 | Attr = ])

C:\WINDOWS\SYSTEM32\bthprops.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 08/04/2004 03:00 | Attr = ])

C:\WINDOWS\SYSTEM32\CMDVDPak.cpl
# (Sonic Solutions [Ver = 2.5.00.0138 | Size = 1019904 bytes | Date = 10/24/2005 23:00 | Attr = ])

C:\WINDOWS\SYSTEM32\desk.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/04/2004 03:00 | Attr = ])

C:\WINDOWS\SYSTEM32\firewall.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/04/2004 03:00 | Attr = ])

C:\WINDOWS\SYSTEM32\hdwwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/04/2004 03:00 | Attr = ])

C:\WINDOWS\SYSTEM32\inetcpl.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/04/2004 03:00 | Attr = ])

C:\WINDOWS\SYSTEM32\intl.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/04/2004 03:00 | Attr = ])

C:\WINDOWS\SYSTEM32\irprops.cpl
# (Microsoft Corpo
JSH
Active Member
 
Posts: 11
Joined: August 14th, 2006, 12:15 am
Location: Los Angeles area

Unread postby Bob4 » August 24th, 2006, 5:39 pm

______________________________
Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath, copy and paste these filepaths: 1 at a time.


C:\WINDOWS\system32\F3BEF78FA5.sys


Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html

Post that in your nest replt along with a new HJT log.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby JSH » August 25th, 2006, 11:48 am

Ran Jotti, and then Kaspersky. Jotti found no malware, and the Kaspersky scan gives the same results as seen when scanned on August 20 (no problems except a virus in some old archived Eudora emails. Eudora is not installed on this computer). I removed the virus on the computer used for emails, and will update the archive in a few days.

Jotti scan
Jotti Scan results (scanned 8-24-06):
Scanned the following file: C:\WINDOWS\system32\F3BEF78FA5.sys

Service load: (about 50%)
0% 100%
File: F3BEF78FA5.sys_
Status:
OK
MD5 ac8d0b6ad030f7b24a9057cbea92eeb9
Packers detected:

Scanner Results: (nothing found on any scans)
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
-

Kaspersky scan
KASPERSKY ONLINE SCANNER REPORT
Friday, August 25, 2006 7:03:19 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 25/08/2006
Kaspersky Anti-Virus database records: 218095
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics
Total number of scanned objects 125325
Number of viruses found 1
Number of infected objects 10 / 0
Number of suspicious objects 0
Duration of the scan process 07:37:10

Infected Object Name Virus Name Last Action
C:\Backup 5-15-06\Backup Eudora\7-11-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX/[From
"James M. Walker" ][Date Tue, 19 Jun 2001 11:45:15 -0400]/UNNAMED Infected:
Email-Worm.VBS.KakWorm skipped
C:\Backup 5-15-06\Backup Eudora\7-11-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX
Mail Berkeley mbox: infected - 1 skipped
C:\Backup 5-15-06\Backup Eudora\7-17-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX/[From
"James M. Walker" ][Date Tue, 19 Jun 2001 11:45:15 -0400]/UNNAMED Infected:
Email-Worm.VBS.KakWorm skipped
C:\Backup 5-15-06\Backup Eudora\7-17-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX
Mail Berkeley mbox: infected - 1 skipped
C:\Backup 5-15-06\Backup Eudora\7-24-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX/[From
"James M. Walker" ][Date Tue, 19 Jun 2001 11:45:15 -0400]/UNNAMED Infected:
Email-Worm.VBS.KakWorm skipped
C:\Backup 5-15-06\Backup Eudora\7-24-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX
Mail Berkeley mbox: infected - 1 skipped
C:\Backup 5-15-06\Backup Eudora\8-13-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX/[From
"James M. Walker" ][Date Tue, 19 Jun 2001 11:45:15 -0400]/UNNAMED Infected:
Email-Worm.VBS.KakWorm skipped
C:\Backup 5-15-06\Backup Eudora\8-13-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX
Mail Berkeley mbox: infected - 1 skipped
C:\Backup 5-15-06\Backup Eudora\8-6-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX/[From
"James M. Walker" ][Date Tue, 19 Jun 2001 11:45:15 -0400]/UNNAMED Infected:
Email-Worm.VBS.KakWorm skipped
C:\Backup 5-15-06\Backup Eudora\8-6-06 UserData\RADIO REFLECTORS.FOL\R-390-01.MBX
Mail Berkeley mbox: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Logs\Filtering.log
Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log
Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log
Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612
Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat
Object is locked skipped
C:\Documents and Settings\Jim Hill\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log
Object is locked skipped
C:\Documents and Settings\Jim Hill\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jim Hill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Object is locked skipped
C:\Documents and Settings\Jim Hill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Object is locked skipped
C:\Documents and Settings\Jim Hill\Local Settings\History\History.IE5\index.dat
Object is locked skipped
C:\Documents and Settings\Jim Hill\Local Settings\History\History.IE5\MSHist012006082420060825\index.dat
Object is locked skipped
C:\Documents and Settings\Jim Hill\Local Settings\Temp\Perflib_Perfdata_238.dat
Object is locked skipped
C:\Documents and Settings\Jim Hill\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Object is locked skipped
C:\Documents and Settings\Jim Hill\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jim Hill\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS019A2A9B-57E8-475B-B8AC-976459134036.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS024C90DB-7B3F-4FAD-A8BB-9D129E49AF5B.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS02DCD134-2718-4924-9B13-F9AB6C840256.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS064C4DD3-5ED4-4C2A-96D8-DB41C4AF5576.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS079A1E7B-395A-4E93-AFAA-107E036B511A.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS08A6B125-191D-45E5-959A-5879EE313BAC.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1203792E-4154-4BA5-860E-A7170E48BE80.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS12393CC4-2A5B-4F4E-99C3-57D495FD0830.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS13619885-D45B-4C32-A375-0B3E150543BC.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS147488CE-99BD-4CB1-BF43-531241B90319.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1486ADD6-F7B0-44B4-9D5B-3A72B474E0AA.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS15F2DC3D-D3F5-4805-A718-BFC8CD18D6DA.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS189D44A9-6DC2-4FB4-99CD-25D4773BB992.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS190320B5-0913-49E1-B726-0DCD868B3C1B.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1A55B9AD-F9FD-4BF3-9B66-636C7EC990F8.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1B88D6F3-2411-44A8-8FCF-2CA500797C0C.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2243D9D8-16CA-4210-BA68-1B682DA251A5.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS29BD4595-7F1D-47A4-8C23-976AD9A6F27A.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS305FDF2E-DB6B-4312-A8F6-1E71A872C9AF.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS343A161E-3FB8-43C5-A7DB-6E97FC426204.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS34FA8F26-30C1-4DDE-A454-109BE80F9984.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS358A968D-776E-4C3C-8C5D-A07704DB7E1A.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3DE24B43-55AD-4CF2-A133-CC4035471B89.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4007F898-F7E9-43E9-A9AB-D95766BB8E3D.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS41C56913-CE32-477D-834E-134E3510A30B.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS41E84CC0-4652-422B-8C05-0D96B8445A64.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS45E27859-D095-438F-A3D0-4D282152ED91.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4944EB51-83E8-4F76-8DC7-CE2EB2CBE768.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS517086AA-8976-4862-8F0B-95456A584A5D.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS53B7FF5C-DAE3-44CB-9F37-E9D63E2ECD7A.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS54706F0F-D774-4517-86C7-B1ACDB5DFD83.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS59DA5FA2-A5FC-4066-9301-6C2D1B671B29.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS60B43138-D3E9-4502-B79E-AA68558C5020.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6C2030EF-31A0-4243-A7C4-8B03345DB214.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6C929BAD-73C6-432E-AEA2-1629B5485554.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS71C422E3-211E-4E5E-A5BF-D45B4DACA7DD.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7289D417-4988-48BA-BD7E-54BF1931FF81.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS77AED6E9-5AC2-4B74-AECD-AC0F2ECF84AA.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS794E1425-BE64-41CA-8896-19B7D1648A45.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7E71C80E-2E75-44D9-94D9-A17604F2365E.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8050E294-A9A6-4545-AE4B-51855EB012DF.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS80B97673-142B-41C5-A74A-4E74D2D39D1E.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS84159D74-509E-4B6A-9E24-C5620C779BA0.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8B838627-750E-4BAA-BD66-09C9B2EC78DF.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS91EE7D39-AAEE-4CB2-B86C-A891B01A736C.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS955C85A6-6E92-4369-B29D-9781C30E2C1A.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS96873FDC-69DF-48F5-BEA3-F9F4AB402630.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9F0E25E4-8825-41B1-9E4C-9F090B974C92.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9F10C9B6-73F7-4400-BAD6-2F5A4421447D.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA002854A-C253-4589-B0C6-171586CF85AE.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2689D8F-8052-459B-8641-3908A20D82EB.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA8FE2989-05C5-4143-8966-5C55433B4C0D.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAC05C450-F735-4647-A443-AB8E57D7B59E.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAD187DFC-F93C-47F4-B893-EA2D92E6CB0C.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAD344E75-BD7E-40E6-B631-827A901035F2.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAE01EC2B-0217-4C81-A9E4-A703AE5D851E.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB6CAEA80-EDD7-4A75-A91F-F9131856E1A8.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC59DAAD8-EC70-4C64-82B8-136F6D04C85B.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC6803BC5-EC1E-4BC3-8E45-DBFF24A94A66.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCB514408-19B3-4445-B792-DEC602C173D8.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD7515E34-6D93-4B61-A9B3-8F1A47F0B2FE.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD85FA3F2-03D8-4560-A489-475637FE55E0.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD8A6ADC8-5E5C-4BD7-B9F3-201BA02BD054.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDCBE82C6-BC1C-4EBB-88FE-0F4199AE60F4.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE41463BD-F68F-48CB-989C-3CD9F09678C0.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF0F758BF-2BBB-442B-868B-FC95892CA6F0.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF52B7A47-76A7-4D00-B2E3-A883198C9331.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF57576E5-3674-4052-813E-CFF365E2677D.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFE1DFB83-5F3C-45E3-807C-57C9BB2466F4.tmp
Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked
skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat
Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked
skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is
locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked
skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked
skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.mst Object is locked
skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked
skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP114\change.log
Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{3EE6E4F7-3D10-4C3C-BBFE-FC067BA9DCC1}.crmlog
Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{CFB0A383-BA41-4BB9-B069-D5DE1BDDE4C6}.bin
Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_d2c.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20061102}.CDF Object
is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked
skipped
Scan process completed.
JSH
Active Member
 
Posts: 11
Joined: August 14th, 2006, 12:15 am
Location: Los Angeles area

Unread postby Bob4 » August 25th, 2006, 3:44 pm

Ok those look OK. But maybe I have missed something realy simple in the begginning. :roll:
You seem to be running 2 anti virus programs. This is simply a bad idea as they will conflict with each other. You should only have 1 running realtime protection. The other you may keep as a back up as a stand alone.
At the very least you should disable real time prtection on 1 of them. Or uninstall one of them.


C:\WINDOWS\system32\F3BEF78FA5.sys

I can find no information on this file at all anywhere. Usually not a good sign. I don't think this is a good file.
Lets do this to be safe.


___________________________________
Reconfigure Windows XP to show hidden files::

Click Start. My Computer.
Select the Tools menu Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.



Navigate to c:/windows/system32/F3BEF78FA5.sys
Right click this file and delete it if it lets you. If not let me know.
Reboot the computer and see if you recieve any warnings from legitimate programs. Leave it in the recycle bin so you can restore it if need be.



Open HJT

this time click on
Misc tools section

then:
Open uninstall Manager
click on save list.

Post that log for me.

And another hijackthis log.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware