Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Stwoyle removal


  • Please log in to reply
5 replies to this topic

#1 Dominican

Dominican

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 15 September 2005 - 09:17 AM

Hi, I'm trying to get rid of the Trojan.Stoyle for some time now and would like someone's help. Thanks in advance!

Logfile of HijackThis v1.99.1
Scan saved at 10:05:16 AM, on 9/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\RightFax\FaxCtrl.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Altiris\AClient\AClntUsr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\HyjackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ptoweb.uspto.gov/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\\FaxCtrl.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Czkyt] C:\WINDOWS\system32\m?config.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: LNSS Status Monitor.lnk = C:\Program Files\GFI\LANguard Network Security Scanner 6.0\statusmonitor.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: KPAK - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://uspto-a-eams-2/professional/ (file missing)
O9 - Extra 'Tools' menuitem: KAPK - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://uspto-a-eams-2/professional/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1117723134158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = uspto.gov
O17 - HKLM\Software\..\Telephony: DomainName = uspto.gov
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = uspto.gov
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "C:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: GFI LANguard N.S.S. 6.0 attendant service - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 6.0\lnssatt.exe" -service (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE
O23 - Service: Hummingbird Exceed Display Management (HumDisplayServer) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:48 AM

Posted 15 September 2005 - 10:18 AM

Click on start, settings, control panel and double-click on add/remove programs. From with add/remove program uninstall the following if they exist:

daily Weather forecast

Then,


Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKCU\..\Run: [Czkyt] C:\WINDOWS\system32\m?config.exe

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\Program Files\Daily Weather Forecast\
c:\windows\system32\winstyle2.dll

Reboot your computer to go back to normal mode.

Download http://www.bleepingcomputer.com/files/winpfind.php

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt along with a new hijackthis log as a reply to this topic.

#3 Dominican

Dominican
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 15 September 2005 - 01:20 PM

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 6/9/2005 6:43:34 PM 33347 C:\WINDOWS\ExeDialer1.exe

Checking %System% folder...
PEC2 8/23/2001 10:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
FSG! 11/11/2003 4:00:22 PM 236544 C:\WINDOWS\SYSTEM32\DivXdec.ax
PTech 8/29/2005 1:27:12 PM 520968 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 9/8/2005 11:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/8/2005 11:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:56:38 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 12:56:46 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/23/2001 10:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/15/2005 2:02:34 PM S 2048 C:\WINDOWS\bootstat.dat
7/22/2005 2:47:28 PM H 74 C:\WINDOWS\Uvsfv.sfq
9/15/2005 2:01:30 PM S 64 C:\WINDOWS\CSC\00000001
9/9/2005 10:06:46 AM S 64 C:\WINDOWS\CSC\00000002
9/8/2005 8:40:50 AM S 64 C:\WINDOWS\CSC\csc1.tmp
7/29/2005 8:32:42 AM H 0 C:\WINDOWS\inf\oem26.inf
7/19/2005 7:18:10 PM S 18913 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
8/31/2005 5:42:36 PM H 0 C:\WINDOWS\system32\CCM\Cache\skpswi.dat
8/31/2005 5:43:10 PM RH 0 C:\WINDOWS\system32\CCM\Inventory\Temp\skpswi.dat
9/15/2005 2:02:24 PM H 8192 C:\WINDOWS\system32\config\default.LOG
9/15/2005 2:02:50 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
9/15/2005 2:02:38 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
9/15/2005 2:03:40 PM H 98304 C:\WINDOWS\system32\config\software.LOG
9/15/2005 2:02:42 PM H 1011712 C:\WINDOWS\system32\config\system.LOG
9/14/2005 7:47:38 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
8/31/2005 5:42:52 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\f33c5ad7-1258-41d2-b22e-977973e14ee3
8/31/2005 5:42:52 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
8/22/2005 1:49:48 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\07dbee3f-fd08-4d40-9516-c1015a2936f0
8/22/2005 1:49:48 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
9/15/2005 2:01:32 PM H 6 C:\WINDOWS\Tasks\SA.DAT
8/3/2005 6:08:42 PM H 0 C:\WINDOWS\Temp\CS0082CB72-97FD-41C8-A872-842CAEC81C2E.tmp
9/8/2005 7:53:46 AM H 1184 C:\WINDOWS\Temp\CS00D431AC-046B-4958-8143-68D733EB4CB1.tmp
9/8/2005 7:54:08 AM H 118 C:\WINDOWS\Temp\CS0130BCC5-027C-4FEB-AD6B-272DA6C30665.tmp
9/8/2005 7:54:06 AM H 10 C:\WINDOWS\Temp\CS0232EAEF-D051-4356-9F87-FC9912981322.tmp
9/8/2005 7:46:48 AM H 1292850 C:\WINDOWS\Temp\CS045EBE82-DF0A-4AF8-998B-0FB185C6306E.tmp
9/8/2005 7:54:08 AM H 10 C:\WINDOWS\Temp\CS05471342-CB04-487E-87D3-2496B11D1DA7.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS06B5AA0B-28F6-40A6-B125-5AC10ACA556B.tmp
9/8/2005 7:46:48 AM H 902322 C:\WINDOWS\Temp\CS0749B34D-4966-4771-9A44-E444A9BA0F7F.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS08498E6C-D294-4B4C-9DBB-87889021FBA0.tmp
9/8/2005 7:46:48 AM H 0 C:\WINDOWS\Temp\CS0A2196E0-9EB0-463A-892F-BE0100BA59C7.tmp
9/8/2005 7:53:46 AM H 1040 C:\WINDOWS\Temp\CS0A332428-46BD-4C62-B530-B3C1B2139DC5.tmp
8/3/2005 6:08:42 PM H 100 C:\WINDOWS\Temp\CS0A437443-E40E-497C-82D2-FAD963FF0140.tmp
9/8/2005 7:54:06 AM H 88 C:\WINDOWS\Temp\CS0FCFD6AF-0651-40BD-ADF9-0C3932B22064.tmp
8/3/2005 6:08:42 PM H 162 C:\WINDOWS\Temp\CS0FD765D4-8C03-4BAD-A31A-94E1538B2A48.tmp
8/3/2005 1:52:38 PM H 955518 C:\WINDOWS\Temp\CS1076A836-5D03-4266-970C-8CCC44083988.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS119FA210-2F59-4FA9-86BE-D0F83D2EF185.tmp
8/3/2005 6:08:42 PM H 14 C:\WINDOWS\Temp\CS11F9879C-5AF4-44AE-A78F-525CDCE1BBD0.tmp
9/8/2005 7:54:08 AM H 124 C:\WINDOWS\Temp\CS13436624-B389-41E3-A695-F2F25C29A898.tmp
9/8/2005 7:54:06 AM H 204 C:\WINDOWS\Temp\CS13A0837C-54B1-41E7-8EBC-40271CB150DE.tmp
8/3/2005 1:52:38 PM H 0 C:\WINDOWS\Temp\CS13D704AE-58B3-424F-9B44-3E0AC1879605.tmp
8/3/2005 1:54:40 PM H 1310712 C:\WINDOWS\Temp\CS165F1192-EFFC-425D-91D9-48573FA44C7C.tmp
9/8/2005 7:54:08 AM H 120 C:\WINDOWS\Temp\CS166C1FF3-938D-4077-8421-373454E79DBF.tmp
9/8/2005 7:54:06 AM H 333 C:\WINDOWS\Temp\CS182BF196-AC8F-4434-960B-029B1E2066F1.tmp
8/3/2005 6:08:42 PM H 0 C:\WINDOWS\Temp\CS18342540-AD1C-4CF4-93C3-E93B842065EE.tmp
8/3/2005 6:08:42 PM H 30 C:\WINDOWS\Temp\CS18CF8767-5F2A-496F-AF89-B27F18A9ED89.tmp
9/8/2005 7:54:06 AM H 42 C:\WINDOWS\Temp\CS1922EACE-35F8-4F6C-9715-3FADC2A48BF8.tmp
8/3/2005 1:52:38 PM H 240 C:\WINDOWS\Temp\CS1AC722FF-D053-427F-AC38-87D92F3A072A.tmp
9/8/2005 7:54:08 AM H 10 C:\WINDOWS\Temp\CS1ADA8080-CB49-4B3D-8A07-2A48B94ED0D8.tmp
9/8/2005 7:54:06 AM H 10 C:\WINDOWS\Temp\CS1C14B556-D343-461A-A74C-62E7F37CDBC4.tmp
8/3/2005 1:54:42 PM H 1572864 C:\WINDOWS\Temp\CS2004E6AE-3FCD-451E-80DF-856364187366.tmp
9/8/2005 7:54:06 AM H 100 C:\WINDOWS\Temp\CS205B0E87-8347-4036-8353-E84D67CBB50B.tmp
8/3/2005 6:08:42 PM H 0 C:\WINDOWS\Temp\CS20A0BCE0-23A3-47FA-B94F-4355B4C89455.tmp
9/8/2005 7:53:46 AM H 1140 C:\WINDOWS\Temp\CS21DAF95F-C5F6-4CE8-BEA9-F17F7AF8D0A2.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS21F7F4A2-0702-4CA6-A1C1-5D2B1535F7A1.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS24C3AF81-1C6E-45BF-87BB-0B0F67F5AE70.tmp
9/8/2005 7:54:08 AM H 10 C:\WINDOWS\Temp\CS2515B29C-1EA5-4F9D-860F-AD6ED3711D41.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS259D968B-BDEB-4A4F-A0B2-73062649DBA4.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS25D352FD-FFC6-4AE3-9D9C-512B7F7AC1A9.tmp
8/3/2005 6:08:42 PM H 48 C:\WINDOWS\Temp\CS28A1E704-6DCF-47F8-A8E1-DC7C3A946BC8.tmp
9/8/2005 7:54:06 AM H 120 C:\WINDOWS\Temp\CS28EAAD68-4351-4CCB-9FA3-EA8BA35F2545.tmp
9/8/2005 7:53:46 AM H 1154 C:\WINDOWS\Temp\CS291C7343-3046-48DC-8CED-BBCE6D0EB847.tmp
8/3/2005 3:56:48 PM H 32 C:\WINDOWS\Temp\CS296EB3CE-DC48-4457-A857-293242235EAC.tmp
8/3/2005 6:08:42 PM H 0 C:\WINDOWS\Temp\CS2A6A76F0-A4F0-4511-8FF3-1680DC8906D3.tmp
8/3/2005 1:52:38 PM H 2016 C:\WINDOWS\Temp\CS2B407587-E913-4FCC-B698-3DE33DA37F9B.tmp
8/3/2005 6:08:42 PM H 42 C:\WINDOWS\Temp\CS2C0A97FD-3EF1-498E-83EE-F7DFD6577F2D.tmp
8/3/2005 6:08:42 PM H 114 C:\WINDOWS\Temp\CS2C1E7E81-EF96-4BD2-942C-D4B9FF02647C.tmp
8/3/2005 6:08:42 PM H 110 C:\WINDOWS\Temp\CS2C3F89A0-C33A-46D8-BF71-A1D7D8A1C941.tmp
8/3/2005 6:08:42 PM H 0 C:\WINDOWS\Temp\CS2CCEBAFA-5CE8-456E-905A-A4E909E4D382.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS2CFF477B-EE87-4A55-A758-E6F66FC71C5B.tmp
8/3/2005 6:08:42 PM H 118 C:\WINDOWS\Temp\CS2E508283-AF6B-4C13-B417-6654033EB835.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS2F9A50CB-33B3-4FB9-AE29-DC000C180FB9.tmp
9/8/2005 7:54:06 AM H 118 C:\WINDOWS\Temp\CS302B5469-0145-4FE3-816B-64176BC536FB.tmp
9/8/2005 7:46:48 AM H 6460 C:\WINDOWS\Temp\CS30D1118A-92BA-49D3-8882-5257EA93EAC7.tmp
9/8/2005 7:54:06 AM H 30 C:\WINDOWS\Temp\CS319E2AD9-1003-4D6E-84F6-76209B6FDB30.tmp
8/3/2005 6:08:42 PM H 110 C:\WINDOWS\Temp\CS3320C380-0CBA-4985-A664-315DC4B3B644.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS383EBDDC-F072-480F-9749-E27938A471A2.tmp
9/8/2005 7:54:06 AM H 160 C:\WINDOWS\Temp\CS38F11DE9-4411-4969-9B61-0A5BE0BD4A56.tmp
8/3/2005 1:52:38 PM H 1428504 C:\WINDOWS\Temp\CS39CA8B67-59EA-473B-8624-7D528745FFFB.tmp
9/8/2005 7:54:06 AM H 94 C:\WINDOWS\Temp\CS4030A880-81D7-40DE-B749-9192FC0574E7.tmp
8/3/2005 6:08:42 PM H 96 C:\WINDOWS\Temp\CS41B3CAD1-05D5-4A7A-B81C-0D4B87620095.tmp
9/8/2005 7:46:48 AM H 38312 C:\WINDOWS\Temp\CS41B5AB7D-78FF-4C56-BAB6-07D23555ABF3.tmp
8/3/2005 1:52:38 PM H 0 C:\WINDOWS\Temp\CS425BD7E3-0899-4A27-8154-706A1F2CB7F3.tmp
9/8/2005 7:54:06 AM H 48 C:\WINDOWS\Temp\CS444C06B0-C3A5-4D2C-8DC3-D86F80E12EFD.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS45F3F59E-D972-4B3B-B6BF-943FA861677B.tmp
8/3/2005 6:08:42 PM H 30 C:\WINDOWS\Temp\CS47D81CCE-1AA6-465C-B239-767F136496CE.tmp
8/3/2005 6:08:42 PM H 104 C:\WINDOWS\Temp\CS4B8F9A9E-4028-478B-BF72-78519F517A9B.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS504D352D-6696-4367-A5C7-045A2052EAF8.tmp
9/8/2005 7:54:06 AM H 1602 C:\WINDOWS\Temp\CS51A17248-F79E-4B54-82F3-4BDF246A7CF3.tmp
7/31/2005 8:44:36 AM H 0 C:\WINDOWS\Temp\CS53043DB8-F365-4340-8BB3-88BFEA327330.tmp
8/3/2005 6:08:42 PM H 0 C:\WINDOWS\Temp\CS538E6C0B-6C4B-40C8-8D4B-327B0CF8BD7B.tmp
9/8/2005 7:54:06 AM H 88 C:\WINDOWS\Temp\CS55C67FFD-5C78-4D3D-8B45-1C989BA1A996.tmp
9/8/2005 7:54:08 AM H 10 C:\WINDOWS\Temp\CS56081950-FDD6-488D-86A6-03A5CE591B7C.tmp
9/8/2005 7:53:46 AM H 1100 C:\WINDOWS\Temp\CS5854407A-3C91-4109-8D41-9295CDB4F404.tmp
8/3/2005 6:08:42 PM H 48 C:\WINDOWS\Temp\CS5A451B0F-D037-4A55-8235-AAE075137E46.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS5B80B697-6342-4E02-BEC0-65BB149A2772.tmp
9/8/2005 7:54:08 AM H 10 C:\WINDOWS\Temp\CS601B2DD4-C383-420D-95B0-C67D4526DFC9.tmp
8/3/2005 6:08:42 PM H 0 C:\WINDOWS\Temp\CS612F4BD3-1A5A-4AFA-AF0C-D59BBD5BCE91.tmp
9/8/2005 7:46:48 AM H 1077458 C:\WINDOWS\Temp\CS62F2BBC5-E93D-4B6B-A516-17CDF2AB164F.tmp
9/8/2005 7:53:46 AM H 1413142 C:\WINDOWS\Temp\CS6314B1EE-A65B-4F06-ABAB-A1573A321D0D.tmp
9/8/2005 7:54:06 AM H 10 C:\WINDOWS\Temp\CS663F55D1-D295-40C8-A4C1-E02F32CE7A89.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS677E98C8-D508-442A-B13F-5EA68AB98FE2.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS67EF7A69-B8EB-4C7E-A15C-F7EE53226F0D.tmp
9/8/2005 7:54:06 AM H 94 C:\WINDOWS\Temp\CS69B0BC22-355B-4A52-B736-AD140C0DFBC8.tmp
8/3/2005 6:08:42 PM H 136 C:\WINDOWS\Temp\CS6A8F14E4-4037-4D47-A32A-2F276E0BECA5.tmp
8/3/2005 1:52:38 PM H 2086644 C:\WINDOWS\Temp\CS6AF0F255-58C4-4CDF-B431-D8D810F7CCA0.tmp
8/3/2005 6:08:42 PM H 42 C:\WINDOWS\Temp\CS6DAE1B92-223E-4D6E-9E60-BE4DBB0D5D1D.tmp
9/8/2005 7:54:06 AM H 128 C:\WINDOWS\Temp\CS714D65BC-D967-4871-ADEE-38F17EC33934.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS71D77D74-0F2F-4E1C-9A69-190A41F7FB69.tmp
9/8/2005 7:46:48 AM H 23436 C:\WINDOWS\Temp\CS71E6F28B-1162-4456-9FCD-56508AE5C53F.tmp
9/8/2005 7:54:06 AM H 96 C:\WINDOWS\Temp\CS730CF658-1342-4FF7-AFAC-A13B4DB02F7F.tmp
8/3/2005 6:08:42 PM H 0 C:\WINDOWS\Temp\CS74B8E240-7D72-4A58-9B52-0D3A9CFA083C.tmp
8/3/2005 1:52:38 PM H 99808 C:\WINDOWS\Temp\CS75594C74-B8BC-4D06-BA31-D0900E45136D.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS763AFA73-281F-4C0C-B39B-63C4F70BDF91.tmp
9/8/2005 7:46:48 AM H 2016 C:\WINDOWS\Temp\CS772D3892-BFD0-409C-AB2D-FAFB53691536.tmp
8/3/2005 3:56:50 PM H 204 C:\WINDOWS\Temp\CS778A55AF-7294-4379-82EB-FE86C72A3CDB.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS779FD12E-EBE9-4F6C-B32F-502E133E390F.tmp
9/8/2005 7:46:48 AM H 556628 C:\WINDOWS\Temp\CS78899D1A-BDEE-4F62-9BE3-590D9D8D83EF.tmp
9/8/2005 7:54:06 AM H 10 C:\WINDOWS\Temp\CS78DEBB3B-9DA2-4A8D-A810-624A8C88B2F6.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS7942A6CC-81C3-4C3E-9D24-C8D09AB5A3EC.tmp
9/8/2005 7:47:38 AM H 720888 C:\WINDOWS\Temp\CS7DB528B1-E33D-4A66-981E-FAEFC783B7DC.tmp
9/8/2005 7:54:06 AM H 10 C:\WINDOWS\Temp\CS7DE64920-1113-40E8-BA66-FCA610C2D8A0.tmp
9/8/2005 7:53:46 AM H 1664 C:\WINDOWS\Temp\CS7F64D33B-EC1A-49FE-8F1E-35A9384DE8DC.tmp
8/3/2005 1:52:38 PM H 0 C:\WINDOWS\Temp\CS8193D42D-DE31-45A9-B7D0-DAF8A7EF8D52.tmp
9/8/2005 7:54:08 AM H 10 C:\WINDOWS\Temp\CS830AE99C-24C1-4D2C-AA2C-7FB62DB2DAFD.tmp
8/3/2005 3:56:50 PM H 30 C:\WINDOWS\Temp\CS8369D381-BA69-43FA-B200-8BEA5B014C73.tmp
8/3/2005 6:08:42 PM H 0 C:\WINDOWS\Temp\CS8469AA9E-FBB8-4645-8157-466B07D4AFD3.tmp
9/8/2005 7:53:46 AM H 1858 C:\WINDOWS\Temp\CS85ABE779-97B2-432A-9E61-9FB8EC5DCEEF.tmp
8/3/2005 1:52:38 PM H 160 C:\WINDOWS\Temp\CS87116F86-F05D-4041-9016-225622F8DBF7.tmp
9/8/2005 7:44:38 AM H 0 C:\WINDOWS\Temp\CS87496CF5-068A-44CF-A6AB-B98A9D4D8C02.tmp
9/8/2005 7:47:16 AM H 100 C:\WINDOWS\Temp\CS8A3C8CA2-093A-45AE-A2F4-1E581759430F.tmp
9/8/2005 7:54:06 AM H 124 C:\WINDOWS\Temp\CS8A7B83F2-FF47-4314-A349-C163AE1A301D.tmp
8/3/2005 1:52:38 PM H 0 C:\WINDOWS\Temp\CS8CD760AD-E3FD-4860-9799-DFD7A3E1D61A.tmp
9/8/2005 7:53:46 AM H 1198 C:\WINDOWS\Temp\CS8EC6FB4E-62DF-4CA2-9D32-D261D7EDA7BB.tmp
9/8/2005 7:54:06 AM H 10 C:\WINDOWS\Temp\CS90AF5146-7E0D-41D5-9FD0-D66FFAA366BB.tmp
8/3/2005 6:08:42 PM H 68 C:\WINDOWS\Temp\CS91447EC1-C85C-4852-9CDE-DCC4D57FFCD9.tmp
8/3/2005 6:08:42 PM H 104 C:\WINDOWS\Temp\CS92498552-90BE-4134-AF64-1F008F91DCA6.tmp
8/3/2005 1:54:44 PM H 720846 C:\WINDOWS\Temp\CS9307EA30-478C-4C59-AFD3-47F19D4A8F74.tmp
8/3/2005 1:52:38 PM H 38684 C:\WINDOWS\Temp\CS95121252-B46A-47A4-8711-82ED6D04F7DA.tmp
9/8/2005 7:53:48 AM H 1726954 C:\WINDOWS\Temp\CS95221E21-7DFF-4A53-98AD-69843194BB55.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS97939C81-1A2A-4478-82F0-633BC0C8AFDD.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CS98BFD048-8119-4BA3-8DCA-AA876E86C635.tmp
9/8/2005 7:46:48 AM H 2234862 C:\WINDOWS\Temp\CS99590989-092D-4DCB-AE7A-C70C2072EBDD.tmp
9/8/2005 7:46:48 AM H 3402 C:\WINDOWS\Temp\CS9B51E1A7-21CF-4307-9F39-36A06F821366.tmp
8/3/2005 6:08:42 PM H 0 C:\WINDOWS\Temp\CS9BEA2BE5-058E-475F-97D6-FDEE7AAEF429.tmp
9/8/2005 7:46:48 AM H 0 C:\WINDOWS\Temp\CS9C6E1B19-595A-44E8-96AB-1A5D031AB8FE.tmp
9/8/2005 7:54:06 AM H 120 C:\WINDOWS\Temp\CS9D2CBFC7-E8E1-40C0-8061-9999021BD1BD.tmp
8/3/2005 3:56:48 PM H 128 C:\WINDOWS\Temp\CS9D8621CC-FEBC-4E13-A2F2-0A78F9631A6D.tmp
9/8/2005 7:53:46 AM H 1400 C:\WINDOWS\Temp\CSA0F70B6D-D899-43CE-9963-742DB235C4BC.tmp
9/8/2005 7:53:48 AM H 80790 C:\WINDOWS\Temp\CSA1C8BFC4-B28B-42E4-B76E-A5E808591C84.tmp
9/8/2005 7:54:08 AM H 10 C:\WINDOWS\Temp\CSA26999C8-8977-4527-90C1-E83AD9997652.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CSA38A8389-554C-4F79-A983-1684D0CDC1E0.tmp
8/3/2005 1:52:38 PM H 38146 C:\WINDOWS\Temp\CSA51A22D9-630F-4D1A-86C5-E1DE3BA998C5.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CSA5AF904F-0A51-4ABB-96D6-CF9AE5CDB222.tmp
9/8/2005 7:54:06 AM H 10 C:\WINDOWS\Temp\CSA5B20D45-9267-4880-9C0D-59F78AFDAB43.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CSA5F00E5F-124B-42D7-81B0-3EC3697C4579.tmp
9/8/2005 7:54:06 AM H 10 C:\WINDOWS\Temp\CSB43AA0BF-CBA1-490D-A6DD-4884B5AE0B95.tmp
8/3/2005 1:52:38 PM H 0 C:\WINDOWS\Temp\CSB4CA8FFC-3E27-4256-9D14-62CEBE4122A5.tmp
8/3/2005 6:08:42 PM H 102 C:\WINDOWS\Temp\CSB849B69B-0DC4-4D23-9970-09AA072B9E09.tmp
9/8/2005 7:54:06 AM H 10 C:\WINDOWS\Temp\CSB9E331BE-686B-4F74-B244-0475E91D848A.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CSBA698593-116B-4691-80D4-48930B264D20.tmp
8/3/2005 1:52:38 PM H 6042 C:\WINDOWS\Temp\CSBC4C909C-DBB9-4D1C-80AB-F34A64021F28.tmp
9/8/2005 7:54:06 AM H 102 C:\WINDOWS\Temp\CSBD6BE29E-D8E9-4A23-A0A5-F9D4EF37B369.tmp
9/8/2005 7:54:06 AM H 30 C:\WINDOWS\Temp\CSBE65798A-75BD-4CBD-A4A3-F527799BD3B4.tmp
7/31/2005 8:44:36 AM H 0 C:\WINDOWS\Temp\CSBF0AC695-DE4F-45AF-8536-1BAFE1B8C159.tmp
9/8/2005 7:46:48 AM H 104878 C:\WINDOWS\Temp\CSBFBFEBB2-1ED8-425F-AED5-3B3410084735.tmp
8/3/2005 6:08:42 PM H 50 C:\WINDOWS\Temp\CSC1E7853C-DBF1-4F34-A8B6-EC3AC68DADF5.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CSC413554A-BA81-4EBA-A242-641B5B38AE03.tmp
9/8/2005 7:53:46 AM H 1334 C:\WINDOWS\Temp\CSC44A7DF3-526A-4AAC-9E29-4903C09D9712.tmp
9/8/2005 7:54:06 AM H 90 C:\WINDOWS\Temp\CSC4679B9B-8EA7-4522-941D-4B47DB8EB8DC.tmp
8/3/2005 1:52:38 PM H 983040 C:\WINDOWS\Temp\CSC5853039-9FD0-495B-9E4E-9B62B69EA54D.tmp
8/3/2005 6:08:42 PM H 0 C:\WINDOWS\Temp\CSC6B25C53-ACB4-44E4-86BC-EBF8602FDF81.tmp
9/8/2005 7:47:16 AM H 10 C:\WINDOWS\Temp\CSC7BE5B33-03BD-41C5-9FFD-E0BF1B1D694F.tmp
8/3/2005 6:08:42 PM H 106 C:\WINDOWS\Temp\CSC7FE1497-AEB1-40D4-9005-26D7781C8F2D.tmp
9/8/2005 7:54:08 AM H 10 C:\WINDOWS\Temp\CSC9484909-7B39-4100-A06B-97CE5BBED31A.tmp
9/8/2005 7:47:16 AM H 10 C:\WINDOWS\Temp\CSC9758B6A-3891-4417-8A99-8E5E32C9041A.tmp
8/3/2005 6:08:42 PM H 124 C:\WINDOWS\Temp\CSCAF84DD1-E9BB-4267-9D7C-7669FF54C734.tmp
8/3/2005 1:52:38 PM H 288 C:\WINDOWS\Temp\CSCBCD4FC3-806D-4E1A-98EF-75266C1065F2.tmp
8/3/2005 6:08:42 PM H 120 C:\WINDOWS\Temp\CSD026516E-8B81-4F26-8BB8-814043ACC8F0.tmp
9/8/2005 7:54:08 AM H 10 C:\WINDOWS\Temp\CSD0502918-4957-48F6-BE97-DFDEB1B7438E.tmp
9/8/2005 7:54:06 AM H 30 C:\WINDOWS\Temp\CSD06F4C7C-2555-48DF-90AA-D2D2BA204F59.tmp
9/8/2005 7:46:48 AM H 40712 C:\WINDOWS\Temp\CSD0C6C8C4-4591-47A8-A261-6F50C2AF9CEA.tmp
9/8/2005 7:54:06 AM H 14 C:\WINDOWS\Temp\CSD0E7E084-1994-4C68-ABC2-E38E3429FC93.tmp
8/3/2005 1:52:38 PM H 0 C:\WINDOWS\Temp\CSD16635C6-9347-4CBE-8272-C0045D2D21D5.tmp
9/8/2005 7:54:06 AM H 48 C:\WINDOWS\Temp\CSD1974A38-8462-4ECE-8AD5-027ED20961A2.tmp
9/8/2005 7:54:08 AM H 10 C:\WINDOWS\Temp\CSD2C457D4-8B55-4897-86F2-80434666811C.tmp
9/8/2005 7:53:46 AM H 1040 C:\WINDOWS\Temp\CSD2E3CC5B-9037-49D8-9F58-E5C27D129EF0.tmp
8/3/2005 6:08:42 PM H 0 C:\WINDOWS\Temp\CSD36AEB2F-FC0E-4078-A666-712F8A4A196F.tmp
8/3/2005 1:52:38 PM H 0 C:\WINDOWS\Temp\CSD49953AF-3AEE-4224-A0D1-1D253D411502.tmp
8/3/2005 6:08:42 PM H 120 C:\WINDOWS\Temp\CSD56DC43F-50A0-4145-95F8-FF1E22CD3E69.tmp
9/8/2005 7:54:06 AM H 10 C:\WINDOWS\Temp\CSD60CAFA5-3C09-46D7-BD9A-D55377897F75.tmp
9/8/2005 7:54:06 AM H 42 C:\WINDOWS\Temp\CSD6110104-6F86-44D7-99AD-CD5BBEAFBC52.tmp
9/8/2005 7:54:08 AM H 10 C:\WINDOWS\Temp\CSD6D8E859-C847-4C8F-A506-31D753E0FB82.tmp
8/3/2005 6:08:42 PM H 48 C:\WINDOWS\Temp\CSD7455FEB-E234-4566-ADCE-70A4F59E84F0.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CSD7DE5DD1-8486-42DB-89C7-AA895DA72849.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CSDACBB455-4941-4238-8689-AD67A97AA289.tmp
9/8/2005 7:54:06 AM H 48 C:\WINDOWS\Temp\CSDECDC323-A9BD-4B03-8E65-2B5924515308.tmp
9/8/2005 7:54:08 AM H 10 C:\WINDOWS\Temp\CSE061AB46-16B5-436D-B988-2E786AADFBE4.tmp
9/8/2005 7:46:48 AM H 5464 C:\WINDOWS\Temp\CSE15548D1-6420-4355-9B89-B26D0E29757B.tmp
9/8/2005 7:53:46 AM H 1576 C:\WINDOWS\Temp\CSE2B7408B-4484-4AF4-8CE6-E4A7B2E0E085.tmp
9/8/2005 7:54:06 AM H 240 C:\WINDOWS\Temp\CSE2D31ED1-98B5-43B6-BFD8-87B05D713D6A.tmp
9/8/2005 7:53:46 AM H 69460 C:\WINDOWS\Temp\CSE341DF15-D76F-4FC2-97B2-E6A21BC5C665.tmp
8/3/2005 1:52:38 PM H 540850 C:\WINDOWS\Temp\CSE3B7E633-8E93-4AD2-9AFD-21B1BE71B3AE.tmp
9/8/2005 7:54:06 AM H 10 C:\WINDOWS\Temp\CSE718266A-80AF-482B-834C-21F1CB9F67AC.tmp
9/8/2005 7:47:16 AM H 68 C:\WINDOWS\Temp\CSE7B7DE7F-95F9-4376-AC85-1764FDF77A9C.tmp
9/8/2005 7:54:06 AM H 136 C:\WINDOWS\Temp\CSE8984D46-983C-475B-9B56-9F4A02164684.tmp
8/3/2005 6:08:42 PM H 100 C:\WINDOWS\Temp\CSEB0A640E-84E3-4376-BA73-37DBB6BF4BD7.tmp
8/3/2005 6:08:42 PM H 0 C:\WINDOWS\Temp\CSEC9D15D1-3878-4810-ABC4-3DDFCAE07388.tmp
9/8/2005 7:53:46 AM H 1400 C:\WINDOWS\Temp\CSEE6EDC5F-498C-4A9B-A27A-2EBE6B4F2C97.tmp
8/3/2005 6:08:42 PM H 0 C:\WINDOWS\Temp\CSEF474E12-7943-4829-A6DF-31CF906DBEBC.tmp
9/8/2005 7:54:06 AM H 32 C:\WINDOWS\Temp\CSF2D1E503-D4D2-42BF-9644-5AE42AF25C1B.tmp
9/8/2005 7:54:08 AM H 10 C:\WINDOWS\Temp\CSF316FAF1-0008-4815-B973-FDAB0121E700.tmp
9/8/2005 7:46:48 AM H 1466936 C:\WINDOWS\Temp\CSF3428E6F-52CB-49B8-B8C3-D821A7A9EB49.tmp
9/8/2005 7:46:48 AM H 748 C:\WINDOWS\Temp\CSF370522B-0739-4B56-BE93-360603E53862.tmp
9/8/2005 7:54:08 AM H 162 C:\WINDOWS\Temp\CSF46EFC49-FF34-4C49-AEFF-C8228ED0F99B.tmp
9/8/2005 7:44:38 AM H 0 C:\WINDOWS\Temp\CSF6E1D495-6662-44C9-8F43-1EEBA34DCA6E.tmp
9/8/2005 7:54:08 AM H 50 C:\WINDOWS\Temp\CSF73D4774-D267-4E20-9FA2-9645BF48AD15.tmp
8/3/2005 1:54:44 PM H 65528 C:\WINDOWS\Temp\CSF9CBD492-B451-4209-8B7D-953D34B40203.tmp
8/3/2005 6:08:42 PM H 10 C:\WINDOWS\Temp\CSFAB0A09F-64D5-4893-9305-44FF1D8675E2.tmp
8/3/2005 1:52:38 PM H 1043822 C:\WINDOWS\Temp\CSFC3E4CCE-DE28-4226-B55D-6F7925BD439F.tmp
9/8/2005 7:54:06 AM H 114 C:\WINDOWS\Temp\CSFCB6425B-493F-49A7-BAFD-466B68D2632B.tmp
9/8/2005 7:47:16 AM H 532 C:\WINDOWS\Temp\CSFCE2F69D-2303-4A57-8788-220437FF4488.tmp
8/3/2005 1:52:38 PM H 0 C:\WINDOWS\Temp\CSFE4D30FD-9C6C-472A-8F75-257E65E10C27.tmp

Checking for CPL files...
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 4/7/2003 12:14:30 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Ahead Software AG 1/14/2004 6:57:18 PM 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/23/2001 10:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 10:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 10:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 10:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 6/27/2004 2:50:00 AM 55296 C:\WINDOWS\SYSTEM32\CCM\SMSCFGRC.cpl
Microsoft Corporation 6/27/2004 2:50:00 AM 13312 C:\WINDOWS\SYSTEM32\CCM\SMSPDM.cpl
Microsoft Corporation 6/27/2004 2:50:00 AM 55808 C:\WINDOWS\SYSTEM32\CCM\SMSRAP.cpl
Microsoft Corporation 6/27/2004 2:50:00 AM 233472 C:\WINDOWS\SYSTEM32\CCM\clicomp\RemCtrl\smsrc.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/23/2001 10:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/23/2001 10:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/23/2001 10:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/23/2001 10:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Intel Corporation 4/7/2003 12:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\igfxcpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/24/2005 1:16:28 PM 874 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LNSS Status Monitor.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
5/16/2005 7:52:00 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
5/16/2005 12:01:14 PM HS 84 C:\Documents and Settings\idiaz\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
5/16/2005 7:51:58 AM HS 62 C:\Documents and Settings\idiaz\Application Data\desktop.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\PicaView
{68f32140-2ca3-11d0-acc1-444553540000} = C:\Program Files\ACD Systems\PicaView\Picaview.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\WS_FTP Pro\wsftpsi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\WS_FTP Pro\wsftpsi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}
HelperObject Class = C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
AcroIEToolbarHelper Class = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} = SnagIt : C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8b2d996f-b7d1-4961-a929-414d9cf5ba7b}
ButtonText = KPAK : http://uspto-a-eams-2/professional/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = @C:\Program Files\Messenger\Msgslang.dll,-61144 : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} = :
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
vptray C:\Program Files\NavNT\vptray.exe
Acrobat Assistant 7.0 "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

RightFAX Print-to-Fax Driver C:\Program Files\RightFax\\FaxCtrl.exe
TkBellExe C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
GhostStartTrayApp C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
AcctMgr C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
Dell AIO Printer A920 "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
WinampAgent C:\Program Files\Winamp\winampa.exe
SSBkgdUpdate C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
RoxioDragToDisc "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
dla C:\WINDOWS\system32\dla\tfswctrl.exe
UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
AClntUsr C:\Program Files\Altiris\AClient\AClntUsr.EXE
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption **WARNING**WARNING**WARNING
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
disablecad 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= C:\WINDOWS\system32\NavLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/15/2005 2:10:31 PM


Logfile of HijackThis v1.99.1
Scan saved at 2:17:51 PM, on 9/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\RightFax\FaxCtrl.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HyjackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ptoweb.uspto.gov/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\\FaxCtrl.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SSB

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:48 AM

Posted 15 September 2005 - 01:29 PM

Looks better...how does it feel to you? Are you still receiving messages you have the Trojan?

#5 Dominican

Dominican
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 15 September 2005 - 02:48 PM

No more Norton Popups!
Thanks a billion!

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:48 AM

Posted 15 September 2005 - 02:54 PM

Now that your clean:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users