Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log - iNvAzN


  • Please log in to reply
19 replies to this topic

#1 iNvAzN

iNvAzN

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 08 September 2005 - 06:18 AM

//Mod edit: Log split away from this thread
http://www.bleepingcomputer.com/forums/ind...=0&#entry166152


Logfile of HijackThis v1.99.1
Scan saved at 7:12:46 AM, on 9/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\system32\wdfmgr.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\System32\alg.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINNT\System32\SZIEBHO.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120087635562
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BF8169A-D30D-4461-B447-A6B5709E3016}: NameServer = 141.155.0.68 151.203.0.84
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Edited by KoanYorel, 08 September 2005 - 06:45 AM.


BC AdBot (Login to Remove)

 


#2 iNvAzN

iNvAzN
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 09 September 2005 - 04:41 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:37:02 PM, on 9/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\system32\wdfmgr.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\System32\alg.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\~e5.0001
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINNT\System32\SZIEBHO.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120087635562
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BF8169A-D30D-4461-B447-A6B5709E3016}: NameServer = 141.155.0.68 151.203.0.84
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#3 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,636 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 13 September 2005 - 12:41 AM

Hi iNvAzN,

I'm looking at your log and your earlier thread. There isn't much showing up there except for what you have disabled via Autoruns, and that doesn't list the file name or its location. Could you open Autoruns, click on the Internet Explorer tab and post back what is listed under the Image Path column for the entry you have unchecked please?

Then we'll dig a little deeper.

Edit: It would be easier to right click on the disabled entry, choose copy and then paste into your next reply. That will give us more information and save you the typing.

The thing about people

is they change

when they walk away.--Mipso


#4 iNvAzN

iNvAzN
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 14 September 2005 - 04:49 PM

c:\program files\norton antivirus\navshext.dll
c:\program files\flashget\jccatch.dll
c:\winnt\system32\sziebho.dll
c:\winnt\system32\sziebho.dll
That's all there is under the image path for the disabled objects, I hope this helps

#5 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,636 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 15 September 2005 - 12:24 AM

OK, those BHO's are legitimate except that Flashget is adware and I suggest you uninstall it if you haven't already. The other two are for Norton and Stopzilla and they seem to have been re-enabled. I'm not sure why you would want to disable part of Norton and Stopzilla. This could be your problem, but leave them disabled for now. Let's see if you have any leftover effects from Alcra.b.

I will say that part of the problem may be that you are running more than one Popupblocker--Stopzilla, Eartlink's, and SP2. Even one can sometimes cause more problems than they are worth and more than one is not recommended. You seem to have the eartlink one turned off, but I know from past experience that it will still cause problems.

Are you still having problems with regedit? Please do the following to find out if some of your system utilities are OK:

Download WinPFind.zip and unzip the contents to the C:\ folder.

Now click to download the file AlcrabDamage.def that is attached below and save it to C:\WinPFind\plugins. If you aren't sure how to save to the plugins folder, copy the file path in bold below to the save in field, but you must unzip to the root folder-- C:\ --as instructed for this to work.

C:\WinPFind\plugins

Locate the c:\winpfind\winpfind.exe file and double-click it to run it. Click on the Configure Scan Options button and on the right-hand side click the checkbox for AlcrabDamage.def to select it.

Click both Remove All buttons and then click the Apply button.

Now click the Start Scan button to perform the scan.

A log will be produced in the WinPFind.txt file located in the WinPFind folder. Please post the contents of that file in your next reply.

Also let me know if you have set your local page to blank. These two lines could be legit if set by you.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System\blank.htm

Also let me know if you've uninstalle FlashGet and any other actions you have taken since you posted the HJT log.

Attached Files


The thing about people

is they change

when they walk away.--Mipso


#6 iNvAzN

iNvAzN
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 15 September 2005 - 06:45 PM

I have uninstalled FlashGet as suggested, and I don't understnad what u mean by local page...anyway, here's the results of the WinPFind scan:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking Selected Startup Folders

Checking Selected Registry Keys


<<<<<<<<<< Checking for AddOn AlcrabDamage.def information >>>>>>>>>>
Parameter line : File=%ProgramFiles%\winupdates;a.zip;;;;;
File C:\Program Files\winupdates\a.zip was not found!
Parameter line : File=%SysDir%;cmd.com;;2;;;
File C:\WINNT\SYSTEM32\cmd.com with a size of 2 bytes was not found!
Parameter line : File=%SysDir%;netstat.com;;2;;;
File C:\WINNT\SYSTEM32\netstat.com with a size of 2 bytes was not found!
Parameter line : File=%SysDir%;bszip.dll;;;;;
File C:\WINNT\SYSTEM32\bszip.dll was not found!
Parameter line : File=%SysDir%;ping.com;;2;;;
File C:\WINNT\SYSTEM32\ping.com with a size of 2 bytes was not found!
Parameter line : File=%SysDir%;regedit.com;;2;;;
File C:\WINNT\SYSTEM32\regedit.com with a size of 2 bytes was not found!
Parameter line : File=%SysDir%;taskkill.com;;2;;;
File C:\WINNT\SYSTEM32\taskkill.com with a size of 2 bytes was not found!
Parameter line : File=%SysDir%;tasklist.com;;2;;;
File C:\WINNT\SYSTEM32\tasklist.com with a size of 2 bytes was not found!
Parameter line : File=%SysDir%;regedit.com;;2;;;
File C:\WINNT\SYSTEM32\regedit.com with a size of 2 bytes was not found!
Parameter line : File=%SysDir%;cmd.exe;;;;;
8/4/2004 3:56:48 AM 388608 C:\WINNT\SYSTEM32\cmd.exe found!
Parameter line : File=%SysDir%;netstat.exe;;;;;
8/4/2004 3:56:54 AM 36864 C:\WINNT\SYSTEM32\netstat.exe found!
Parameter line : File=%SysDir%;ping.exe;;;;;
8/4/2004 3:56:56 AM 17920 C:\WINNT\SYSTEM32\ping.exe found!
Parameter line : File=%SysDir%;regedt32.exe;;;;;
8/18/2001 1:00:00 PM 3584 C:\WINNT\SYSTEM32\regedt32.exe found!
Parameter line : File=%SysDir%;tracert.exe;;;;;
8/4/2004 3:56:58 AM 12288 C:\WINNT\SYSTEM32\tracert.exe found!
Parameter line : File=%WinDir%;regedit.exe;;;;;
8/4/2004 3:56:56 AM 146432 C:\WINNT\regedit.exe found!

Scan Complete
WinPFind v1.4.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/15/2005 7:42:55 PM

#7 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,636 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 15 September 2005 - 11:53 PM

OK, looks like regedit and the other MS utilities should be working correctly. I'm still working on the theory the popup blockers or something else with Norton being disabled by autoruns are the problem, but let's see if there is anything else going on since those lines I asked you about are very suspicious.

Please do the following:

Scan again with HijackThis 1.99.1. Put a checkmark by the following entries, double-checking to be sure that only these entries are checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing


Close all other windows--you should only see HijackThis on your Desktop--and then click the "Fix checked" button.

Now open winpfind.exe and click on the Configure Scan Options button and make sure all is checked under Folder options and Registry Key Options and that AlcrabDamage.def IS NOT checked.

Reboot your computer into Safe Mode and scan with WinPFind. This scan will take longer to run.

Reboot back into safe mode and scan again with HijackThis and post another log along with the new PFind log.

Also let me know if you have all three of the popup blockers I mentioned enabled. And can you describe exactly what is happening with Norton? You're just not getting updates? If you are geting error messages, please post back here what they say exactly. Also the veriosn of Norton you are running and if your subscription is current..

The thing about people

is they change

when they walk away.--Mipso


#8 iNvAzN

iNvAzN
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 18 September 2005 - 01:19 AM

Logfile of HijackThis v1.99.1
Scan saved at 2:13:16 AM, on 9/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINNT\System32\SZIEBHO.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...oad/tgctlcm.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120087635562
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe




WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
aspack 1/2/2005 9:57:18 AM 7870500 C:\WINNT\180ax_kyf.dat
PTech 1/2/2005 9:57:18 AM 7870500 C:\WINNT\180ax_kyf.dat
UPX! 8/29/2004 9:40:26 AM 12870 C:\WINNT\aniqueo.exe
PTech 8/5/2004 1:53:44 AM H 4359053 C:\WINNT\msbb_kyf.dat
PEC2 6/26/2005 11:43:46 AM 321024 C:\WINNT\SysUtil.exe
PECompact2 6/26/2005 11:43:46 AM 321024 C:\WINNT\SysUtil.exe

Checking %System% folder...
SAHAgent 6/23/2005 9:25:44 AM 2891 C:\WINNT\SYSTEM32\ap9h4qmo.ini
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINNT\SYSTEM32\d3dx9_25.dll
PEC2 8/18/2001 1:00:00 PM 41397 C:\WINNT\SYSTEM32\dfrg.msc
PEC2 6/9/2005 4:32:28 PM 692736 C:\WINNT\SYSTEM32\DivX.dll
PECompact2 6/9/2005 4:32:28 PM 692736 C:\WINNT\SYSTEM32\DivX.dll
PECompact2 9/8/2005 9:36:32 PM 1997664 C:\WINNT\SYSTEM32\MRT.exe
aspack 9/8/2005 9:36:32 PM 1997664 C:\WINNT\SYSTEM32\MRT.exe
aspack 8/4/2004 3:56:36 AM 708096 C:\WINNT\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINNT\SYSTEM32\rasdlg.dll
winsync 8/18/2001 1:00:00 PM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINNT\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINNT\SYSTEM32\drivers\etc\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/18/2005 1:53:32 AM S 2048 C:\WINNT\bootstat.dat
9/18/2005 1:58:00 AM HS 7680 C:\WINNT\Thumbs.db
8/7/2005 12:32:50 PM HS 0 C:\WINNT\system32\sscms.dat
8/7/2005 12:27:40 PM HS 32 C:\WINNT\system32\sscms.le
9/18/2005 1:53:24 AM H 8192 C:\WINNT\system32\config\default.LOG
7/30/2005 11:02:54 AM H 0 C:\WINNT\system32\config\DEFAULT.rrr.LOG
9/18/2005 1:53:52 AM H 1024 C:\WINNT\system32\config\SAM.LOG
7/30/2005 11:02:54 AM H 0 C:\WINNT\system32\config\SAM.rrr.LOG
9/18/2005 1:53:36 AM H 16384 C:\WINNT\system32\config\SECURITY.LOG
9/18/2005 1:56:52 AM H 77824 C:\WINNT\system32\config\software.LOG
7/30/2005 11:02:54 AM H 0 C:\WINNT\system32\config\SOFTWARE.rrr.LOG
9/18/2005 1:53:56 AM H 1286144 C:\WINNT\system32\config\system.LOG
9/17/2005 11:45:20 PM H 1024 C:\WINNT\system32\config\systemprofile\NTUSER.DAT.LOG
9/18/2005 1:43:22 AM H 6 C:\WINNT\Tasks\SA.DAT
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CS0095925E-6F44-42F5-A596-F60AD5054D72.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS010A1A7F-6CB7-4269-B58A-FA0D10A03529.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS031BCCC1-B795-4568-BA58-87D36D769DB0.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS043D523B-04A7-4F1A-90E6-A7F72A4CCA84.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS04A75661-A51C-41E2-B3DA-474932374E30.tmp
9/17/2005 12:39:24 PM H 0 C:\WINNT\Temp\CS06E2B96C-E8FE-422E-8494-E7C709097DF9.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CS06FA3A97-E9C6-4B3F-997F-8DA3388F5D39.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CS08425285-139B-4028-8B36-CF51C6CF32D1.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CS09377586-617E-4B4D-895F-19D6CE402CD3.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS0CEC1297-7A97-4C91-BA20-FA76B435CA4E.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS0F499745-DE91-4BEC-9D1D-1FF3912913A6.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS10C99E60-D901-4D67-BAA1-FBC11DC0F28E.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CS10DEA14F-EC18-463E-8952-C80D64DB6AB8.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS115D40F8-8F36-4A01-ACB7-78DE4EB60326.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS1502335C-BD15-4BB2-B907-A141263D6DD4.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS16385EC5-4A5E-4471-A658-8115A3AA7A6B.tmp
9/17/2005 8:39:12 AM H 0 C:\WINNT\Temp\CS17723E58-F029-4FC0-AD08-38D1321EC816.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS19E67230-EC6B-48C4-84BA-AF76E563CDA2.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS1B04FC79-E19E-4762-AECE-863FDD88DF97.tmp
9/17/2005 12:39:22 PM H 0 C:\WINNT\Temp\CS1C07340B-ADDA-4880-91DF-1D5A8C72E0E2.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS1C36BCCB-95B2-443B-94D0-E0A44FE1AEAA.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS1C9642D6-03C2-4CE4-8CC4-7B9692E97B60.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS1D1562CB-4FCD-4C81-A1A4-7A6D4FBD91E6.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS1DAAD789-13DA-4B29-9BCC-65D3EB737D64.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS1E5E5485-62F8-4866-BA5A-0FF5A6F311E4.tmp
9/17/2005 12:39:24 PM H 0 C:\WINNT\Temp\CS1ED11ACB-F2D7-43CE-9346-0E6F6956F35D.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS1EDE756B-515D-4E5E-A804-0F69F6CBAAC6.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS1F7EA12F-F9C0-4468-838C-2CADB8C81508.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS22473DC5-6632-4DFA-A6B1-7940CB1796C0.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS2398D940-3F92-4AE5-9C99-A46EC40DD43E.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS25CB2E69-4F14-4DB8-B265-144F2B671702.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS25EB1EEC-0CEB-44EB-BEEC-9D26EEF52397.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS27C2C9E9-B061-4AD4-9E88-E5E40AD9C8DD.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS27F02AEB-FA66-4424-87E3-DBF2F55F7E25.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS28B65F88-1F43-401C-B664-74715B339BAD.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS2A0A18D5-41DB-4730-BE67-C026D57636D7.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CS2A51E519-D217-4584-8BAF-B1B3CC269E3A.tmp
9/17/2005 12:39:20 PM H 0 C:\WINNT\Temp\CS2CB76C04-71D7-44DD-85F4-DD9E106D27DC.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS2D3B6A2B-0245-4E97-98CA-33BF9C1BCE22.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS33259E9C-5516-4120-B1B2-A6B484669BF1.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS33846CA5-5AE5-4DCC-9CCE-D7CC9A4114B6.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS33BDBF05-7965-477A-866C-A6CEF2A66DDF.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS341ECFBB-C5BE-4B5F-85D3-977AEA1BD28D.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS34FC5BC1-097E-42F8-A76E-CE7380F8590E.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS355AB083-A0B7-44FA-9AF0-CB4C9B6042A5.tmp
9/17/2005 8:39:14 AM H 1293110 C:\WINNT\Temp\CS36FCB3E0-EA04-4266-95A9-0DB8AAB5FEF4.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CS3A875D64-FA21-4AA1-84D0-B30B70C5D810.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS3AE981D9-9BC2-4A61-A5AE-1B6065E77E44.tmp
9/17/2005 8:39:52 AM H 469998 C:\WINNT\Temp\CS3C118B4A-BAE3-4DDA-B0A9-A05A621748AF.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS3E7D96DE-730C-4FA5-AA44-7070C977646F.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS3F336268-4E64-4F19-886D-76F8113AF0EE.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CS406D1A18-C240-4D73-AE39-913EBA8700ED.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS42227F99-2E97-4F5D-8406-0BBD8D7CBBF3.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS429127DF-646D-4293-A3D6-0DB7FD84A724.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS4403D567-7051-4A3F-92A6-60601A21A234.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS44A74ECB-E487-41AF-BE15-F6963A651AB0.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS450D16A7-5C8B-424E-88B2-E74147278522.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CS470285B6-DE6C-4E3E-9EF2-41AF34A77046.tmp
9/17/2005 12:39:16 PM H 0 C:\WINNT\Temp\CS474D41B9-CA0A-4464-B254-1BF42024FDC7.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS4914F31F-67FF-40A0-B7D5-29E9D9571227.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS4B13F2B5-3D00-471B-86CD-9865D0DD1A10.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS4F86510D-57E9-4DF6-BF3A-500E6B17F353.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CS4FB7955E-470D-479E-B767-0EEAB068F22A.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS5668A53D-B8A7-4714-9B1F-86BBBB9EE70C.tmp
9/17/2005 12:39:24 PM H 0 C:\WINNT\Temp\CS5A079EFE-DBFE-4FEC-B83A-6CBB763FB11B.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS5A2702DE-4CB6-406E-88D8-FDCF8834534D.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CS5A39CF97-3F16-4F9E-BF21-F5F37263B662.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CS5F6FE557-F864-4F14-9917-049C6C9BEC2E.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CS605AC94F-A982-4866-A24C-418F33352E11.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CS61510446-E1A0-4B15-8292-52DFD6194BE8.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS61F8BB2C-04E5-4850-8138-578F22CEE89C.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS64BD32B0-E380-4F60-AE9E-27DFFBE7234D.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS66547CBE-350A-4C12-8113-6BB00A5866D8.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CS66F34A99-52F9-4BA3-BBA3-40A2F98C2693.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CS67147FDE-E63A-479B-A517-E9C08D910EB4.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS6907A774-C978-4261-B106-74A5FEE0793C.tmp
9/17/2005 12:39:24 PM H 0 C:\WINNT\Temp\CS6B0AD0C8-B2CF-4457-9B6D-E88D71E68F9E.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CS6B36232A-79CF-415F-B9A9-1769A5428046.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS6B44870E-3FA8-499B-910C-12A7336A030C.tmp
9/17/2005 12:39:20 PM H 0 C:\WINNT\Temp\CS6C1BE82D-8061-43C8-8836-27B262E7E263.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS6DEF0E31-C131-4454-A2C2-EBA2F0760919.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS6EAE57AE-6095-4516-8BA1-FA6D8C094384.tmp
9/17/2005 12:39:20 PM H 0 C:\WINNT\Temp\CS6F4AB456-E876-4592-9325-ADC5C4627294.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS70CAF06F-0A34-4823-A85C-63F7A82C522A.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS70FEF1F8-8C78-4BCF-948C-B7B8D2AB6BE9.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS7184A012-7205-4466-AD90-DFFD1454DD86.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS726CFAE7-388F-4F79-B52A-6AA393630DA4.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CS73795293-5B46-4E5E-9949-8400C904070A.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CS746894F7-BD1C-49A4-A776-8D7C8F899F65.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS75FCD9DC-6CBA-4E36-BF47-E660A5B4BC3B.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS78187518-1875-41E0-A73B-9CC4BED55E36.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CS787609E9-3C89-4DE8-96E6-EBF0DD84C9FE.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS7A3E1572-0A2D-4AEC-BF9F-ED3795989C5B.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS7A8EE1BB-6AA5-410D-8AA4-2C7C498E3A6E.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CS7B744F4A-B812-448D-BFF7-D187EB75F822.tmp
9/17/2005 12:39:16 PM H 0 C:\WINNT\Temp\CS7BCB8098-E6DA-47DA-B22A-57A4C5AF950C.tmp
9/17/2005 12:39:20 PM H 0 C:\WINNT\Temp\CS7CBA1E1A-410B-480E-94E1-1D785FEC157D.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS7D59A10E-D2A8-4CD0-A2E4-80FA84AFD3FB.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CS805B0D07-2FC8-4BC9-9F03-D833C40ADDA1.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS80952AB9-D37D-4F00-A167-306151040BC0.tmp
9/17/2005 12:39:26 PM H 0 C:\WINNT\Temp\CS810403F8-E64A-4F67-A982-E715A3FD18A1.tmp
9/17/2005 1:07:42 PM H 0 C:\WINNT\Temp\CS8271F968-D3DB-48DE-B4AE-9D4BDDD06D76.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CS834C49EC-1A87-4D26-BE39-682C4A7ADA58.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CS845E5DDB-6F48-4CE2-A120-CB74A5E66E24.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS8469216B-E5FC-4905-A91A-5B085B3EC978.tmp
9/17/2005 12:39:24 PM H 0 C:\WINNT\Temp\CS846D1EF3-DAB5-4DA3-A724-73E93812FD56.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS85D9E493-93DA-4546-AA85-4C7DB4483EA0.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CS866CC51E-049F-4DE4-92BF-33985A305BED.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS87107719-CC38-4135-B573-79597458CE66.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CS88936F26-9F1E-47CE-A177-10DD01C90D3B.tmp
9/17/2005 12:39:14 PM H 0 C:\WINNT\Temp\CS8AB30DD5-AB36-4042-B1E3-5A63AC44308C.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS8E9BE5A9-B27B-4B4C-A956-D289F332EDAF.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS8EB4CDF8-6E3E-4A08-9492-250A21780E84.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS904AF26F-D871-4E55-B9D7-E12AFC5AA6E5.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CS91761DA4-D09C-4C55-8480-3084A8F66B9B.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CS91A018B5-606E-459F-81FB-595ACF3F2DB9.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS91D71B9C-FA78-46BF-BCDB-3CBBB613377F.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CS92C471B3-6C85-45B3-ABE3-21BBD9637FA4.tmp
9/17/2005 8:39:50 AM H 0 C:\WINNT\Temp\CS931C338F-E609-4A00-83C9-0598E77D7021.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS93573C37-FA5F-4FFA-9C92-ABFCC030C679.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS9391775E-01A3-495D-BCE1-290D88999F2A.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CS94BF3BA8-DCE8-4C38-A6BA-B3AD53BD4C30.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS94FB7AA3-152D-49C9-8738-42437FD44B7A.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS958903D8-DCAB-410C-9B0D-3ACF9EFBAACA.tmp
9/17/2005 12:39:20 PM H 0 C:\WINNT\Temp\CS958C2112-84F8-4B4F-9544-08A8743559D4.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS969F8577-55DC-4C24-85A7-1AA5016E462F.tmp
9/17/2005 12:39:22 PM H 0 C:\WINNT\Temp\CS9860C388-2455-4D90-A921-6759D5B4E9BD.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CS994CECB2-14C0-4C20-9FC9-2CB0A679CA81.tmp
9/17/2005 8:39:26 AM H 0 C:\WINNT\Temp\CS99B8B2BE-8EC0-45EE-B947-311CE49CF32F.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CS9C4411FE-21DA-4A91-B86D-256DE6CFB7B3.tmp
9/17/2005 8:39:50 AM H 0 C:\WINNT\Temp\CSA03DAB3F-87AD-42D7-A079-474D7779FF23.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CSA0FB1DC6-858B-49CB-BF5F-C33C3ABBFD46.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSA15E59EC-2AA4-4B61-B5E6-8715F8076C56.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CSA17FED95-3B5C-4A27-8779-2DF468CBC4C2.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSA1A503C7-EC5D-422A-81FB-DCFB3E05ADA0.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CSA2973EAA-A008-4728-81D2-F1C8D05627C0.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSA2E51CCB-C5F7-433E-9137-C78302B86E5A.tmp
9/17/2005 8:39:14 AM H 69391 C:\WINNT\Temp\CSA35BEE73-EF33-4828-97CB-4C562B9A440C.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CSA4697B1C-5110-4A3E-B470-4A6B8D242FDE.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CSA545855B-EBFA-4B5B-B38A-41825D0FABA2.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CSA834F4EE-AF27-4CFA-9515-86C6B071E4B5.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CSA86D92E6-7161-45FF-BD60-FB0505427FEC.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSAA538DA0-E814-43F9-8248-BBBDB397B81F.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSABC73471-80F8-452A-91E4-E3ACB4C75DE4.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CSAC3A9880-2949-467E-BC2F-AE6415163503.tmp
9/17/2005 1:08:18 PM H 0 C:\WINNT\Temp\CSACE08AA9-233B-4289-B07C-5BA28843976B.tmp
9/17/2005 12:39:16 PM H 0 C:\WINNT\Temp\CSAD8E46A1-EEE8-4126-8D80-52CEF9B93361.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSAE621EA7-25DC-458D-B0D5-AB944C53F71A.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSAFBC47A7-6B5B-4E47-A4A8-01C5D839C58E.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CSB3B513C8-534D-4C9B-A0FB-78A6538732C1.tmp
9/17/2005 12:39:16 PM H 0 C:\WINNT\Temp\CSB4F9C330-DA34-4C6E-9CEA-08DA598CDE0E.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CSB61FA45C-F01D-480A-99FB-F2F282E15A19.tmp
9/17/2005 1:07:56 PM H 0 C:\WINNT\Temp\CSB802B732-5A3D-4194-BF1A-A6EF856A106A.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSB93229E4-3E11-435E-BD19-4D356778C46C.tmp
9/17/2005 12:39:20 PM H 0 C:\WINNT\Temp\CSB9BA32B5-EB43-4A07-A6AA-F9B52F703FCD.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSBBBDE780-6670-4437-A8A4-197BB95EE151.tmp
9/17/2005 1:08:18 PM H 0 C:\WINNT\Temp\CSBE2E14C9-291B-42B6-9FEE-C05653BB0992.tmp
9/17/2005 8:39:14 AM H 902070 C:\WINNT\Temp\CSBE34528E-4C84-44E3-AA87-B8A49F90A123.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSBFDAE824-B1AE-44EA-9AC4-E84514F5626E.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CSC068EFFE-3D12-48E5-AAE3-8461F0397672.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CSC20FDD98-AEBD-4B15-BAED-4ACECE2BE8B6.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSC3B4A1A2-9936-4EC8-AEED-CB88B51EA78F.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CSC55DF13A-99C7-4A61-BEF0-C693C7D848E9.tmp
9/17/2005 12:39:24 PM H 0 C:\WINNT\Temp\CSC76EC521-F1D8-4743-AC35-875BE743B2A8.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CSC83F2054-1091-430A-A6A3-1104114BC939.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CSCD925053-1DED-4B6D-B13F-F87885DFA744.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CSCD981763-156B-488E-B3AC-3F9083ED9E7E.tmp
9/17/2005 12:39:16 PM H 0 C:\WINNT\Temp\CSCEA2FDB5-3968-4FEC-8EA0-C5AC15365EA5.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CSCEC89E7B-A260-4887-83D4-0FFF459425D8.tmp
9/17/2005 1:08:14 PM H 1415174 C:\WINNT\Temp\CSD08450AE-0C1E-46D0-AC6C-F85A26CECE33.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CSD25BA6EC-F9F1-4496-AB16-DCA9B124B3DD.tmp
9/17/2005 12:39:20 PM H 0 C:\WINNT\Temp\CSD3E127B7-965A-4D32-8829-8868455F2689.tmp
9/17/2005 8:39:52 AM H 80814 C:\WINNT\Temp\CSD4359A35-C745-4850-9257-186C4E27B35E.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CSD5B878AA-ACA4-434D-B7F6-9D55AFCB593F.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CSD745D434-34C0-4F1B-B4CA-1553493573A5.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CSDA226337-A522-4F7A-AE68-973B2BF368F1.tmp
9/17/2005 12:39:14 PM H 0 C:\WINNT\Temp\CSDBCB3085-C0F9-4472-8C29-D99985DFD42C.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSDC16C7DD-A3B1-4983-B095-E3326DEC6417.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CSDC1DA198-B41B-404A-8A58-DE6BEB99C753.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CSDD87717C-4194-446C-9814-CB99A4768754.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CSDF568EC9-B30C-4AB3-8B70-A755A7862E43.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CSDFC173F7-BDD8-43B9-B836-47F74B6DA501.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSDFE5E5F7-54E6-44EF-B9E3-55388BE3AC53.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CSE08A48E4-806A-479F-8792-C2346C7EDB44.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSE1F533EA-D7B6-4A90-AFCC-39C705E4AC05.tmp
9/17/2005 12:39:24 PM H 0 C:\WINNT\Temp\CSE2DDF75C-4CA5-4758-AA02-3EB6D72001BE.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSE581B661-3D40-4D1F-8350-62091F423ADC.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSE5E3DFA0-2C4F-446A-8A60-45812B7DC374.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CSE783620D-005B-43AF-87F1-8369EB43BF2B.tmp
9/17/2005 1:08:16 PM H 0 C:\WINNT\Temp\CSEB8AEF05-B921-41C2-8E14-5F26B934DB67.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CSECAF832F-938B-4716-93FB-FB806D8E8F11.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSEEBC0078-02D4-4EF0-AAFC-DED3B6283F30.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CSEF16E390-206D-4BDD-8D8D-CE838CAABE8C.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSF061DAB5-31B4-445C-9FD5-6BF324E0BD7E.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSF46A71A9-8071-49CB-99E6-F5C9570CC73A.tmp
9/17/2005 1:08:08 PM H 0 C:\WINNT\Temp\CSF4A3977A-B32B-4F5B-B667-4896C432382A.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CSF4D4DC47-E2F3-4F67-86E2-C5A8A50AA350.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CSF8865A2E-471A-443A-8492-B569E0B2C9CF.tmp
9/17/2005 12:39:18 PM H 0 C:\WINNT\Temp\CSF8D9F4EA-DC2B-4D89-842A-5F4DE6D718BF.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CSFC8566E1-D50C-464A-8BCE-B7A84091EFBF.tmp
9/17/2005 8:39:14 AM H 0 C:\WINNT\Temp\CSFE80B0AA-F51A-4156-A71E-74007C853822.tmp
9/17/2005 1:07:44 PM H 0 C:\WINNT\Temp\CSFF624DD9-7466-4D96-B7FE-71C6896FA3BA.tmp

Checking for CPL files...
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINNT\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 C:\WINNT\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 C:\WINNT\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 C:\WINNT\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINNT\SYSTEM32\joy.cpl
Sun Microsystems 9/28/2004 9:26:02 PM 61555 C:\WINNT\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/18/2001 1:00:00 PM 187904 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 1:00:00 PM 35840 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 C:\WINNT\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINNT\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINNT\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 7:57:40 PM 323072 C:\WINNT\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINNT\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 1:00:00 PM 28160 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINNT\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 65536 C:\WINNT\SYSTEM32\DIBACKUP\DIRECTX\joy.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINNT\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINNT\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINNT\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINNT\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/18/2001 1:00:00 PM 187904 C:\WINNT\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/18/2001 1:00:00 PM 35840 C:\WINNT\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINNT\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINNT\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155648 C:\WINNT\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/18/2001 1:00:00 PM 28160 C:\WINNT\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINNT\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINNT\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl
NVIDIA Corporation 7/28/2003 4:19:00 PM 143360 C:\WINNT\SYSTEM32\ReinstallBackups\0001\DriverFiles\nvtuicpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
10/9/2001 1:50:54 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/9/2001 1:40:18 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
5/17/2003 10:32:00 PM 5 C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
6/17/2003 8:45:30 PM 194 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
7/27/2005 7:18:34 PM H 36 C:\Documents and Settings\All Users\Application Data\LHGSYFE

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
6/28/2003 7:11:48 PM 110886 C:\Documents and Settings\Owner\Application Data\Casino.exe
6/28/2003 7:11:48 PM 766 C:\Documents and Settings\Owner\Application Data\casino.ico
10/9/2001 1:40:18 PM HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini
1/13/2004 2:51:44 PM 0 C:\Documents and Settings\Owner\Application Data\dm.ini
7/11/2005 10:24:42 PM 162632 C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
1/1/2005 6:09:10 PM 554 C:\Documents and Settings\Owner\Application Data\Sskdmns.dll

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{C4D893FD-B474-4F52-B21F-B118B1FA01B9} =

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Library
{54F51408-DD44-4a12-82EF-519AD2A80DE9} = C:\Program Files\ATI Multimedia\mlibrary\MLShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}
STOPzilla Browser Helper Object = C:\WINNT\System32\SZIEBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINNT\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6224f700-cba3-4071-b251-47cb894244cd}
ButtonText = ICQ : C:\Program Files\ICQ\ICQ.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM95\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
{98A7C97A-4FFF-4F6E-A313-D21BC759DD99} = Proxy :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
GWMDMMSG GWMDMMSG.exe
HPDJ Taskbar Utility C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
SSC_UserPrompt C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
NAV CfgWiz "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
STOPzilla "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
RegistryMechanic
BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATI DeviceDetect C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
ctfmon.exe C:\WINNT\system32\ctfmon.exe
E6TaskPanel "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
Steam

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key \s SyB-
Hint 50's word
FileName0 C:\WINNT\System32\RSACi.rat

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 0
PleaseMom 1
Enabled 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
l 0
n 0
s 0
v 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINNT\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT&#

#9 iNvAzN

iNvAzN
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 18 September 2005 - 01:20 AM

The startup file for stopzilla has been disabled for a couple of months now, and the earthlink one has been disabled too

#10 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,636 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 19 September 2005 - 12:52 AM

OK, you've got some files that look like thay are leftover from earlier infections and some messed up registry entries. Let's see if this helps:

1. Download killbox from here:

KillBox

Unzip the folder to your desktop.

2. Downlowd the attached fix.reg file and save it to your desktop.

3. Boot into safe mode.

*Start Killbox.exe
*Select the Delete on reboot option.
*Copy the complete text in bold below to the clipboard by highlighting them and pressing Control-C:

C:\WINNT\180ax_kyf.dat
C:\WINNT\aniqueo.exe
C:\WINNT\msbb_kyf.dat
C:\WINNT\SYSTEM32\ap9h4qmo.ini
C:\Documents and Settings\Owner\Application Data\Casino.exe
C:\Documents and Settings\Owner\Application Data\casino.ico
C:\Documents and Settings\Owner\Application Data\Sskdmns.dll


*Go to the File menu of Killbox, and choose "Paste from Clipboard".
*Click the "Delete File" button that is a red-and-white X. When asked if you want to delete these files say Yes. When asked if you want to reboot now, say No.
*Exit Killbox.

4. Now double click on the fix.reg file you ahve saved to your desktop and allow it to merge with your registry.

5. This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

6. Reboot back into normal mode.

7. Please run Panda ActiveScan and allow it to clean all it finds. Save the log and post it back here.

8. Run Pfind again and post that log as well.

Question: Are you using a proxy now? These lines didn't appear in your earlier logs.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>

The startup file for stopzilla has been disabled for a couple of months now, and the earthlink one has been disabled too

OK, but the BHO for Stopzilla still shows up in your log as being active and that is usually what stops pop ups rather than a startup. We'll look at that next. Let me know if the problem has been fixed after following the above instructions.

Attached Files

  • Attached File  Fix.reg   593bytes   9 downloads

The thing about people

is they change

when they walk away.--Mipso


#11 iNvAzN

iNvAzN
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 24 September 2005 - 07:07 PM

The problem still persists, and I don't know about the proxy. The panda activescan doesn't work with my ie browser when i click the free scan button. Here's the Pfind log:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PEC2 6/26/2005 11:43:46 AM 321024 C:\WINNT\SysUtil.exe
PECompact2 6/26/2005 11:43:46 AM 321024 C:\WINNT\SysUtil.exe

Checking %System% folder...
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINNT\SYSTEM32\d3dx9_25.dll
PEC2 8/18/2001 1:00:00 PM 41397 C:\WINNT\SYSTEM32\dfrg.msc
PEC2 6/9/2005 4:32:28 PM 692736 C:\WINNT\SYSTEM32\DivX.dll
PECompact2 6/9/2005 4:32:28 PM 692736 C:\WINNT\SYSTEM32\DivX.dll
PECompact2 9/8/2005 9:36:32 PM 1997664 C:\WINNT\SYSTEM32\MRT.exe
aspack 9/8/2005 9:36:32 PM 1997664 C:\WINNT\SYSTEM32\MRT.exe
aspack 8/4/2004 3:56:36 AM 708096 C:\WINNT\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINNT\SYSTEM32\rasdlg.dll
winsync 8/18/2001 1:00:00 PM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINNT\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINNT\SYSTEM32\drivers\etc\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/24/2005 6:19:24 PM S 2048 C:\WINNT\bootstat.dat
9/18/2005 1:58:00 AM HS 7680 C:\WINNT\Thumbs.db
8/7/2005 12:32:50 PM HS 0 C:\WINNT\system32\sscms.dat
8/7/2005 12:27:40 PM HS 32 C:\WINNT\system32\sscms.le
9/15/2005 3:20:50 PM S 77034 C:\WINNT\system32\CatRoot\{F750E6C3-38EI E-11D1-85E5-00C04FC295EE}\oem10.CAT
9/15/2005 3:20:50 PM S 77034 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem27.CAT
9/24/2005 6:22:20 PM H 1024 C:\WINNT\system32\config\default.LOG
7/30/2005 11:02:54 AM H 0 C:\WINNT\system32\config\DEFAULT.rrr.LOG
9/24/2005 6:19:32 PM H 1024 C:\WINNT\system32\config\SAM.LOG
7/30/2005 11:02:54 AM H 0 C:\WINNT\system32\config\SAM.rrr.LOG
9/24/2005 6:21:30 PM H 1024 C:\WINNT\system32\config\SECURITY.LOG
9/24/2005 8:05:46 PM H 1024 C:\WINNT\system32\config\software.LOG
7/30/2005 11:02:54 AM H 0 C:\WINNT\system32\config\SOFTWARE.rrr.LOG
9/24/2005 7:54:22 PM H 1024 C:\WINNT\system32\config\system.LOG
9/22/2005 7:40:20 AM H 1024 C:\WINNT\system32\config\systemprofile\NTUSER.DAT.LOG
9/24/2005 6:19:36 PM H 6 C:\WINNT\Tasks\SA.DAT
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS0003B6E2-1CD6-40DF-A20F-5EB2E0DD449B.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS01C00BEF-CEC2-46F3-B5D0-58D120B6F398.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS01C0949A-0FA3-478B-B993-A795057AB06E.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS01C87213-166E-44F4-BD4D-50E617DC6F6B.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS02E656B9-2CD9-41E4-BDB7-C077667628C3.tmp
9/22/2005 7:09:58 AM H 0 C:\WINNT\Temp\CS04C9E334-C60C-4A01-A32D-A645E4281F45.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CS064A4164-FBB3-4424-B296-14A618DAF398.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS0671D18C-88D5-4D80-82C8-67F4E9A2961E.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS068D4640-1DF7-48F5-96A3-2A920C7A43F3.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS0753CFF7-3E38-47AC-A64E-9487126C5965.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS07E9A74D-A5B4-4EC2-8470-172F8C143509.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS08538F96-B440-4DEE-BC2B-C15F2F44F701.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS08E4F22F-4884-4A43-A6F8-D4B82E7958EC.tmp
9/24/2005 6:20:50 PM H 0 C:\WINNT\Temp\CS09632EB3-66A2-40C5-BC6E-80A2FD3BF7CE.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS10118FE5-4A3D-4F05-9E4F-73213A6FD287.tmp
9/22/2005 7:15:52 AM H 192 C:\WINNT\Temp\CS1012A96F-1D75-4AAA-A711-DDB4E0661E04.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS119E46B8-9E2C-4892-898D-DCEC6A9C50C0.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS16DE80E1-069D-4A49-AD2C-3E80478F9DC6.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS16E7D8D3-A8E6-44B3-B5DA-8BE004CBF5DB.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS17853134-2887-4902-9F91-3F00BA9B1C08.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CS19FE3AE6-E0FF-464C-9900-D1620F0A640C.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS1C0A7D43-84DB-4F79-AC33-8DABEB2D8FE0.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS1D89A5CF-E102-477A-BAFB-D1A164DE001F.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS1EECB5B5-55D6-4EE3-BFA5-5525B0F63B54.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS21641FBF-92FE-48A2-B4EA-59E16AA21080.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS22E658EF-605F-4814-84AD-5637160B290D.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS23A71F36-E5A3-4348-92F4-302076928FE9.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CS262ECFEC-D4A5-4B67-8D0E-87DEA251D30C.tmp
9/22/2005 7:15:50 AM H 974 C:\WINNT\Temp\CS28791002-D696-44CD-A051-88A0723767F4.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS2A8ACC26-BE4C-4039-A6BE-F396FD3F5137.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS2CFA271E-F57C-45FE-ACA7-973F36F55A57.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS2D8F8977-360C-4FCF-A3C9-02840F2F2C3F.tmp
9/24/2005 6:21:30 PM H 0 C:\WINNT\Temp\CS3021EC1B-EBC6-437C-B214-C62B9F68A5D7.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CS30382C51-EEFD-48F2-99AA-1AF42182B564.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS30FA1E74-908E-4647-BB18-787524A9B558.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CS316D900F-AE4D-4942-ADC6-CA47206A404C.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS3200D835-FF96-4393-9D89-219E78153568.tmp
9/22/2005 7:15:52 AM H 114 C:\WINNT\Temp\CS320606E8-11EE-45CC-AE1F-AF76B50B94AF.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CS3495EA93-95DD-4886-B998-60F4A41691EB.tmp
9/22/2005 7:15:50 AM H 590 C:\WINNT\Temp\CS35286AC5-C460-45CC-9616-FAE64A599CC3.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CS3594CD5D-6BC5-4678-AAA1-E544E656A9FA.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS37AC7E9F-804F-43D3-8C1F-CE33DC352C04.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS39E6C6D6-C8F8-433A-B525-2E92B14CEF8F.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS3D6D52B8-D456-4371-81D0-A0C536A520DB.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS3E305181-5E2C-45B5-B427-EA503C4A0414.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS3EBB4E2B-CCCF-44F6-B100-3FDD99B00AB5.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS40C8E5D0-C26B-467C-B054-A0EB779DE845.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS41629657-CD84-4F28-9F61-A4DAF8DFE445.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS428B40CC-B996-44D1-AEA2-6D927BBF70F3.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS4573FFC3-B2C6-4D93-A0ED-739DD5B56D04.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS45DF4C4C-6E2A-4ED2-A28E-95B659938AF6.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS4732B4F6-8B38-4C87-9017-4FD5CA2D7028.tmp
9/22/2005 7:15:52 AM H 26 C:\WINNT\Temp\CS4768AE87-96F7-46E0-B17C-C2837DF4A27C.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS47C0DB5B-B04C-47D1-A317-3FB0671AE40E.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS489558C5-84B7-4B26-8E57-D9B8F2D29C77.tmp
9/22/2005 7:15:52 AM H 96 C:\WINNT\Temp\CS49FD9F85-0C53-45AE-852C-A5F2A715A85F.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS4A109AAA-108C-425E-B70E-58837C1FE4D2.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CS4A8374A6-AA08-4302-847C-B2541D6BDCF4.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS4B581BCC-06AA-45B0-90C6-554FCBF1054E.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CS4D2F1832-CACF-4BD7-A270-37A0ABC2AA5F.tmp
9/22/2005 7:15:52 AM H 100 C:\WINNT\Temp\CS4D35AFBE-5C9A-418B-8763-EABF0E653DCC.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS4D572AE7-5CD6-4B47-BAA7-0DFEBEABAF3A.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS5190BAEC-B88E-4700-802C-96A2AF16FBFD.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS522EB63B-747A-4F61-9F12-2D809F585EC2.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS52425E9A-13A5-475A-A5BE-835511721EF1.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CS53B00342-4090-4A40-94A9-7576C9867BF4.tmp
9/22/2005 7:15:52 AM H 136 C:\WINNT\Temp\CS550DB3F5-CFA4-4657-B163-B7E1A62D602F.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS561C8AD3-F0A3-435D-B6A8-05A2A5CF0967.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS567A2E65-6D9D-42C1-829B-07251D8D900A.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS5877CB0D-07A0-495F-8F45-B27ECB708E6D.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS588EBC4D-921D-44E3-9E91-AD794BD6B211.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS59806DC5-9B02-470A-AE06-700F41D914ED.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS5ADCAB7D-FF4F-4DEC-9A70-16EEF29D87E8.tmp
9/22/2005 7:15:50 AM H 734 C:\WINNT\Temp\CS5B632BB0-A3DC-4F4E-AE60-1660C7C62D81.tmp
9/22/2005 7:15:52 AM H 498 C:\WINNT\Temp\CS5D4505A0-25A4-48D0-9741-50AC016CC97F.tmp
9/22/2005 7:15:52 AM H 498 C:\WINNT\Temp\CS62EF017E-1590-4082-810B-488143F1E68A.tmp
9/22/2005 7:09:58 AM H 0 C:\WINNT\Temp\CS6490FC00-C0D7-4117-B50E-C03FF3B260B9.tmp
9/22/2005 7:15:52 AM H 518 C:\WINNT\Temp\CS668F034C-92A4-402B-8224-47DAF9620771.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS66AC415E-D966-4584-B090-FDE83EB28158.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS67D4D836-05AE-4388-A740-D3EBC5FBE550.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS68CA6AC8-BEE0-4738-ADC3-9E72444FE288.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS6933E34D-9DA5-45C6-90E9-D3328931694B.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS6C7CDEA3-D251-4591-BF97-1A37B88BE1D7.tmp
9/22/2005 7:09:58 AM H 0 C:\WINNT\Temp\CS6CB1DE12-8C5A-4C39-BC17-A723D7F498F3.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS6CE3F123-66EF-47AD-94CC-56AF5AA03EC3.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS6DF6561C-83A8-4D6D-B065-A9D9BB1C46FA.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS6E0F76B2-53CA-4299-A5B0-7B5847A22090.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS6E3BA421-864C-484F-BD60-809D0749920F.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS6FBF646F-3EDD-4616-814B-CEF51DDBD22E.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS7091B6DA-8D49-41C0-A08C-9022D439EC85.tmp
9/22/2005 7:15:52 AM H 100 C:\WINNT\Temp\CS711E2CDE-E705-4630-9B9F-DF642828B9AC.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS712236EC-C2B6-487C-B881-379B1E2C228C.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS725B9600-08D2-451B-A7D0-1C17B04A9B78.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CS725F5866-68B7-437F-962A-49E5B560E636.tmp
9/22/2005 7:15:52 AM H 68 C:\WINNT\Temp\CS7482DC5F-9B14-4D78-A90C-6B67BD85E64C.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS7AA1F308-E060-4929-A98D-8BDD43A097F9.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS7B37EF56-C92B-4C82-9216-4252EAE6AB21.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CS7C52610D-B720-459F-B292-CD9C06C83CAA.tmp
9/22/2005 7:15:52 AM H 44 C:\WINNT\Temp\CS7CC4EAE7-B59E-4EF0-9184-D074172DFA93.tmp
9/22/2005 7:15:52 AM H 26 C:\WINNT\Temp\CS7DAE7039-938D-4B81-ABE8-470510E9B61B.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS7EA2F9A6-EB09-40FA-A784-6BAE976C9AAE.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS7FF9D734-5D27-425A-A001-8802611F67AF.tmp
9/24/2005 6:21:26 PM H 0 C:\WINNT\Temp\CS8021BA53-971D-4E51-B7B1-68B8A0F0D462.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS83561D80-D8F3-4B27-8921-F763DB70707D.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CS843699B8-2198-497C-B5D1-6C286DFE2F22.tmp
9/22/2005 7:15:52 AM H 44 C:\WINNT\Temp\CS84E34643-495C-4E6D-A2CB-0353A3732BD1.tmp
9/22/2005 7:15:52 AM H 46 C:\WINNT\Temp\CS8807155F-D999-40EE-BFFF-DD1A050996BB.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS89202990-3BC8-4F10-89A0-4384293F87C1.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS8B828AE1-FA17-4EA2-BDEF-9F73974768E9.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS8BEB5C65-8168-447F-B446-8A332D87C45A.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS90E857EA-1DF1-4465-BF79-14E787CC7100.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS9375A91E-9D86-4CF9-9DBD-7A4EE5B19C7C.tmp
9/22/2005 7:15:52 AM H 38 C:\WINNT\Temp\CS94F30466-B811-4EE1-B231-3E48A1E0B4E2.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS952CFAFF-3F55-42CD-98E1-DA7C41040DE8.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS9541A157-FB26-4156-B70F-983499BF5D4B.tmp
9/22/2005 7:15:52 AM H 14 C:\WINNT\Temp\CS955521BD-BC9C-401E-996F-88BE6FE9DC19.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS95E8A462-6B3D-4945-8586-B28373D55011.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CS95FBE68C-EED8-41F9-9B79-5EB3B1616640.tmp
9/22/2005 7:15:52 AM H 44 C:\WINNT\Temp\CS9672643B-BB04-47DC-93C6-3EE258BE0791.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CS9801C259-609E-47BA-A04A-7126942C9589.tmp
9/22/2005 7:15:52 AM H 102 C:\WINNT\Temp\CS98567D0B-2087-4C11-8ED0-2572B61F58AB.tmp
9/22/2005 7:15:52 AM H 528 C:\WINNT\Temp\CS986C5066-B10A-4030-B795-29EFE8900891.tmp
9/22/2005 7:15:50 AM H 770 C:\WINNT\Temp\CS98BF1FA5-0710-4071-97EE-B129EC15305A.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS9995CD95-EDE9-415D-B63C-BEE0FD8B0701.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CS9CCEBF52-0158-4803-A3C9-2691812663E3.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS9E7AAD79-2D5C-49AD-A33A-871A2CD97A46.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CS9ED22BD0-165F-4D6A-AA96-B512EA3F4CEF.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CS9FD7B41F-6FDE-4CE5-895D-B08B406ED191.tmp
9/22/2005 7:15:52 AM H 162 C:\WINNT\Temp\CS9FF65523-D009-4E9D-9812-64B50F8F7AF6.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CSA0413B5B-8A98-447F-B1D4-FCA914B10911.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSA0CEE61B-4FD2-41B1-877C-9D8EE82D2FA7.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CSA3A8B3EF-B503-4866-9E57-F888EBF05D2A.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CSA3CBF303-37D9-406D-B1CA-4379050EEE91.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CSA4578867-6E2D-4DE7-B45E-6F090C99A2FF.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CSA4A351A8-FFC2-426C-9550-C8CBEBFF1EC5.tmp
9/22/2005 7:15:50 AM H 734 C:\WINNT\Temp\CSA56C8E31-4C6E-4A34-B5A5-C171829417A8.tmp
9/22/2005 7:15:52 AM H 100 C:\WINNT\Temp\CSA691DD79-4664-4A5D-8716-22CB3D9C1733.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSAA3B6032-731D-48B7-B57F-CBBA81242AD7.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSAC29B9A8-192E-444F-B1B9-C0AF3A27A74C.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CSB01B6F1C-59B4-4BAB-BB7B-2CB7FF9A3D67.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CSB02071D1-19B9-4510-857F-0B6D40186DD3.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CSB1A84D11-F45D-4898-80FE-1DF0B35EEB7E.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CSB2D585BC-4783-420E-88AD-7C4EB11BEC46.tmp
9/22/2005 7:09:58 AM H 0 C:\WINNT\Temp\CSB39C0441-DA39-48FF-954C-F171065FA8AB.tmp
9/22/2005 7:15:52 AM H 42 C:\WINNT\Temp\CSB4DD8767-E95C-4A4A-A093-46EF51C0D8C6.tmp
9/22/2005 7:15:50 AM H 612 C:\WINNT\Temp\CSB67D8481-1C44-43B7-B76B-DE78444F39A0.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSB7CDB7BD-E0A9-4050-A651-2565268433AA.tmp
9/22/2005 7:15:50 AM H 702 C:\WINNT\Temp\CSB8B1CB66-A1A5-4AC3-AA41-9EA0A6894A92.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CSBA98BB7D-312E-4EFB-902A-AF27F68D92DE.tmp
9/22/2005 7:09:58 AM H 0 C:\WINNT\Temp\CSBD949BDF-A90D-4F91-99DA-FC85D4FE4D29.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CSBEB06721-3C45-478F-8185-911C4003B1A8.tmp
9/24/2005 6:21:30 PM H 0 C:\WINNT\Temp\CSBEFEF58C-B14D-473A-A435-C3599E189253.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CSC06E9B67-C775-406F-BECC-6CFD9DDE9A94.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSC0AD8056-4A75-4041-A33D-F932AFB705CB.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CSC11F5D60-A56A-467B-95C9-A4F5B1F31BC4.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CSC4AB3300-7311-447B-9811-10080FEF99CD.tmp
9/22/2005 7:15:50 AM H 878 C:\WINNT\Temp\CSC586E24B-D26B-4D77-A352-E0E46DA602C4.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CSC7573B49-D089-423F-8935-278DAC327268.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CSC9066763-6C77-4C45-A549-08ECCFB5C5C1.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSC9DDF96E-B4E7-4057-87B3-2DEFF75FDAAB.tmp
9/22/2005 7:15:52 AM H 120 C:\WINNT\Temp\CSCA952E57-6FE7-45CB-9D68-FAD876915E1C.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSCA97B5F6-1C86-4313-904B-FEEBC4993BAB.tmp
9/24/2005 6:21:28 PM H 0 C:\WINNT\Temp\CSCBAB6109-C460-4409-A11E-E89E514D7E62.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSCDC3B979-9C87-4E5B-8CF9-3D459F79C4FD.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSCE8968F7-0699-482D-8BA9-A3FA4FFB77EA.tmp
9/22/2005 7:15:50 AM H 698 C:\WINNT\Temp\CSCFB27CF9-F18B-4002-9926-460DBAA55285.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSD01041AC-CE09-4064-BFCE-E9E6787C6FEE.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSD01E712D-CDCE-471F-B7E6-8F52F0D654BD.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CSD07592E6-5872-4002-B9C6-38D96D7CC304.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CSD1900DF9-1FF3-4135-B1FB-821A2D5C9FBC.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CSD382A9A4-AF11-4075-8177-745D89E6B78D.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSD43C6BB0-2287-4B60-BBEE-2331B8A1A8D6.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CSD51F26CE-FB74-41F1-A987-73D93DDE901D.tmp
9/22/2005 7:15:50 AM H 548 C:\WINNT\Temp\CSD5BF8AE9-4792-4BB8-A818-AEB709FA1CD0.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSD6909E48-3C7B-44CA-A897-7BBC402A830E.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSD7B7CD1F-590E-4385-97C2-C2AC9BBC6058.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CSD8C97D68-FC15-45E4-9CCB-B79A9B48592A.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSD8E13A80-A252-4EF5-A25D-393F152AC1F3.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CSD9005C9C-F406-4D6B-8F5D-E56C0B5079E3.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSDAEE592C-FEFD-448E-82B3-5041B0983695.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CSDCF3EADB-A01B-4716-A6F1-1AA870F40B8D.tmp
9/22/2005 7:10:20 AM H 0 C:\WINNT\Temp\CSE05C34BC-BB48-4C2B-ACD1-C2959C6642D0.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSE09464D3-C3F2-4F8E-AE15-B596FD3A8313.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CSE3D6CA0B-37A0-4B5A-A8D0-46320146A4FF.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CSE8658BA6-9474-4F48-BAF2-EAFE9EAC3ABE.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSE8B21AA7-7F83-43D6-870F-504156378701.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CSEA44F1B1-66FF-490A-9C27-8FC70336928D.tmp
9/22/2005 7:10:00 AM H 0 C:\WINNT\Temp\CSEB9C5F9B-FC93-46DA-90BD-74402BC69510.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CSEC6C88D5-AB71-414E-B75C-5BA5072AC742.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSED6D9CCF-A5B0-45BA-89AC-32AD48FB7F00.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSEDA91A34-FF59-49A6-B4BA-483801CFF0A8.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSEDBAF8C6-07CE-4322-BE70-C8B9F21D84C3.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CSF00FC019-3E67-401A-8568-7849C3408EF9.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSF0FBD537-CDAE-49B9-97A2-7268620DE2E7.tmp
9/22/2005 7:10:00 AM H 976196 C:\WINNT\Temp\CSF102BF6E-526D-4264-A110-88EF32255F9B.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSF4286C21-7422-4A12-817A-2E6A26D18B02.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSF4B971E9-A4BA-419A-AED3-336CF5B5D556.tmp
9/24/2005 6:20:34 PM H 0 C:\WINNT\Temp\CSF600DECD-C7CE-420A-8C1E-678A76792D85.tmp
9/22/2005 7:15:52 AM H 10 C:\WINNT\Temp\CSF67AFF16-0B8A-4DD0-8649-3E1160FA37BA.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSF6A6924F-CC2A-43F5-BE1B-B062833D4173.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSF7A0AAB4-F60D-4769-9AFD-876EC9F06CB7.tmp
9/24/2005 7:20:14 PM H 0 C:\WINNT\Temp\CSFD3F726F-2CC8-4A9F-A023-4687A54FEE17.tmp

Checking for CPL files...
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINNT\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 C:\WINNT\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 C:\WINNT\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 C:\WINNT\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINNT\SYSTEM32\joy.cpl
Sun Microsystems 9/28/2004 9:26:02 PM 61555 C:\WINNT\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/18/2001 1:00:00 PM 187904 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 1:00:00 PM 35840 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 C:\WINNT\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINNT\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINNT\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 7:57:40 PM 323072 C:\WINNT\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINNT\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 1:00:00 PM 28160 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINNT\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 65536 C:\WINNT\SYSTEM32\DIBACKUP\DIRECTX\joy.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINNT\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINNT\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINNT\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINNT\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/18/2001 1:00:00 PM 187904 C:\WINNT\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/18/2001 1:00:00 PM 35840 C:\WINNT\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINNT\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINNT\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155648 C:\WINNT\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/18/2001 1:00:00 PM 28160 C:\WINNT\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINNT\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINNT\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl
NVIDIA Corporation 7/28/2003 4:19:00 PM 143360 C:\WINNT\SYSTEM32\ReinstallBackups\0001\DriverFiles\nvtuicpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/22/2005 4:20:10 PM 1847 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
10/9/2001 1:50:54 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/9/2001 1:40:18 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
5/17/2003 10:32:00 PM 5 C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
6/17/2003 8:45:30 PM 194 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
7/27/2005 7:18:34 PM H 36 C:\Documents and Settings\All Users\Application Data\LHGSYFE

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
10/9/2001 1:40:18 PM HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini
1/13/2004 2:51:44 PM 0 C:\Documents and Settings\Owner\Application Data\dm.ini
7/11/2005 10:24:42 PM 162632 C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{C4D893FD-B474-4F52-B21F-B118B1FA01B9} =

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Library
{54F51408-DD44-4a12-82EF-519AD2A80DE9} = C:\Program Files\ATI Multimedia\mlibrary\MLShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINNT\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM95\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
{98A7C97A-4FFF-4F6E-A313-D21BC759DD99} = Proxy :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
GWMDMMSG GWMDMMSG.exe
HPDJ Taskbar Utility C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
SSC_UserPrompt C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
NAV CfgWiz "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
RegistryMechanic
BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
ATICCC "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
CloneCDElbyCDFL "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
CloneDVDElbyDelay "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
D066UUtility C:\WINNT\TWAIN_32\D66U\D066UUTY.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINNT\system32\ctfmon.exe
E6TaskPanel "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
Steam
Start WingMan Profiler

ATI Launchpad
ATI DeviceDetect C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
ATI Remote Control C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
ccleaner "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key \s SyB-
Hint 50's word
FileName0 C:\WINNT\System32\RSACi.rat

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 0
PleaseMom 1
Enabled 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
l 0
n 0
s 0
v 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINNT\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/24/2005 8:06:39 PM

Edited by iNvAzN, 24 September 2005 - 07:09 PM.


#12 iNvAzN

iNvAzN
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 02 October 2005 - 12:22 PM

find anything new??

#13 iNvAzN

iNvAzN
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 07 October 2005 - 11:10 PM

am i still gettin any help or what?

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:29 PM

Posted 10 October 2005 - 01:31 PM

Sorry...PK asked me to step in. I dont see anything wrongh with the winpfind log. Post a new HJT log and give me an idea as to what is wrong.

#15 iNvAzN

iNvAzN
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 14 October 2005 - 06:39 PM

ok, here's the hjt log:
Logfile of HijackThis v1.99.1
Scan saved at 7:36:51 PM, on 10/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\system32\wdfmgr.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\alg.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System\blank.htm
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [D066UUtility] C:\WINNT\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120087635562
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BF8169A-D30D-4461-B447-A6B5709E3016}: NameServer = 141.155.0.68 151.203.0.84
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users