Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

P2pnetworking Worm


  • This topic is locked This topic is locked
20 replies to this topic

#1 Iggylove

Iggylove

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 05 February 2006 - 12:42 PM

Hello everyone,
First I have tried to do as much leg work as possible. Hitting has many threads as I could before posting. Followed most of the pre-steps as I have seen/recommended in other threads but the damn p2pnetworking.exe keeps coming back on reboot(loc: c:\windows\system32\) and it keeps trying to write something to my start up which spy sweeper blocks, along with Norton screaming at me that it has found a W32.Spybot.worm.
I have gone into safe mode multi times and ran scans with all the software recommended, along with hard deleting the actually file and searching for any traces in my registry. I must be missing something. That damn thing keeps it coming back on reboot into normal mode.
Anyways, if anyone has any time to help, would be greatly appreciated. Hope the new year is treating you better than my computer lol.

HijackThis log included

Thanks
~Chris
-------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:27:47 AM, on 2/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
S:\iTunesHelper.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\wmplayer\wmplayer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\nvsvc32.exe
S:\Program Files\tstool.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Dan Schwartz\Desktop\hijackthis\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\wmplayer\wmplayer.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "S:\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrueSync Launcher.lnk = S:\Program Files\tstool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
-------------------------------------------------------------------------------------------------------------------------

BC AdBot (Login to Remove)

 


#2 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:15 AM

Posted 05 February 2006 - 01:17 PM

Try disabling SpywareGuard and deleting it - often software that is designed to protect can stop you from removing pests.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#3 Iggylove

Iggylove
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 05 February 2006 - 04:13 PM

Hay Daemon,
Thanks for the response. {In normal mode}Well I shut down SpyGuard, and ran Ad-Aware. Ad-Aware finds the p2pnetworking worm and removes it. I ran Spy Sweeper it says my system is clean. I ran CCleaner, that doesn't find anything. Run Spybot S&D and it says my system is clean. Do HJT and it looks pretty normal. Do a search on the p2pnetworking.exe and my search comes up empty. I do a reboot and everything comes back?? I than went into Safe Mode and did HJT, and can clearly see to reg entries for p2pnetworking. I click fix, than run Ad-Aware again which finds the worm and again and deletes it. Run the same programs as I did in normal windows mode and they all come back and say my system is clean. Reboot again and Norton is telling me it's found a worm and it can't delete. Also Spy Sweeper shield is telling that p2pnetworking is trying to put two entries into start up on next boot?
Here is my current HJT file from my current reboot. Any suggests would be awesome.
Thanks in advance.
Chris

Logfile of HijackThis v1.99.1
Scan saved at 3:11:14 PM, on 2/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
S:\iTunesHelper.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\wmplayer\wmplayer.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\nvsvc32.exe
S:\Program Files\tstool.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Dan Schwartz\Desktop\hijackthis\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\wmplayer\wmplayer.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "S:\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrueSync Launcher.lnk = S:\Program Files\tstool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#4 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:15 AM

Posted 05 February 2006 - 06:28 PM

Hmm.. Spywareguard is still running, here:

C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe

In Hijackthis, click Config... > Misc Tools. At the top there is an option to "Generate StartupList log". Place a check next to "List also minor sections (full)" and "List empty sections (complete)" then click "Generate StartupList log". Click "Yes" to the box that pops-up and copy/paste the notepad text that appears in your next reply.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#5 Iggylove

Iggylove
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 05 February 2006 - 11:05 PM

Ok made sure Spyware Guard was shut off when I did this.

Here is the startup list as you requested. This is off of a fresh reboot into normal with all the same symptoms still happening. Included after is a new HJT log.

Thanks again!

-------------------------------------------------------------------------------------------------------------------------

StartupList report, 2/5/2006, 9:58:37 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Dan Schwartz\Desktop\hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
S:\iTunesHelper.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\wmplayer\wmplayer.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
S:\Program Files\tstool.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dan Schwartz\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Dan Schwartz\Start Menu\Programs\Startup]
SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
TrueSync Launcher.lnk = S:\Program Files\tstool.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
wmplayer = C:\Program Files\wmplayer\wmplayer.exe /auto
iTunesHelper = "S:\iTunesHelper.exe"
AdaptecDirectCD = C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Gainward = C:\WINDOWS\TBPanel.exe /A
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /s

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssstars.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

SpywareGuard Download Protection - C:\Program Files\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer - Dan Schwartz.job
Spybot - Search & Destroy - Scheduled Task.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD AGP Bus Filter Driver: System32\DRIVERS\amdagp.sys (system)
AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
aslm75: \??\C:\WINDOWS\system32\drivers\aslm75.sys (autostart)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
C-Media PCI Audio Driver (WDM): system32\drivers\cmaudio.sys (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel® PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
Imapi: system32\drivers\Imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\Imapi.exe (manual start)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Norton AntiVirus Auto-Protect Service: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060202.023\NAVENG.Sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060202.023\NavEx15.Sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton AntiVirus Firewall Monitor Service: "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" (autostart)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
Client Service for NetWare: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
NWLink IPX/SPX/NetBIOS Compatible Transport Protocol: system32\DRIVERS\nwlnkipx.sys (autostart)
NWLink NetBIOS: system32\DRIVERS\nwlnknb.sys (autostart)
NWLink SPX/SPXII Protocol: system32\DRIVERS\nwlnkspx.sys (autostart)
NetWare Rdr: system32\DRIVERS\nwrdr.sys (manual start)
PalmUSBD: system32\drivers\PalmUSBD.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS (system)
SAVScan: "C:\Program Files\Norton AntiVirus\SAVScan.exe" (manual start)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (autostart)
SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (system)
Symantec SPBBCSvc: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: \SystemRoot\System32\DRIVERS\sr.sys (disabled)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
SSI: system32\Drivers\SSI.SYS (system)
Still Serial Digital Camera Driver: system32\DRIVERS\serscan.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Webroot Spy Sweeper Engine: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{C4B1CD82-5B35-49D5-A951-E6C663866E37} (manual start)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20051208.051\symidsco.sys (manual start)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 34,271 bytes
Report generated in 0.331 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

HJT LOG START HERE
------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:55:41 PM, on 2/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
S:\iTunesHelper.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\wmplayer\wmplayer.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
S:\Program Files\tstool.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Dan Schwartz\Desktop\hijackthis\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\wmplayer\wmplayer.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "S:\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrueSync Launcher.lnk = S:\Program Files\tstool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#6 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:15 AM

Posted 06 February 2006 - 02:42 AM

OK, I can see that process now - can't see what is starting it though. Couple more scans - download and run Silent Runners.vbs from HERE

It generates a log, please post the information back in this thread.

Also, Download and save blacklight to your desktop. Doubleclick blbeta.exe, accept the agreement, click scan > next.

You'll see a list of all the items it found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (where xxxxxxx represents numbers). The application finds both bad files and legitimate ones. Copy and paste the log it generated in your next reply.

Rescan with HJT and post a new log also.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#7 Iggylove

Iggylove
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 06 February 2006 - 09:26 AM

Thanks again,
Here are the current logs (with Spy Guard turned off)

Silent Runner Log------------------------------------------------------------------------------------>

"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray" ["Webroot Software, Inc."]
"wmplayer" = "C:\Program Files\wmplayer\wmplayer.exe /auto" ["Windows Media Audio"]
"iTunesHelper" = ""S:\iTunesHelper.exe"" ["Apple Computer, Inc."]
"AdaptecDirectCD" = "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" ["Roxio"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"Gainward" = "C:\WINDOWS\TBPanel.exe /A" [file not found]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download Protection"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\dlprotect.dll" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{E0D79300-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
"{E0D79301-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
"{E0D79302-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Adaptec\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "S:\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{8e9d6600-f84a-11ce-8daa-00aa004a5691}" = "Shell extensions for NetWare"
-> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS]
"{e3f2bac0-099f-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare"
-> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS]
"{52c68510-09a0-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare"
-> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS]
"{4ABDC896-97ED-4BCF-B4BC-353B7CDF1B35}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\osethk32.dll" [file not found]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e" [file not found], [MS], [file not found], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NetWareUNCMenu\(Default) = "{e3f2bac0-099f-11cf-8daa-00aa004a5691}"
-> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS]
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"

Active Desktop web content:

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = ""
"Source" = "C:\WINDOWS\system32\ad.html"
"SubscribedURL" = ""


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]


Startup items in "Dan Schwartz" & "All Users" startup folders:
--------------------------------------------------------------

C:\Documents and Settings\Dan Schwartz\Start Menu\Programs\Startup
"SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null data]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"TrueSync Launcher" -> shortcut to: "S:\Program Files\tstool.exe" ["Starfish Software"]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scan my computer - Dan Schwartz" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Spybot - Search & Destroy - Scheduled Task" -> launches: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK" ["Safer Networking Limited"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Client Service for NetWare, NWCWorkstation, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\nwwks.dll" [MS]}
iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor i960\Driver = "CNMLM5c.DLL" ["CANON INC."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 63 seconds, including 18 seconds for message boxes)

Edited by Iggylove, 06 February 2006 - 09:31 AM.


#8 Iggylove

Iggylove
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 06 February 2006 - 09:29 AM

I think my post was to long it got cut off, here is the backlight log than the HJT log sorry:

02/06/06 08:06:30 [Info]: BlackLight Engine 1.0.30 initialized
02/06/06 08:06:30 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/06/06 08:06:30 [Note]: 7019 4
02/06/06 08:06:30 [Note]: 7005 0
02/06/06 08:06:34 [Note]: 7006 0
02/06/06 08:06:34 [Note]: 7011 1960
02/06/06 08:06:34 [Note]: 7018 1348
02/06/06 08:06:34 [Info]: Hidden process: C:\WINDOWS\SYSTEM32\MEMXPAND.EXE
02/06/06 08:06:35 [Note]: FSRAW library version 1.7.1014
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\ace.dll
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\AI_01-02-2006.log
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\AI_02-02-2006.log
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\AI_04-02-2006.log
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\AI_29-01-2006.log
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\AI_30-01-2006.log
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\AI_31-01-2006.log
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000001c_43d00bd0_000799a3
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000001c_43da8c3b_0005694b
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000029_438e01a9_00099d70
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000029_438f70ae_00085e98
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000029_4391c5d7_0000ab96
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00002cd6_43dd153c_000f1c76
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00002cd6_43e0c4ca_00038bab
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00002cd6_43e0cd32_0006a9ac
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00002cd6_43e4d53f_0005d9cb
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00002cd6_43e4e428_0002a931
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00002cd6_43e4ed89_000c5b09
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00002cd6_43e4f238_00087dd1
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00002cd6_43e4f550_000d980c
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00002cd6_43e4f5bc_0008c8f8
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00002cd6_43e513c4_000954d3
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00002cd6_43e51c4a_00093dcc
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00002cd6_43e55ca8_000aaa3e
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00002cd6_43e5635a_0003c278
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00002cf7_43ca8e6e_00008e91
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00002cf7_43cbf028_000eb444
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00002cf7_43d91dda_000103ce
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00002c49_438eb5b3_00089be6
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004dc8_43beaf09_0008550e
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004dc8_43c28a73_0009e09b
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:03 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004dc8_43c5527e_0003c42c
02/06/06 08:07:03 [Note]: 7002 0
02/06/06 08:07:03 [Note]: 7003 1
02/06/06 08:07:03 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004dc8_43c5d2a8_000582b3
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004dc8_43c6aa74_00032c11
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004dc8_43c81a6c_000ead81
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004dc8_43cb0f95_00059214
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004dc8_43d78196_000af62c
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004dc8_43dd16d5_000ec6d8
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004dc8_43e0c58f_00025f84
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004dc8_43e4ea42_00088f5b
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004dc8_43e5148e_00044bb6
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004dc8_43e5665d_0003e448
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004dd3_43cd7c8c_0001cbfe
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004dd3_43dbf6f8_0008bc5c
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004df2_43bef1cc_000a67b4
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004df2_43c2f03c_00078e7e
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004df2_43c5d307_000c2ea3
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004df2_43c6e1b8_000053c6
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004df2_43c87cfd_000b5db1
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004df2_43cbed10_0004a2f8
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004df2_43d78547_000a2e0e
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004df2_43dd4f7a_000aac2b
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004df2_43e0c5b6_0000a1e0
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004dfc_43d012d3_000ad35e
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004d54_43dfc0cb_0001259b
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004d06_438fab15_000bdc63
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00001547_438e0836_000c3bf6
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000153c_438f9b00_000e9cb3
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00001547_438facb3_00055f06
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00001613_43bb24de_000a338e
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000161e_43917469_0004c944
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00001636_43d012d4_0008dc73
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00001643_43a8be72_00080cb0
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00001643_43ca8e97_000cc3fb
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00001643_43cbf0eb_00069c86
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00001643_43d91e00_000115f6
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00001643_43dfdd43_000a010b
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00001649_438e01ec_000d12db
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006778_43cc17db_00045e93
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006778_43da8942_00061c34
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006784_438f7ebb_000ed250
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006784_4391f028_00050ea4
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006784_43be91f0_00047ea4
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006784_43c13829_00043251
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006784_43c1a87d_000ea3d3
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006784_43c4da5e_00063930
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006784_43c5cb51_000d8fe1
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006784_43c5ce79_000ed4db
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006784_43c818f9_00061146
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006784_43cabc0f_00062816
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006784_43dd152a_000b81b8
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006784_43e0c4c4_0009adc9
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003b25_439280f3_0001ff34
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003b25_43beeb75_0000dfa3
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003b25_43c28c98_00048531
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003b25_43c555e1_0005dade
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:04 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003b25_43c5d2c2_00094a71
02/06/06 08:07:04 [Note]: 7002 0
02/06/06 08:07:04 [Note]: 7003 1
02/06/06 08:07:04 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003b25_43cbec9b_0006a668
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003b25_43dd1919_000dc4a8
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003b25_43e0c591_0005c761
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003b25_43e4ea82_000821ee
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003b29_43cc18f1_00001640
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003b29_43da8954_00052163
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003b2b_43d1362e_000864c0
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003b51_43914533_00056a61
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000029_4391e92a_00077150
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000007b_43cbfd70_000a41c1
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000099_43e0c53d_000500b6
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000001d3_43909d64_00090d60
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000001eb_43c5d040_0006a519
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000001eb_438f93ed_000cde64
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000002b2_43da8d84_00080e5b
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000384_438ef8cc_00095cce
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000003af_43d28c33_000755fb
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000047e_43903156_00054b0b
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000054b_43ce975f_0006d87b
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000633_4390d3cc_00004dc0
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000677_439077f7_0002126c
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000074d_438e1342_000f3c81
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005c67_43bf3d64_00052930
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005c67_43c441cc_000e6f40
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005c67_43c81849_000e6cc6
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005c67_43c88a4e_00054861
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005c67_43cbed7b_00015573
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005c67_43d7d762_000de7eb
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005cca_43cc0dde_000023d3
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005ccd_43ca8ed8_00015ba1
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005ccd_43cbf224_000e19a0
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005ccd_43d91e35_0001a39c
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005ccd_43dfe2a3_00045423
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005cdf_43cc1c7d_000a9063
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005cdf_43da89b1_00041e23
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005cfd_438fd586_000332c1
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005cfd_439309ea_000e3158
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005cfd_43bef172_00005429
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005cfd_43c2d30a_000e7a3e
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005cfd_43c55a99_000d7324
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005cfd_43c5d2f2_00041493
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005cfd_43c862d7_000999e0
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005cfd_43cbecee_0004a750
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005cfd_43dd1c7f_000b086c
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005cfd_43e0c5ac_00015456
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005cfd_43e4f41a_000a382e
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:05 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005c67_438e80b9_000b303b
02/06/06 08:07:05 [Note]: 7002 0
02/06/06 08:07:05 [Note]: 7003 1
02/06/06 08:07:05 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000f26_43ceeed5_0006c5db
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000f3e_43beaec0_0006e18c
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000f3e_43c1b1b4_000c8848
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000f3e_43c4db51_0000b6a1
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000f3e_43c5d0fd_000d8c5c
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000f3e_43c819b2_000dccc0
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000f3e_43d78128_0007043c
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000f3e_43dd1635_000d8da0
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000f3e_43e0c53b_00028390
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000f3e_43e4f246_000176de
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000f3e_43e564ba_0006c1c9
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000f77_43cfe0c6_00073f40
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000fbf_438e87ca_00014643
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000fbf_43bf3ea4_000aaa00
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000fbf_43c8184a_0004aacc
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000fbf_43c88a82_000ab434
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000fbf_43cbed89_000660e1
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000fbf_43d7d765_000234a6
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000fc9_438f2a3d_000b58d9
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004402_43907998_0002380b
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004402_43c01b7a_0005a683
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00004402_43c88b69_000b3204
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000701f_438fb74f_000797e0
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000701f_43e514d1_00043d66
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00007153_43cbfeea_00056bcb
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00007153_43d91fef_0004a0a3
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000719f_43b58a61_00054bf3
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000719f_43d012d2_0009e308
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000071e0_43d034f0_0002d72b
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000071f0_438ef544_000a6f13
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000071f0_439069d6_000ee486
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000071f0_43c01430_0001c81e
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000071f0_43c88b44_0005f373
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000071f0_43cbedc6_0008f0f4
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000071f2_4399e8c9_00079629
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000071f2_43cbf8f2_000c5743
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000071f2_43d91f45_0003f2c3
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000071f6_43cc211a_0009777e
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000071f6_43d28c29_00094164
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000071f6_43da89fe_0006449e
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000022cd_4390511e_000c75b0
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000022cd_43bfd6d7_000bfa96
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000022cd_43c81870_000a161c
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000022cd_43c88af4_000bd563
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000022cd_43cbedab_00099208
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000022da_43bb1b75_000231d8
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:06 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000022e4_43cc0a61_00014cd9
02/06/06 08:07:06 [Note]: 7002 0
02/06/06 08:07:06 [Note]: 7003 1
02/06/06 08:07:06 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000074d_43beaeff_0002000e
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000732_43beee6a_00056f61
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000074d_43c28a69_000b2f8b
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000822_438ff54f_000642d1
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000822_43bef3f8_000efb44
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000822_43c32fc2_00010a80
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000822_43c5d5d8_000a739b
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000822_43c6ea16_000a69c9
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000822_43c87e7b_0000a899
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000822_43cbed46_000adda3
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000822_43de65a5_000d63dc
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000828_43cd4d23_00045c9b
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000828_43da8c9f_000f189c
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000083f_43d6b855_000c968e
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000084d_43cbfa53_00096693
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000084d_43d91f65_0006ca6c
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000860_43bb2e46_00075636
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000086a_43ca8eef_000f0138
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000086a_43cbf270_000140d8
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000086a_43d91e39_00038f89
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000086a_43dfff3f_000dfa13
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000871_43ca8f85_0006aff1
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000871_43cbf525_000b21d0
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000871_43d91ea4_000c2d48
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000878_439143e9_000d7201
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000878_43ca8f8a_000124ac
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000878_43cbf5de_000e47b9
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00000878_43d91ec0_00009148
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000323b_438fcaeb_0002fc13
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000032e6_4390664e_000bfdb4
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003305_43996f96_000c67d4
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003305_43cbf82a_000c1278
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003305_43d91f08_000d9c30
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003308_43cbf889_0007e4f9
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003308_43d91f2d_000b36d1
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003356_43cc133e_000e061e
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003371_43cc16ce_00094ee1
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003371_43da8940_000994b0
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003382_43ca8f88_0007d2a6
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:07 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003382_43cbf5ce_00007b46
02/06/06 08:07:07 [Note]: 7002 0
02/06/06 08:07:07 [Note]: 7003 1
02/06/06 08:07:07 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00003382_43d91ebd_000ce106
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000033cd_43cbfd9b_00005a33
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000033cd_43d91fdd_0003c608
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000033e9_43be8bc9_000c8c34
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005039_43908ec8_000aeb30
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000513e_439c722c_0002cf8e
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000513e_43d91dae_000601f0
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000513e_43dfc1e8_000f33c9
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000513f_43d03b0a_0000f246
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005159_43d00d18_000e8066
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005173_43cc00a0_0004f5b4
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000199f_43cc0a60_0009d5e0
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\0000199f_43d92459_000af784
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000019ca_43d03aa3_00093a18
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000019d9_43909ed0_0005219c
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000019d9_43c88cba_0008d20b
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000019d9_43cbeea6_00004363
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000019d9_43d91d7a_00035640
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000019d9_43dfbea7_0008aa4e
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000019da_4390e001_0001e2be
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000019da_43c95b06_00023fa6
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\000019da_43cbef6f_0002d896
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00005f45_438f6d7b_00093f08
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006014_43cbfd7f_000a20c6
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006014_43d91fd9_00084518
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006032_438fefde_000b1abe
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006032_43bef323_000345ae
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006032_43c32f17_000ba5c9
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006032_43c5d573_000505fc
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006032_43c87da7_00052b39
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006032_43cbed31_000d27a6
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006032_43d78669_00058cc1
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006032_43de6580_0000cf98
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006048_43c88c7b_00065dd6
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006048_43cbee6d_00001498
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006048_43d91d76_0000a6bb
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00007874_4395f1b3_00051a2e
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00007874_43c88bc3_000c68ac
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006be8_43c01b89_000e8989
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006be8_43c88b77_0007d5eb
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006be8_43cbede0_000674d4
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006be8_43ded09c_000bef88
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006bfc_438fc761_00069c1c
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006bfc_4392a0ba_0004194e
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006bfc_439524d3_000c2f41
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006bfc_43beecdb_000bcbc3
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006bfc_43c2be56_000523fc
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006bfc_43c5d2c6_000bd2d8
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006bfc_43cbecc8_00050a83
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006bfc_43d78290_000685b4
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006bfc_43dd1b83_00038261
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006bfc_43e0c59e_0003c5b9
02/06/06 08:07:08 [Note]: 7002 0
02/06/06 08:07:08 [Note]: 7003 1
02/06/06 08:07:08 [Note]: 10002 3
02/06/06 08:07:08 [Info]: Hidden file: C:\Program Files\Actlorer\Cache\00006bfc_43e4f25f_0004eac0<

#9 Iggylove

Iggylove
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 06 February 2006 - 09:32 AM

HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 8:17:36 AM, on 2/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\wmplayer\wmplayer.exe
S:\iTunesHelper.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
S:\Program Files\tstool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Dan Schwartz\Desktop\hijackthis\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\wmplayer\wmplayer.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "S:\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrueSync Launcher.lnk = S:\Program Files\tstool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#10 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:15 AM

Posted 06 February 2006 - 09:35 AM

OK do this for me - you may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#11 Iggylove

Iggylove
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 06 February 2006 - 07:57 PM

Well, this is the first reboot where Spy Sweeper does not tell that something is trying to put something in my Start-Up AND Norton is not telling me it has found that worm. Could we be getting close? :thumbsup:

I won't celebrate until I hear the word from you. Here is the info requested. Thank you again for the leg work on this.



Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\Dan Schwartz\Desktop\aproposfix

************


Warning: C:\WINDOWS\system32\regedit.com present!

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\Cyih9AHshWEm]
@="pJEvGKPQQPQQRQugsA7C9PQQPfSQzlqgrzvQHNHI3BWVQ2G7K3GHQ4I27HJ7DRHNH"
"Device"="\\\\.\\RDPlink"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\ftdisuio.sys"
"DriverName"="MupSrv"
"HideUninstallerName"="C:\\Program Files\\Actlorer\\dmcacmgr.exe"
"HDll"="C:\\WINDOWS\\system32\\pmsvtmsg.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.GH2"
"InstallationId"="{Xe2ea98b-2e67-33f9-64c0-b46ea09359e5}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Actlorer\\ipsegwiz.exe"
"AutoUpdater"="C:\\WINDOWS\\system32\\memxpand.exe"
"Version"="2.0.131"
"CrMnTmt"=dword:0036ee80

************

Removing hidden service:
Service MupSrv removed.

Removing hidden folder:
----------------------------------------------------------------------------------------------------------->

Logfile of HijackThis v1.99.1
Scan saved at 6:48:24 PM, on 2/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
S:\iTunesHelper.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\wmplayer\wmplayer.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
S:\Program Files\tstool.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Dan Schwartz\Desktop\hijackthis\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\wmplayer\wmplayer.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "S:\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrueSync Launcher.lnk = S:\Program Files\tstool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#12 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:15 AM

Posted 06 February 2006 - 08:07 PM

Looks better - was that the full log.txt?

Post a new blacklight scan.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#13 Iggylove

Iggylove
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 06 February 2006 - 09:01 PM

Yes that was all that was in the log.txt file. Now there is reg.txt and folder.txt files within aproposifix folder. Would you like for me to post those?
Here is the new blacklight scan log. The log seems a lot shorter than the last time I did it, does this look correct? This was run normal mode.


02/06/06 19:41:48 [Info]: BlackLight Engine 1.0.30 initialized
02/06/06 19:41:48 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/06/06 19:41:49 [Note]: 7019 4
02/06/06 19:41:49 [Note]: 7005 0
02/06/06 19:41:53 [Note]: 7006 0
02/06/06 19:41:53 [Note]: 7011 2024
02/06/06 19:41:54 [Note]: FSRAW library version 1.7.1014
02/06/06 19:43:07 [Note]: 7007 0

#14 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:15 AM

Posted 07 February 2006 - 03:48 AM

No, I don't need those. The log is a lot shorter because the malware has gone :thumbsup:

OK back to your original problem - this should remove it. Click here to download ewido anti-malware - it is a trial version of the program.
  • Install ewido.
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen.
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed. Then:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido.

Rescan with HJT and post a new log here together with the ewido log.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#15 Iggylove

Iggylove
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 07 February 2006 - 08:14 PM

Here is the ewido log

---------------------------------------------------------
ewido anti-malware - Scan report---------------------------------------------------------

+ Created on: 7:05:33 PM, 2/7/2006
+ Report-Checksum: 7A9ADE09

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2296428D-C133-4928-B76A-A200FF409572} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1960408961-2111687655-854245398-1003\Software\Microsoft\Internet Explorer\MenuExt\Ebates -> Adware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-1960408961-2111687655-854245398-1003\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates -> Adware.WebRebates : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2296428D-C133-4928-B76A-A200FF409572} -> Adware.Generic : Cleaned with backup
C:\Documents and Settings\Dan Schwartz\Desktop\hijackthis\backups\backup-20060204-151429-818.dll -> Logger.Agent.l : Cleaned with backup
C:\Documents and Settings\Sarah Haney\Cookies\sarah haney@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Sarah Haney\Cookies\sarah haney@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Sarah Haney\Cookies\sarah haney@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Sarah Haney\Local Settings\Temp\sysksid.dat -> Logger.Agent.l : Cleaned with backup
C:\Documents and Settings\Sarah Haney\Local Settings\Temp\tenilitu.dat -> Logger.Agent.l : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Network\network.exe -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\Security Stronghold\True Sword\Infected\seli.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\Program Files\wmplayer\p.zip/music.exe -> Dropper.VB.kw : Cleaned with backup
C:\Program Files\wmplayer\v.tmp -> Dropper.VB.kw : Cleaned with backup
C:\Program Files\wmplayer\wmplayer.exe -> Dropper.VB.kw : Cleaned with backup
C:\WINDOWS\2060.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\webhdll.dll_tobedeleted -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\winsysban5.exe -> Hijacker.VB.kc : Cleaned with backup
C:\WINDOWS\winsysupd5.exe -> Hijacker.StartPage.ahg : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1Scan saved at 7:10:46 PM, on 2/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
S:\iTunesHelper.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
S:\Program Files\tstool.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Dan Schwartz\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\wmplayer\wmplayer.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "S:\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrueSync Launcher.lnk = S:\Program Files\tstool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users