Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log. Please Help Me


  • Please log in to reply
17 replies to this topic

#1 krh1326

krh1326

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 23 March 2007 - 07:33 PM

I am under attack of some sort. I have run Norton AV, SpyBot, AdAware, I use Norton Personal Firewall. The anti spyware progs did find and remove some things, but my computer still seems to be being attacked somehow.

I use MSN with the MSN Toolbar. At some point while online, all of a sudden things get wierd. The buttons in the tool bar start to fade away, and there is different than normal text, if I hover over a button. The text seems thicker and larger, and just all wrong. There is a 6 visible where there should be an arrow for selecting choices in text boxes. Once this starts happening, I can't use the "Start" button to get to any kind of program, even to just restart the computer.

Please help me,
Ken

Logfile of HijackThis v1.99.1
Scan saved at 6:28:28 PM, on 3/23/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\ISSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Personal Firewall\ISSVC.exe"
O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...n9x/AvSniff.cab

BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 AM

Posted 05 April 2007 - 10:01 AM

I can't see any malware in your log, so we'll dig a bit deeper
  • Download WinPFind by OldTimer here
  • Double click on winpfind.exe to extract it
  • Click extract
  • Wait for the message "All files have been extracted" and then click OK
  • This will create the folder winPFind on your desktop
  • Inside that folder is a file called WinPFind.exe
  • Double click on that file to launch WinPFind
  • This will launch a configuration screen
    • Under Driver Services change the selection to Non-Microsoft
    • Under File Created Within change the selection to 60 days
    • Leave the other settings as they are
  • Click Run Scan
  • During the scan WinPFind may appear to be not responding, this is normal
  • Wait for the scan to finish, this may take several minutes
  • A notepad window will open with WinPFind's log.
  • Copy and paste the contents of that window here.
  • Note: You may need several posts to post the entire log, or it might get cut off


#3 krh1326

krh1326
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 12 April 2007 - 09:11 PM

I just realized that my post does not contain two lines that do show when I am looking at hijackthis window.

Above the line that reads:
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

There appears in my hijack window and my saved logs, but not on this copy and pasted log:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Maybe this helps,
And Many Thanx

#4 krh1326

krh1326
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 12 April 2007 - 09:20 PM

I am trying to follow these steps verbatim, but It will not allow me to change driver services to non-microsoft. 'None' is ticked and it is 'dark' not allowing the change.

#5 krh1326

krh1326
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 12 April 2007 - 09:28 PM

WinPFind logfile created on: 4/12/2007 10:18:16 PM
WinPFind by OldTimer - v2.0.3 Folder = C:\MY DOCUMENTS\MY DOWNLOADS\WINPFIND\

Windows OS and Versions

Product Name: Windows Millennium Edition | Version: 4.90.3000
Internet Explorer Version: 6.0.2800.1106

Memory/Drive Info

511.45 Mb Total Physical Memory | 23.39 Mb Available Physical Memory | 4.57% Memory free
1.50 Gb Paging File | 1.23 Gb Available in Paging File | 82.20% Paging File free
Paging file location(s): Reg Data - Value does not exist

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.76 Gb Total Space | 82.83 Gb Free Space | 74.11% Space Free
Drive D: | 432.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
Drive E: | 610.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: DESK
Current User Name: Ken Henrikson
NOT logged in as Administrator.
Current Boot Mode: Normal

Running Processes (Non-Microsoft)

C:\My Documents\My Downloads\WinPFind\WinPFind.exe (OldTimer Tools)
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE (Symantec Corporation)
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation)
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE (Symantec Corporation)
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE (Symantec Corporation)
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
C:\Program Files\Common Files\Symantec Shared\SymTray.exe (Symantec Corporation)
C:\Program Files\MSN\MSNIA\msniasvc.exe (Microsoft Corp.)
C:\Program Files\Norton Personal Firewall\ISSVC.EXE (Symantec Corporation)
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinject.exe (Symantec Corporation)
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe (Symantec Corporation)
C:\Program Files\Norton SystemWorks\Norton CleanSweep\monwow.exe (Symantec Corporation)
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation)
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Webroot Software, Inc.)
C:\WINDOWS\soundman.exe (Avance Logic, Inc.)
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE ()

Registry Items (Non-Microsoft)

>>>>> Run Keys and Auto-Start Folders <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
ccApp = C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE (Symantec Corporation)
ccRegVfy = C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe (Symantec Corporation)
NPROTECT = C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation)
QD FastAndSafe = (File not found)
SoundMan = C:\WINDOWS\soundman.exe (Avance Logic, Inc.)
SpySweeper = C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
Symantec Core LC = C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
Symantec NetDriver Monitor = C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
ALU Scheduler Service = C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
ATIPOLL = C:\WINDOWS\SYSTEM\ATI2EVXX.EXE ()
ATISmart = C:\WINDOWS\SYSTEM\ati2s9ag.exe ( )
ccEvtMgr = C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation)
ccProxy = C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE (Symantec Corporation)
ccSetMgr = C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE (Symantec Corporation)
CSINJECT.EXE = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinject.exe (Symantec Corporation)
ISSVC = C:\Program Files\Norton Personal Firewall\ISSVC.EXE (Symantec Corporation)
MSNIA = C:\Program Files\MSN\MSNIA\msniasvc.exe (Microsoft Corp.)
NPROTECT = C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation)
ScriptBlocking = C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe (Symantec Corporation)
SymTray - Norton SystemWorks = C:\Program Files\Common Files\Symantec Shared\SymTray.exe (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Installed = 1

< User Startup Folder = C:\WINDOWS\Start Menu\Programs\StartUp >
C:\WINDOWS\Start Menu\Programs\StartUp\CleanSweep Smart Sweep-Internet Sweep.lnk
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe (Symantec Corporation)
>>>>> MsConfig Disabled Items <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
HP Software Update = C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
projselector = C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe (Roxio)
RoxioEngineUtility = C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
RoxioDragToDisc = C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
RoxioAudioCentral = C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc.)
QuickTime Task = C:\WINDOWS\SYSTEM\qttask.exe (Apple Computer, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
Steam = c:\Program Files\Valve\Steam\STEAM.exe (Valve Corporation)

>>>>> Disabled Startup Folder Items <<<<<

>>>>> Items Started Through Miscellaneous Registry Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
C:\WINDOWS\SYSTEM\apitrap.dll (Symantec Corporation)




>>>>> HOSTS File <<<<<

HOSTS File Not Found!

>>>>> Internet Explorer Settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.msn.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0

>>>>> Browser Helper Objects <<<<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
- AcroIEHlprObj Class ( HKLM = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
- ( HKLM = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
- CNisExtBho Class ( HKLM = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
- CNavExtBho Class ( HKLM = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVShExt.dll (Symantec Corporation) )

>>>>> HKLM Internet Explorer Bars <<<<<

>>>>> HKCU Internet Explorer Bars <<<<<

>>>>> HKLM Internet Explorer ToolBars <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Personal Firewall ( HKLM = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation) )
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus ( HKLM = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVShExt.dll (Symantec Corporation) )

>>>>> HKCU Internet Explorer ToolBars <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\ShellBrowser]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus ( HKLM = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVShExt.dll (Symantec Corporation) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Norton Personal Firewall ( HKLM = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation) )

>>>>> HKCU Internet Explorer CmdMapping <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{85d1f590-48f4-11d9-9669-0800200c9a66} = 8194 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8193 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8195

>>>>> HKLM Internet Explorer Plugins Extensions <<<<<

>>>>> HKLM Approved Shell Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{30424D42-5946-11D2-B8E5-006097C9C6FF} = Wipe Info ( HKLM = C:\Program Files\Norton SystemWorks\Norton Utilities\WFSHELEX.DLL (Symantec Corporation) )
{5E44E225-A408-11CF-B581-008029601108} = Roxio DragToDisc Shell Extension ( HKLM = C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\Shellex.dll (Roxio) )
{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC} = My Media ( HKLM = C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll (Roxio, Inc.) )
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} = Web Folders ( HKLM = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL () )

>>>>> HKCU Approved Shell Extensions <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} = Web Folders ( HKLM = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL () )

>>>>> Context Menu Handlers / Column Handlers <<<<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Norton WipeInfo]
@ = {30424D42-5946-11D2-B8E5-006097C9C6FF} ( HKLM = C:\Program Files\Norton SystemWorks\Norton Utilities\WFSHELEX.DLL (Symantec Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
@ = {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} ( HKLM = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVShExt.dll (Symantec Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\Norton WipeInfo]
@ = {30424D42-5946-11D2-B8E5-006097C9C6FF} ( HKLM = C:\Program Files\Norton SystemWorks\Norton Utilities\WFSHELEX.DLL (Symantec Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper]
@ = {7C9D5882-CB4A-4090-96C8-430BFE8B795B} ( HKLM = C:\Program Files\Webroot\Spy Sweeper\SSCtxMnu.dll (Webroot Software, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
@ = {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} ( HKLM = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVShExt.dll (Symantec Corporation) )

>>>>> Policy Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp]
NoRealMode = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 149
CDRAutoRun = ( 0 0 0 0 ) -

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer]*

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
Homepage = 0

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
NoBrowserOptions = 0
>>>>> Security Providers <<<<<

>>>>> Session Manager Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT]
.COM
.EXE
.BAT
.CMD
.VBS
.VBE
.JS
.JSE
.WSF
.WSH

>>>>> User Agent Post Platform <<<<<

>>>>> File Associations <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\]
.bat [@ = batfile] -> PersistentHandler = Reg Data - Key not found
.cmd [@ = Reg Data - Key not found] -> PersistentHandler = Reg Data - Key not found
.com [@ = comfile] -> PersistentHandler = Reg Data - Key not found
.cpl [@ = cplfile] -> PersistentHandler = Reg Data - Key not found
.exe [@ = exefile] -> PersistentHandler = Reg Data - Key not found
.hta [@ = htafile] -> PersistentHandler = Reg Data - Key not found
.html [@ = htmlfile] -> PersistentHandler = Reg Data - Key not found
.inf [@ = inffile] -> PersistentHandler = Reg Data - Key not found
.ini [@ = inifile] -> PersistentHandler = Reg Data - Key not found
.url [@ = InternetShortcut] -> PersistentHandler = Reg Data - Key not found
.js [@ = JSFile] -> PersistentHandler = Reg Data - Key not found
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found
.reg [@ = regfile] -> PersistentHandler = Reg Data - Key not found
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found
.txt [@ = txtfile] -> PersistentHandler = Reg Data - Key not found
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found
.vbs [@ = VBSFile] -> PersistentHandler = Reg Data - Key not found
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found

>>>>> Registry Shell Spawning <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -> C:\WINDOWS\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -> "%1" %* (File not found)
batfile [print] -> C:\WINDOWS\NOTEPAD.EXE /p %1 (Microsoft Corporation)

cmdfile [edit] -> Reg Data - Key not found
cmdfile [open] -> Reg Data - Key not found
cmdfile [print] -> Reg Data - Key not found

comfile [open] -> "%1" %* (File not found)

cplfile [cplopen] -> C:\WINDOWS\rundll32.exe shell32.dll,Control_RunDLL %1,%* (Microsoft Corporation)

exefile [open] -> "%1" %* (File not found)

htafile [open] -> C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %* (Microsoft Corporation)

htmlfile [edit] -> "C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -> "C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -> "C:\PROGRA~1\INTERN~1\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -> "C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -> "C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -> "C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -> C:\WINDOWS\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -> C:\WINDOWS\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -> C:\WINDOWS\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -> C:\WINDOWS\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -> C:\WINDOWS\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -> rundll32.exe C:\WINDOWS\SYSTEM\MSHTML.DLL,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -> C:\WINDOWS\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -> C:\WINDOWS\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -> C:\WINDOWS\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -> C:\WINDOWS\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -> C:\WINDOWS\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -> C:\WINDOWS\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -> "%1" %* (File not found)

regfile [edit] -> C:\WINDOWS\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -> Reg Data - Key not found
regfile [print] -> C:\WINDOWS\NOTEPAD.EXE /p %1 (Microsoft Corporation)

scrfile [config] -> "%1" (File not found)
scrfile [install] -> C:\WINDOWS\rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -> "%1" /S (File not found)

txtfile [edit] -> Reg Data - Key not found
txtfile [open] -> C:\WINDOWS\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -> C:\WINDOWS\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -> Reg Data - Key not found

vbefile [edit] -> C:\WINDOWS\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -> C:\WINDOWS\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -> C:\WINDOWS\Notepad.exe /p %1 (Microsoft Corporation)

vbsfile [edit] -> C:\WINDOWS\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -> C:\WINDOWS\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -> C:\WINDOWS\Notepad.exe /p %1 (Microsoft Corporation)

wsffile [edit] -> C:\WINDOWS\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -> C:\WINDOWS\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -> C:\WINDOWS\Notepad.exe /p %1 (Microsoft Corporation)

wshfile [open] -> C:\WINDOWS\WScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -> C:\WINDOWS\rundll32.exe shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)

Directory [find] -> C:\WINDOWS\Explorer.exe (Microsoft Corporation)

Folder [open] -> C:\WINDOWS\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -> C:\WINDOWS\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -> C:\WINDOWS\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -> "C:\PROGRA~1\INTERN~1\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\PROGRA~1\INTERN~1\iexplore.exe" (Microsoft Corporation)

>>>>> ActiveX StubPath settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4395}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
StubPath = C:\WINDOWS\SYSTEM\Rundll32.exe C:\WINDOWS\SYSTEM\mscories.dll,Install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CA0A4247-44BE-11d1-A005-00805F8ABE06}]
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>PerUser_MSN_Clean]
StubPath = C:\WINDOWS\msnmgsr1.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\AppletsPerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\FontsPerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\MmoptJunglePerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 C:\WINDOWS\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\MmoptMusicaPerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 C:\WINDOWS\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\MmoptRegisterPerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\MmoptRobotzPerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 C:\WINDOWS\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\MmoptUtopiaPerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 C:\WINDOWS\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\MotownAvivideoPerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\MotownMmsysPerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\MotownMPlayPerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\motown.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\MotownRecPerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\OlsMsnPerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\OlsPerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_Base]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_Calc_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_CDPlayer_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_CharMap_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_ClipBrd_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_CVT_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_Dialer_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_dxxspace_Links]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_Enable_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 C:\WINDOWS\INF\enable.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_HNW_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_HNW_Inis 64 C:\WINDOWS\INF\ICS.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_ICW_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_LinkBar_URLs]
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_moviemaker]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_moviemaker 64 C:\WINDOWS\INF\moviemk.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_Msinfo]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_Msinfo2]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_MSWordPad_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_Paint_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_PBGame_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PBGame_Inis 64 C:\WINDOWS\INF\games.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_PCHealth]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PCHealth 64 C:\WINDOWS\INF\pchealth.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_RNA_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_Vol]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_winapps_Links]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_winbase_Links]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_Wingames_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\games.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_ZoneGame_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ZoneGame_Inis 64 C:\WINDOWS\INF\games.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUserOldLinks]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\SetupcPerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Shell2PerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Shell3PerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 C:\WINDOWS\INF\shell3.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ShellPerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\TapiPerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Theme_MoreWindows_PerUser]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 C:\WINDOWS\INF\themes.inf
>>>>> TCP/IP Configuration <<<<<

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Net\0000]
DeviceVxDs = pppmac.vxd
DriverDesc = Dial-Up Adapter
ProviderName = Microsoft
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\NetTrans\0000]
DriverDesc = TCP/IP
IPAddress = 0.0.0.0
IPMask = 0.0.0.0

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Net\0001]
DeviceVxDs = usb8023.sys
DriverDesc = Motorola SURFboard SB5120 USB Cable Modem
ProviderName = Motorola
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\NetTrans\0001]
DriverDesc = TCP/IP
IPAddress = 0.0.0.0
IPMask = 0.0.0.0

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\DHCP\DhcpInfo00]
DhcpIPAddress = ( 24 46 104 119 ) - .hw
DhcpServer = ( 167 206 3 203 ) - 
DhcpSubnetMask = ( 255 255 248 0 ) -
IPAutoconfigurationAddress = 0.0.0.0

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP]
EnableDNS = 0

>>>>> WinSock2 Parameters <<<<<

>>>>> Default Protocols [HKLM] <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@ivt - 1 = Local intranet
file - 3 = Internet
ftp - 3 = Internet
http - 3 = Internet
https - 3 = Internet
shell - shell protocol not assigned

>>>>> Protocol Handlers <<<<<

>>>>> Protocol Filters <<<<<

>>>>> Downloaded Program Files <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\DownloadInformation]
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab
INF = C:\WINDOWS\Downloaded Program Files\QTPlugin.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\DownloadInformation]
CODEBASE = http://go.microsoft.com/fwlink/?linkid=58813
INF = C:\WINDOWS\Downloaded Program Files\OGAControl.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}\DownloadInformation]
CODEBASE = http://www.kaspersky.com/kos/eng/partner/d...ebscan_ansi.cab
INF = C:\WINDOWS\Downloaded Program Files\kavwebscan.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\DownloadInformation]
CODEBASE = http://security.symantec.com/sscv6/SharedC...n9x/AvSniff.cab
INF = C:\WINDOWS\Downloaded Program Files\avsniff.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\DownloadInformation]
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab
INF = C:\WINDOWS\Downloaded Program Files\oscan8.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\DownloadInformation]
CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
INF = C:\WINDOWS\Downloaded Program Files\CabSA.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{77E32299-629F-43C6-AB77-6A1E6D7663F6}\DownloadInformation]
CODEBASE = http://www.nick.com/common/groove/gx/GrooveAX27.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\DownloadInformation]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...9089.3098958333
INF = C:\WINDOWS\Downloaded Program Files\iuctl.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\DownloadInformation]
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc4.cab
INF = C:\WINDOWS\Downloaded Program Files\opuc.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab
INF = C:\WINDOWS\Downloaded Program Files\swflash.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}\DownloadInformation]
CODEBASE = http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation]
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation]
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

Files / Folders Created Within 60 Days

C:\B17 [Folder | Created Date = 5/6/1875 8:59:50 PM | Attr = ]
C:\install.dat [Ver = | Size = 164 bytes | Created Date = 4/5/2007 6:42:44 PM | Attr = ]
C:\WINDOWS\All Users\Application Data\Adobe [Folder | Created Date = 9/3/1874 9:11:13 PM | Attr = ]
C:\WINDOWS\All Users\Application Data\OLYMPUS [Folder | Created Date = 9/10/1874 4:23:45 PM | Attr = ]
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy [Folder | Created Date = 9/3/1874 9:11:13 PM | Attr = ]
C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT [Ver = | Size = 60672 bytes | Created Date = 4/5/2007 6:11:36 PM | Attr = ]
C:\WINDOWS\Application Data\OfficeUpdate12 [Folder | Created Date = 9/10/1874 4:23:45 PM | Attr = ]
C:\WINDOWS\Application Data\Webroot [Folder | Created Date = 9/3/1874 9:11:13 PM | Attr = ]
C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT [Ver = | Size = 60672 bytes | Created Date = 4/5/2007 6:11:36 PM | Attr = ]
C:\WINDOWS\Application Data\OfficeUpdate12 [Folder | Created Date = 9/10/1874 4:23:45 PM | Attr = ]
C:\WINDOWS\Application Data\Webroot [Folder | Created Date = 9/3/1874 9:11:13 PM | Attr = ]
strAllUsersDocuments is undefined.
C:\My Documents\V Twin Cat [Folder | Created Date = 9/10/1874 4:23:45 PM | Attr = ]
C:\My Documents\My Videos [Folder | Created Date = 9/3/1874 9:11:13 PM | Attr = ]
C:\My Documents\I just.doc [Ver = | Size = 19968 bytes | Created Date = 4/12/2007 9:10:44 PM | Attr = ]
C:\My Documents\I can.doc [Ver = | Size = 20480 bytes | Created Date = 4/12/2007 9:12:09 PM | Attr = ]
C:\WINDOWS\Desktop\Microsoft Excel.lnk [Ver = | Size = 1393 bytes | Created Date = 4/7/2007 6:28:15 PM | Attr = ]
C:\WINDOWS\Desktop\Windows Media Player.lnk [Ver = | Size = 494 bytes | Created Date = 4/5/2007 9:01:40 PM | Attr = ]
C:\WINDOWS\Desktop\Microsoft Publisher.lnk [Ver = | Size = 1367 bytes | Created Date = 4/7/2007 11:09:18 AM | Attr = ]
C:\WINDOWS\Desktop\Norton SystemWorks.lnk [Ver = | Size = 558 bytes | Created Date = 4/1/2007 8:34:33 PM | Attr = ]
C:\WINDOWS\Desktop\MSN.lnk [Ver = | Size = 569 bytes | Created Date = 4/6/2007 12:53:17 PM | Attr = ]
C:\WINDOWS\Desktop\HP Solution Center.lnk [Ver = | Size = 561 bytes | Created Date = 4/4/2007 2:25:00 PM | Attr = ]
C:\WINDOWS\Desktop\Microsoft Word.lnk [Ver = | Size = 1395 bytes | Created Date = 4/7/2007 6:28:20 PM | Attr = ]
C:\WINDOWS\Desktop\Calculator.lnk [Ver = | Size = 319 bytes | Created Date = 4/5/2007 9:01:36 PM | Attr = ]
C:\WINDOWS\Desktop\RingCentral SmartFax 2002.lnk [Ver = | Size = 492 bytes | Created Date = 4/4/2007 2:34:41 PM | Attr = ]
C:\WINDOWS\Desktop\Spy Sweeper.lnk [Ver = | Size = 443 bytes | Created Date = 4/5/2007 6:44:49 PM | Attr = ]
C:\WINDOWS\Start Menu\Programs\StartUp\CleanSweep Smart Sweep-Internet Sweep.lnk [Ver = | Size = 558 bytes | Created Date = 4/1/2007 7:44:59 AM | Attr = ]
C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk [Ver = | Size = 560 bytes | Created Date = 4/5/2007 8:54:03 AM | Attr = ]
C:\WINDOWS\BDOSCAN8 [Folder | Created Date = 9/10/1874 4:23:45 PM | Attr = ]
C:\WINDOWS\BBSTORE [Folder | Created Date = 9/3/1874 9:11:13 PM | Attr = ]
C:\WINDOWS\SYSTEM.INI [Ver = | Size = 2201 bytes | Created Date = 4/12/2007 3:45:32 PM | Attr = ]
C:\WINDOWS\WAVEMIX.INI [Ver = | Size = 54 bytes | Created Date = 4/12/2007 3:45:32 PM | Attr = ]
C:\WINDOWS\POWERPNT.INI [Ver = | Size = 60 bytes | Created Date = 4/12/2007 3:45:32 PM | Attr = ]
C:\WINDOWS\SOL.INI [Ver = | Size = 22 bytes | Created Date = 4/4/2007 7:34:58 PM | Attr = ]
C:\WINDOWS\USER.DAT [Ver = | Size = 1351712 bytes | Created Date = 4/11/2007 4:51:30 PM | Attr = RH ]
C:\WINDOWS\SYSTEM.DAT [Ver = | Size = 3837984 bytes | Created Date = 4/10/2007 9:31:25 PM | Attr = RH ]
C:\WINDOWS\CLASSES.DAT [Ver = | Size = 7688224 bytes | Created Date = 4/7/2007 11:51:34 AM | Attr = RH ]
C:\WINDOWS\WININIT.BAK [Ver = | Size = 3734 bytes | Created Date = 4/7/2007 11:44:37 AM | Attr = ]
C:\WINDOWS\SETUP32.INI [Ver = | Size = 0 bytes | Created Date = 3/27/2007 8:40:38 PM | Attr = ]
C:\WINDOWS\RESTREG.BAT [Ver = | Size = 969 bytes | Created Date = 4/7/2007 10:56:05 AM | Attr = ]
C:\WINDOWS\IPLAYER.INI [Ver = | Size = 0 bytes | Created Date = 2/20/2007 4:38:41 PM | Attr = ]
C:\WINDOWS\unvise32qt.exe MindVision [Ver = 2.8.3 | Size = 86016 bytes | Created Date = 2/20/2007 4:45:53 PM | Attr = ]
C:\WINDOWS\r0viewinfo.ini [Ver = | Size = 425 bytes | Created Date = 3/8/2007 10:33:41 AM | Attr = ]
C:\WINDOWS\R0RM.INI [Ver = | Size = 367 bytes | Created Date = 3/8/2007 10:25:49 AM | Attr = ]
C:\WINDOWS\R0DB.INF [Ver = | Size = 587 bytes | Created Date = 3/8/2007 10:25:49 AM | Attr = ]
C:\WINDOWS\R0SAPI.INI [Ver = | Size = 132 bytes | Created Date = 3/8/2007 10:25:49 AM | Attr = ]
C:\WINDOWS\nps22F0.ico [Ver = | Size = 2870 bytes | Created Date = 3/26/2007 12:02:47 AM | Attr = ]
C:\WINDOWS\R0FAXSRV.INI [Ver = | Size = 137 bytes | Created Date = 3/8/2007 10:25:49 AM | Attr = ]
C:\WINDOWS\R0SYSTEM.INI [Ver = | Size = 7770 bytes | Created Date = 3/8/2007 10:25:49 AM | Attr = ]
C:\WINDOWS\R0LOCAL.INI [Ver = | Size = 2543 bytes | Created Date = 3/8/2007 10:25:49 AM | Attr = ]
C:\WINDOWS\R0EDIT.INI [Ver = | Size = 2736 bytes | Created Date = 3/8/2007 10:25:49 AM | Attr = ]
C:\WINDOWS\R0DB.INI [Ver = | Size = 862 bytes | Created Date = 3/8/2007 10:25:49 AM | Attr = ]
C:\WINDOWS\MTU.INI [Ver = | Size = 450 bytes | Created Date = 3/8/2007 10:25:56 AM | Attr = ]
C:\WINDOWS\winhelp.ini [Ver = | Size = 64 bytes | Created Date = 3/8/2007 10:25:52 AM | Attr = ]
C:\WINDOWS\winstart.bat [Ver = | Size = 26 bytes | Created Date = 3/8/2007 10:26:05 AM | Attr = ]
C:\WINDOWS\tmpcpyis.bat [Ver = | Size = 123 bytes | Created Date = 3/8/2007 10:26:05 AM | Attr = ]
C:\WINDOWS\tmpdelis.bat [Ver = | Size = 122 bytes | Created Date = 3/8/2007 10:26:05 AM | Attr = ]
C:\WINDOWS\nps22F1.ico [Ver = | Size = 2870 bytes | Created Date = 3/26/2007 12:02:47 AM | Attr = ]
C:\WINDOWS\npsD4.ico [Ver = | Size = 2870 bytes | Created Date = 3/26/2007 12:00:16 AM | Attr = ]
C:\WINDOWS\ereg077.dat [Ver = | Size = 375 bytes | Created Date = 3/27/2007 8:41:20 PM | Attr = ]
C:\WINDOWS\encore_launcher.ini [Ver = | Size = 71 bytes | Created Date = 3/27/2007 8:40:33 PM | Attr = ]
C:\WINDOWS\nps1116.TMP [Ver = | Size = 0 bytes | Created Date = 4/9/2007 12:49:18 PM | Attr = ]
C:\WINDOWS\WRUninstall.dll Webroot Software, Inc [Ver = 1.0.0.0 | Size = 478720 bytes | Created Date = 4/5/2007 6:44:43 PM | Attr = ]
C:\WINDOWS\nps1120.TMP [Ver = | Size = 0 bytes | Created Date = 4/9/2007 12:49:18 PM | Attr = ]
C:\WINDOWS\ssleay32.dll [Ver = | Size = 155648 bytes | Created Date = 4/5/2007 6:44:44 PM | Attr = ]
C:\WINDOWS\libeay32.dll [Ver = | Size = 684032 bytes | Created Date = 4/5/2007 6:44:44 PM | Attr = ]
C:\WINDOWS\npsD2A0.ico [Ver = | Size = 2870 bytes | Created Date = 4/12/2007 3:45:42 PM | Attr = ]
C:\WINDOWS\npsD2A1.ico [Ver = | Size = 2870 bytes | Created Date = 4/12/2007 3:45:42 PM | Attr = ]
C:\WINDOWS\System\QuickTime [Folder | Created Date = 9/3/1874 9:11:13 PM | Attr = ]
C:\WINDOWS\System\Kaspersky Lab [Folder | Created Date = 9/10/1874 4:23:45 PM | Attr = ]
C:\WINDOWS\System\SMBIOS.DAT [Ver = | Size = 1282 bytes | Created Date = 4/10/2007 7:56:05 PM | Attr = ]
C:\WINDOWS\System\SMBIOS.EPS [Ver = | Size = 31 bytes | Created Date = 4/10/2007 7:56:05 PM | Attr = ]
C:\WINDOWS\System\islzma.dll [Ver = | Size = 102912 bytes | Created Date = 4/5/2007 6:44:47 PM | Attr = ]
C:\WINDOWS\System\wrlzma.dll [Ver = | Size = 17920 bytes | Created Date = 4/5/2007 6:44:47 PM | Attr = ]
C:\WINDOWS\System\OGACheckControl.DLL [Ver = | Size = 676224 bytes | Created Date = 3/5/2007 12:34:28 PM | Attr = ]
C:\WINDOWS\System\QTPlugin.ocx Apple Computer, Inc. [Ver = 7.1.5a38 | Size = 562760 bytes | Created Date = 2/20/2007 4:42:03 PM | Attr = ]
C:\WINDOWS\System\qttask.exe Apple Computer, Inc. [Ver = 7.1.5a38 | Size = 282624 bytes | Created Date = 2/20/2007 4:42:04 PM | Attr = ]
C:\WINDOWS\System\QuickTime.qtp [Ver = | Size = 8807 bytes | Created Date = 2/20/2007 4:45:58 PM | Attr = ]
C:\WINDOWS\System\QuickTimeFavorites.qtr [Ver = | Size = 0 bytes | Created Date = 2/20/2007 4:58:57 PM | Attr = ]
C:\WINDOWS\System\R0Log.dll RingCentral, Inc. [Ver = 1.0.001 | Size = 71168 bytes | Created Date = 3/8/2007 10:25:49 AM | Attr = ]
C:\WINDOWS\System\VMTOKD.VXD Ring Zero Systems, Inc. [Ver = 1.01.002 | Size = 11395 bytes | Created Date = 3/8/2007 10:25:50 AM | Attr = ]
C:\WINDOWS\System\VMTOKD2.SYS RingCentral, Inc. [Ver = 1.00 | Size = 20646 bytes | Created Date = 3/8/2007 10:25:50 AM | Attr = ]
C:\WINDOWS\System\R0DFONT.FON [Ver = | Size = 65536 bytes | Created Date = 3/8/2007 10:25:50 AM | Attr = ]
C:\WINDOWS\System\R0TIFF.DLL [Ver = | Size = 176256 bytes | Created Date = 3/8/2007 10:25:50 AM | Attr = ]
C:\WINDOWS\System\R0IMAGE.DLL [Ver = | Size = 223488 bytes | Created Date = 3/8/2007 10:25:50 AM | Attr = ]
C:\WINDOWS\System\R0PCX.DLL [Ver = | Size = 88912 bytes | Created Date = 3/8/2007 10:25:50 AM | Attr = ]
C:\WINDOWS\System\R0GIF.DLL [Ver = | Size = 23168 bytes | Created Date = 3/8/2007 10:25:50 AM | Attr = ]
C:\WINDOWS\System\R0TGA.DLL [Ver = | Size = 68304 bytes | Created Date = 3/8/2007 10:25:50 AM | Attr = ]
C:\WINDOWS\System\R0GIF32.DLL [Ver = | Size = 19456 bytes | Created Date = 3/8/2007 10:25:50 AM | Attr = ]
C:\WINDOWS\System\R0IMG32.DLL [Ver = | Size = 185344 bytes | Created Date = 3/8/2007 10:25:50 AM | Attr = ]
C:\WINDOWS\System\R0PCX32.DLL [Ver = | Size = 33280 bytes | Created Date = 3/8/2007 10:25:50 AM | Attr = ]
C:\WINDOWS\System\R0TGA32.DLL [Ver = | Size = 58880 bytes | Created Date = 3/8/2007 10:25:50 AM | Attr = ]
C:\WINDOWS\System\R0TIFF32.DLL [Ver = | Size = 138752 bytes | Created Date = 3/8/2007 10:25:50 AM | Attr = ]
C:\WINDOWS\System\R0FAXPRN.drv winPortal, Inc. [Ver = 2.00 | Size = 24784 bytes | Created Date = 3/8/2007 10:25:50 AM | Attr = ]
C:\WINDOWS\System\UNIDRV.HLP [Ver = | Size = 16479 bytes | Created Date = 3/8/2007 10:25:52 AM | Attr = ]
C:\WINDOWS\System\RZSGSM32.ACM Ring Zero Systems Inc. [Ver = 1.01 | Size = 36352 bytes | Created Date = 3/8/2007 10:25:54 AM | Attr = ]
C:\WINDOWS\System\L3CODECP.ACM Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 0, 0, 48 | Size = 284160 bytes | Created Date = 3/8/2007 10:25:56 AM | Attr = ]
C:\WINDOWS\System\Help.ico [Ver = | Size = 1406 bytes | Created Date = 3/23/2007 8:10:20 PM | Attr = ]
C:\WINDOWS\System\Uninstall.ico [Ver = | Size = 2550 bytes | Created Date = 3/23/2007 8:11:06 PM | Attr = ]
C:\WINDOWS\System\asuninst.exe Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 3/23/2007 8:11:32 PM | Attr = ]

Files / Folders Modified Within 30 Days

C:\BOOTLOG.PRV [Ver = | Size = 81843 bytes | Modified Date = 4/5/2007 10:27:32 PM | Attr = H ]
C:\install.dat [Ver = | Size = 164 bytes | Modified Date = 4/5/2007 7:42:46 PM | Attr = ]
C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT [Ver = | Size = 60672 bytes | Modified Date = 4/5/2007 7:11:38 PM | Attr = ]
C:\WINDOWS\Application Data\OfficeUpdate12 [Folder | Modified Date = 4/5/2007 9:17:10 AM | Attr = ]
C:\WINDOWS\Application Data\Webroot [Folder | Modified Date = 4/5/2007 7:35:50 PM | Attr = ]
C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT [Ver = | Size = 60672 bytes | Modified Date = 4/5/2007 7:11:38 PM | Attr = ]
C:\WINDOWS\Application Data\OfficeUpdate12 [Folder | Modified Date = 4/5/2007 9:17:10 AM | Attr = ]
C:\WINDOWS\Application Data\Webroot [Folder | Modified Date = 4/5/2007 7:35:50 PM | Attr = ]
strAllUsersDocuments is undefined.
C:\My Documents\V Twin Cat [Folder | Modified Date = 4/2/2007 6:33:42 PM | Attr = ]
C:\My Documents\I just.doc [Ver = | Size = 19968 bytes | Modified Date = 4/12/2007 10:10:46 PM | Attr = ]
C:\My Documents\I can.doc [Ver = | Size = 20480 bytes | Modified Date = 4/12/2007 10:12:12 PM | Attr = ]
C:\WINDOWS\Desktop\Microsoft Excel.lnk [Ver = | Size = 1393 bytes | Modified Date = 4/7/2007 7:28:16 PM | Attr = ]
C:\WINDOWS\Desktop\Windows Media Player.lnk [Ver = | Size = 494 bytes | Modified Date = 4/5/2007 10:01:42 PM | Attr = ]
C:\WINDOWS\Desktop\Microsoft Publisher.lnk [Ver = | Size = 1367 bytes | Modified Date = 4/7/2007 12:09:20 PM | Attr = ]
C:\WINDOWS\Desktop\Norton SystemWorks.lnk [Ver = | Size = 558 bytes | Modified Date = 4/1/2007 9:34:34 PM | Attr = ]
C:\WINDOWS\Desktop\Norton Personal Firewall.lnk [Ver = | Size = 677 bytes | Modified Date = 4/7/2007 10:14:54 PM | Attr = ]
C:\WINDOWS\Desktop\MSN.lnk [Ver = | Size = 569 bytes | Modified Date = 4/6/2007 1:53:18 PM | Attr = ]
C:\WINDOWS\Desktop\HP Solution Center.lnk [Ver = | Size = 561 bytes | Modified Date = 4/4/2007 3:25:02 PM | Attr = ]
C:\WINDOWS\Desktop\Microsoft Word.lnk [Ver = | Size = 1395 bytes | Modified Date = 4/7/2007 7:28:22 PM | Attr = ]
C:\WINDOWS

#6 krh1326

krh1326
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 12 April 2007 - 09:32 PM

C:\WINDOWS\Desktop\Microsoft Word.lnk [Ver = | Size = 1395 bytes | Modified Date = 4/7/2007 7:28:22 PM | Attr = ]
C:\WINDOWS\Desktop\Calculator.lnk [Ver = | Size = 319 bytes | Modified Date = 4/5/2007 10:01:38 PM | Attr = ]
C:\WINDOWS\Desktop\RingCentral SmartFax 2002.lnk [Ver = | Size = 492 bytes | Modified Date = 4/4/2007 3:34:42 PM | Attr = ]
C:\WINDOWS\Desktop\Spy Sweeper.lnk [Ver = | Size = 443 bytes | Modified Date = 4/5/2007 7:44:50 PM | Attr = ]
C:\WINDOWS\Start Menu\Programs\StartUp\CleanSweep Smart Sweep-Internet Sweep.lnk [Ver = | Size = 558 bytes | Modified Date = 4/1/2007 8:45:00 AM | Attr = ]
C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk [Ver = | Size = 560 bytes | Modified Date = 4/5/2007 9:54:04 AM | Attr = ]
C:\WINDOWS\BDOSCAN8 [Folder | Modified Date = 3/23/2007 9:37:36 PM | Attr = ]
C:\WINDOWS\BBSTORE [Folder | Modified Date = 3/27/2007 9:41:12 PM | Attr = ]
C:\WINDOWS\KENHENRI.PWL [Ver = | Size = 706 bytes | Modified Date = 4/4/2007 3:34:44 PM | Attr = ]
C:\WINDOWS\SYSTEM.INI [Ver = | Size = 2201 bytes | Modified Date = 4/12/2007 4:45:34 PM | Attr = ]
C:\WINDOWS\ODBCINST.INI [Ver = | Size = 4117 bytes | Modified Date = 4/5/2007 9:57:34 AM | Attr = ]
C:\WINDOWS\WIN.INI [Ver = | Size = 8299 bytes | Modified Date = 4/4/2007 3:35:32 PM | Attr = ]
C:\WINDOWS\WAVEMIX.INI [Ver = | Size = 54 bytes | Modified Date = 4/12/2007 4:45:34 PM | Attr = ]
C:\WINDOWS\POWERPNT.INI [Ver = | Size = 60 bytes | Modified Date = 4/12/2007 4:45:34 PM | Attr = ]
C:\WINDOWS\CONTROL.INI [Ver = | Size = 980 bytes | Modified Date = 4/11/2007 5:53:14 PM | Attr = ]
C:\WINDOWS\SYSTEM.CB [Ver = | Size = 116 bytes | Modified Date = 4/5/2007 8:33:02 PM | Attr = ]
C:\WINDOWS\ODBC.INI [Ver = | Size = 895 bytes | Modified Date = 4/7/2007 12:47:48 PM | Attr = ]
C:\WINDOWS\SOL.INI [Ver = | Size = 22 bytes | Modified Date = 4/4/2007 8:35:00 PM | Attr = ]
C:\WINDOWS\USER.DAT [Ver = | Size = 1351712 bytes | Modified Date = 4/12/2007 10:14:12 PM | Attr = RH ]
C:\WINDOWS\SYSTEM.DAT [Ver = | Size = 3837984 bytes | Modified Date = 4/12/2007 10:12:06 PM | Attr = RH ]
C:\WINDOWS\CLASSES.DAT [Ver = | Size = 7688224 bytes | Modified Date = 4/12/2007 10:13:28 PM | Attr = RH ]
C:\WINDOWS\WININIT.BAK [Ver = | Size = 3734 bytes | Modified Date = 4/7/2007 12:53:10 PM | Attr = ]
C:\WINDOWS\SETUP32.INI [Ver = | Size = 0 bytes | Modified Date = 3/27/2007 9:40:40 PM | Attr = ]
C:\WINDOWS\wininitlog.old [Ver = | Size = 8810 bytes | Modified Date = 4/7/2007 1:10:54 PM | Attr = ]
C:\WINDOWS\RESTREG.BAT [Ver = | Size = 969 bytes | Modified Date = 4/7/2007 11:56:06 AM | Attr = ]
C:\WINDOWS\r0viewinfo.ini [Ver = | Size = 425 bytes | Modified Date = 3/18/2007 2:35:08 PM | Attr = ]
C:\WINDOWS\nps22F0.ico [Ver = | Size = 2870 bytes | Modified Date = 3/26/2007 1:02:48 AM | Attr = ]
C:\WINDOWS\R0SYSTEM.INI [Ver = | Size = 7770 bytes | Modified Date = 4/4/2007 3:36:24 PM | Attr = ]
C:\WINDOWS\R0EDIT.INI [Ver = | Size = 2736 bytes | Modified Date = 4/5/2007 10:06:14 AM | Attr = ]
C:\WINDOWS\R0DB.INI [Ver = | Size = 862 bytes | Modified Date = 4/4/2007 3:34:44 PM | Attr = ]
C:\WINDOWS\MTU.INI [Ver = | Size = 450 bytes | Modified Date = 3/26/2007 11:04:58 AM | Attr = ]
C:\WINDOWS\nps22F1.ico [Ver = | Size = 2870 bytes | Modified Date = 3/26/2007 1:02:48 AM | Attr = ]
C:\WINDOWS\npsD4.ico [Ver = | Size = 2870 bytes | Modified Date = 3/26/2007 1:00:18 AM | Attr = ]
C:\WINDOWS\ereg077.dat [Ver = | Size = 375 bytes | Modified Date = 3/27/2007 9:42:30 PM | Attr = ]
C:\WINDOWS\encore_launcher.ini [Ver = | Size = 71 bytes | Modified Date = 3/27/2007 9:40:34 PM | Attr = ]
C:\WINDOWS\nps1116.TMP [Ver = | Size = 0 bytes | Modified Date = 4/9/2007 1:49:20 PM | Attr = ]
C:\WINDOWS\nps1120.TMP [Ver = | Size = 0 bytes | Modified Date = 4/9/2007 1:49:20 PM | Attr = ]
C:\WINDOWS\npsD2A0.ico [Ver = | Size = 2870 bytes | Modified Date = 4/12/2007 4:45:44 PM | Attr = ]
C:\WINDOWS\npsD2A1.ico [Ver = | Size = 2870 bytes | Modified Date = 4/12/2007 4:45:44 PM | Attr = ]
C:\WINDOWS\System\Kaspersky Lab [Folder | Modified Date = 4/3/2007 5:36:06 PM | Attr = ]
C:\WINDOWS\System\SMBIOS.DAT [Ver = | Size = 1282 bytes | Modified Date = 4/10/2007 8:56:06 PM | Attr = ]
C:\WINDOWS\System\SMBIOS.EPS [Ver = | Size = 31 bytes | Modified Date = 4/10/2007 8:56:06 PM | Attr = ]
C:\WINDOWS\System\QuickTime.qtp [Ver = | Size = 8807 bytes | Modified Date = 3/20/2007 7:31:24 AM | Attr = ]
C:\WINDOWS\System\Help.ico [Ver = | Size = 1406 bytes | Modified Date = 3/23/2007 9:11:06 PM | Attr = ]
C:\WINDOWS\System\Uninstall.ico [Ver = | Size = 2550 bytes | Modified Date = 3/23/2007 9:11:08 PM | Attr = ]

File String Scan (Non-Microsoft Only)
AllUsersDocuments is undefined.
[abetterinternet.com , ad-w-a-r-e.com , web-nex , ]C:\WINDOWS\USER.DAT ()
[Thawte Consulting , USERTRUST , ]C:\WINDOWS\SYSTEM.DAT ()
[Thawte Consulting , USERTRUST , ]C:\WINDOWS\SYSTEM.NU7 ()
[PTech , ]C:\WINDOWS\System\MDACRDME.HTM ()

< End of report >

#7 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 AM

Posted 13 April 2007 - 07:12 AM

  • Download Silent runners by Andrew Aronoff from here
  • Unzip/extract it to a folder on your desktop
  • Double click on Silent Runners.vbs to start Silent runners
  • If your antivirus warns you about a script, allow it to run, this script does not contain malicious code
  • You will be asked if you want skip the supplementary search, click Yes
  • Wait for Silent runners to inform you that it has finished
  • A log will be created in the same folder as Silent Runners.vbs
  • It will have a name of Startup Programs (yourusername) date-time.txt
  • Use notepad to open that file
  • Copy and paste the contents as a reply to this topic
  • Run HijackThis
  • Click on Open the Misc Tools section
  • Tick these two options:
    • List also minor sections (full)
    • List empty sections (complete)
  • Now click on Generate StartupList log
  • Click Yes to the prompt
  • A notepad window will open
  • Copy and paste the contents of that window as a reply to this topic
Go here to run an online scannner from Kaspersky.
  • Click on "Kaspersky Online Scanner"
  • A new smaller window will pop up. Press on "Accept". After reading the contents.
  • Now Kaspersky will update the anti-virus database. Let it run.
  • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
  • Then click on "My Computer", and the scan will start.
  • Once finished, save the log as "KAV.txt" to the desktop.
Post back with the silent runners log, the startuplist, the kaspersky log and a new HijackThis log

#8 krh1326

krh1326
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 15 April 2007 - 12:44 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:37:53 PM, on 4/15/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\ISSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MSN\MSNIA\MSNIASVC.EXE
C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Personal Firewall\ISSVC.exe"
O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...n9x/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...ebscan_ansi.cab



<html>
<head>
<title>KASPERSKY ONLINE SCANNER REPORT</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
</head>

<style>
.pagetitle { font-size:20px; color:#FFFFFF; font-family: Arial, Geneva, sans-serif; }
.text { font-size:11px; font-family: Arial, Geneva, sans-serif; }
TD { font-size:11px; font-family: Arial, Geneva, sans-serif; }
</style>

<body>
<table width='100%' height='110' border='0'>
<tr height='30' align='center' bgcolor='#005447'>
<td colspan='2' height='30' class='pagetitle'>
<b>KASPERSKY ONLINE SCANNER REPORT</b>
</td>
</tr>
<tr height='70'>
<td colspan='2' height='70'>
Sunday, April 15, 2007 1:35:14 PM<br>
Operating System: Microsoft Windows Millennium Edition<br>
Kaspersky Online Scanner version: 5.0.83.0<br>
Kaspersky Anti-Virus database last update: 15/04/2007<br>
Kaspersky Anti-Virus database records: 297603<br>
</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
</table>
<table width='100%' height='145' border='0'>
<tr height='20' bgcolor='#EFEBDE'>
<td colspan='2' height='20'><b>Scan Settings</b></td>
</tr>
<tr height='15'>
<td height='15' width='250'>Scan using the following antivirus database</td>
<td>extended</td>
</tr>
<tr height='15'>
<td height='15'>Scan Archives</td>
<td>true</td>
</tr>
<tr height='15'>
<td height='15'>Scan Mail Bases</td>
<td>true</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
<tr height='20' bgcolor='#EFEBDE'>
<td height='20'><b>Scan Target</b></td>
<td>My Computer</td>
</tr>
<tr height='20'>
<td colspan='2' height='20'>
a:\<br>
c:\<br>
d:\<br>
e:\
</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
<tr height='20' bgcolor='#EFEBDE'>
<td colspan='2' height='20'><b>Scan Statistics</b></td>
</tr>
<tr height='15'>
<td height='15'>Total number of scanned objects</td>
<td>87946</td>
</tr>
<tr height='15'>
<td height='15'>Number of viruses found</td>
<td>0</td>
</tr>
<tr height='15'>
<td height='15'>Number of infected objects</td>
<td>0 / 0</td>
</tr>
<tr height='15'>
<td height='15'>Number of suspicious objects</td>
<td>0</td>
</tr>
<tr height='15'>
<td height='15'>Duration of the scan process</td>
<td>01:01:31</td>
</tr>
</table>
<br>
<table width='100%' border='0'>
<tr height='20' bgcolor='#EFEBDE'>
<td height='20'><b>Infected Object Name</b></td>
<td width='200'><b>Virus Name</b></td>
<td width='100'><b>Last Action</b></td>
</tr>
<tr height='20'>
<td height='20'>c:\_RESTORE\LOGS\vxdsfp.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\_RESTORE\LOGS\vxdalt1.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\SYSTEM\WBEM\REPOSITORY\CIM.REP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbd </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbk </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbd </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbk </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\TEMP\fdr-145477519.fdr </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Microsoft\MSN\db\KRHenrikson-MSN-Com.sdf </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\MSN6\UserData\{DBA38A40-32A1-01C7-0200-000025DD54B1}\favthumb.dbx </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS8545D606-D61A-4F32-A8FD-96A04C964E08.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS3D958A89-9B57-4ED9-BBA0-D293961FA737.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSAC76AC01-A686-4042-BFF7-156C9A9072BB.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS709452C9-F28F-4B85-89BB-3C0EDC8C0585.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS146ED709-C2A3-4AE0-B6D2-B0BBEFCA12A7.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC880F34-5C45-4AB4-8C20-D6E7E8FB6B7E.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSC2E7EE60-E4DC-4CA9-892E-2EDE05FCCB87.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSD59D4B2A-62EC-48FB-8931-964C72C0C770.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSC9CC8168-0F96-4444-8642-B3F79325DA0C.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS409EEECA-9ABB-4A8E-91DF-09ABBE5C4444.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSF8549C03-8CB5-4895-AF10-84146ACAA328.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSF76D49A2-22F8-4504-ACA9-D89131C88CAB.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS5248667A-0F1F-4DB8-9F10-80EDAC00C059.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS889C415F-93CB-4DD1-AF7C-62323C7E5C5E.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS89643C0D-72F0-4FD6-8BEA-38E535E39DA0.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSDC76293E-84AE-49D0-87EF-867EC6ACAAA2.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS7ECF875A-6539-4AC7-BDF9-E0CDA22F19B4.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSC48B9B59-D98C-4DE6-B8D2-F3C11F195CC0.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS16D13048-92A3-402B-A5EC-79EF50B01F54.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS4AD079EE-247A-47DF-9D9F-F291EEEC091A.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS787AC494-52BF-433E-ABB1-7C5AEDAB3D10.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSF2408A80-D4EF-44EF-81EA-E642250E9487.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS9D18F1FF-D26B-4205-B6CD-B4C26A94BA51.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSB2F9DB0D-F39D-4D2C-B009-B99713DF92DE.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS823D9424-25FA-4380-BFA2-331FDC65377A.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS63B1DA7E-7044-4365-9D62-E55F56B23F88.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFBE9E10-71A7-4A96-BBDD-023CEC6BEA55.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS0E8E1AE7-6811-44D7-B57A-2450522DEF52.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSEC6402B4-5E5D-44A3-9585-1039CB7C8828.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCFDE3980-C416-45DD-8FD7-54C55634C8F9.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSFA3F43DA-427C-46C6-8015-6E646ABDAAA0.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSADF0A4EC-1EE8-49B0-97EF-85E9ECBC816B.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS517F950D-2386-4F18-A16C-03D1A4D5152C.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSA4C5F290-7136-4B58-BC6E-046FEF93B4B9.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSD8EC3FB7-5B7B-43F2-8776-D1F003AF12AF.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS6BA389AD-AAA8-4419-9821-792E866DC5BF.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSB2D205A1-5201-4BD1-BDCA-1581DDC30AA0.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSEC9265EE-6884-430D-979E-CF1E74F58D13.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSB9B4509C-139D-4B12-94D2-EB16656CE7FA.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS12B6E7C3-1649-490A-9CCB-3914100A597C.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS8D0763A9-DB69-427F-818D-9659223EB96E.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS594A32E5-6335-4737-91B9-DF3A7BF7445C.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS0B59D7C9-3805-4424-A8BA-EF90C194D48B.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSF71B3852-5347-406F-A64F-AAD128966E1B.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSA8F58524-A633-47A3-ABF3-777287F0974F.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSB1D9EF74-6F6A-4623-A9BA-5E1648F32F63.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS558B1DB1-3F88-4283-82D5-F7F9777C0399.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSE41FB19E-694D-4204-AF66-9DF1DF1B486A.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSBA811233-A7C2-4D3C-B1FD-9626763998F4.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS679B243F-D8FB-4F71-8BDE-2AEA969F6A50.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS39E8CC8A-2669-4339-AD1D-AA99EE42D897.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS6FCA8C6E-CCB7-451A-9A06-3828DB144007.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS3FCA60C2-DF60-43B5-839F-FF018884E638.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSB99312C5-38BC-4EA9-8E84-251E5302C63C.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSE2B6678A-CF4A-432F-878F-CABA36048A5C.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS56AB2BE1-533D-49DD-A13E-F04DD2987BB2.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSA6F89322-F39C-4382-8F23-772BE74A7355.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSD52CA97B-E28F-4940-A37F-633A8378CB39.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS82DA8E0C-B517-4504-BCF1-1AF4288E28E7.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS8B74AF8E-EABD-4B9D-A07E-44DC2749A6E9.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSB3B38B75-E0F1-4E42-AF8C-F754AECCDB38.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS02B31FBC-9CA1-4C0F-A590-1FAFE3836E47.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS79904C81-73B9-43CC-A7D0-B9CA448FD0DA.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS7D2579BC-1E11-433A-9ED9-7D82E72E9B19.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSA91CB3AC-0464-4833-B898-70B9C21D9CF0.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2670DB4-C63A-407F-9098-FC6C751D71B7.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSC4C5D011-BA55-43E4-926E-760300FC87F2.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS4260DF9F-99A9-48A1-A06B-CEFE7C803FE2.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS4B83123F-F6A9-4572-9649-3D4A82FB1816.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSD0C9FEB5-05A8-4411-948F-2CA5404CC4F0.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSA00A8174-A9AC-40A5-911F-70992C59F31F.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS056B3D7C-ED17-4D3D-8B19-D9FEC2B30665.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSDB505B2D-6496-4562-A092-B3D5EFEE2B1C.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS61A35717-30D6-4CD8-B46B-02726A0D7883.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS7CA46924-4DC9-4A15-A693-E704CB5E26E5.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS5EE9EF0D-AA0E-443C-8E38-9DF24F5026DA.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS6E2361F5-A6A8-4201-873C-6BB7C1367EFC.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS0611FE0A-4B9A-459A-A046-CE1B591B1164.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSF05402B9-9C67-47F3-912B-CAA038267062.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS5C4F0361-FFC8-4D77-8DBB-741F8E050907.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS2CA0D1E2-1EF8-4F23-B839-BE194B43F570.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS8AED9EC4-4ACA-49C8-BD15-E7AD48DB0C3D.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS45ECA9A0-84CC-4D14-A203-0F584AE7B21B.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS0F8EDFAB-0DFF-422E-B5A6-26D5773B73D5.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSE14A6F83-7999-4AB0-8694-787016467976.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS6BF4046B-7D0D-4941-8246-C6D4A1DD278F.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS784F5D47-52B7-44D8-B84B-AABD0F91EC0C.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSE4828D07-E70C-4DB3-9E91-1FFA6835EB99.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSEB21E39A-7FE6-4AE5-AA05-332507BBEFA1.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSAD748E63-CDF7-4554-AC27-5350DBC6B99E.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS2EF8C437-7126-4E6C-81F8-8FF3097F4E50.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSFA25427E-DC63-40D6-9A3F-0DA8DFDE4396.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSA8092507-D73A-49EA-9329-5200F26D33B2.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS572C6145-0314-4574-B6A7-539D03B292DE.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS69DB4D89-A2B5-4A0B-B251-671CCB756AA5.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS3017C8A4-973B-4701-8B64-6685B0F92141.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS0EE32316-032C-40F3-849A-F52BFB2433D3.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS3A55F651-FE23-42F8-812C-C286F9DE59B3.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSF0E90394-DE74-44D0-9ECB-0667E63A2003.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS6D7D28D0-F075-498D-A4D5-A984E93F2131.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS9690EF93-12A9-4D4B-9C6D-37787A1C6FC2.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS0F1752C5-3899-4344-91A1-1555F7ABB30B.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS8FB208C3-426F-48FA-BBB0-EF63E819311D.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS4D2ECBB0-09EF-42EE-AF24-F96E4C3311B5.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Logs\070405203601.ses </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Temporary Internet Files\Content.IE5\Y5V458JQ\ADSAdClient31[13] </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Temporary Internet Files\Content.IE5\CVIJKF4V\ADSA

#9 krh1326

krh1326
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 15 April 2007 - 12:47 PM

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows Me (Millennium Edition)
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
"TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]
"PCHealth" = "C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s" [MS]
"SystemTray" = "SysTray.Exe" [MS]
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ccRegVfy" = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" ["Symantec Corporation"]
"NPROTECT" = "C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer" ["Symantec Corporation"]
"QD FastAndSafe" = "(empty string)" [file not found]
"Symantec Core LC" = "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start" ["Symantec Corporation"]
"LoadQM" = "loadqm.exe" [MS]
"SpySweeper" = ""C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray" ["Webroot Software, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ {++}
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"SSDPSRV" = "C:\WINDOWS\SYSTEM\ssdpsrv.exe" [MS]
"*StateMgr" = "C:\WINDOWS\System\Restore\StateMgr.exe" [MS]
"ATIPOLL" = "ati2evxx.exe" ["ATI Technologies Inc."]
"ATISmart" = "C:\WINDOWS\SYSTEM\ati2s9ag.exe" [" "]
"KB918547" = "C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE" [MS]
"KB891711" = "C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE" [MS]
"ccEvtMgr" = ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
"ScriptBlocking" = ""C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg" ["Symantec Corporation"]
"CSINJECT.EXE" = "C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE" ["Symantec Corporation"]
"NPROTECT" = "C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE" ["Symantec Corporation"]
"SymTray - Norton SystemWorks" = "C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"" ["Symantec Corporation"]
"ALU Scheduler Service" = "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" ["Symantec Corporation"]
"ccSetMgr" = ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
"ISSVC" = ""C:\Program Files\Norton Personal Firewall\ISSVC.exe"" ["Symantec Corporation"]
"ccProxy" = "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" ["Symantec Corporation"]
"MSNIA" = "C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE" [MS]
"StillImageMonitor" = "C:\WINDOWS\SYSTEM\STIMON.EXE" [MS]

HKLM\Software\Microsoft\Active Setup\Installed Components\
PerUser_CVT_Inis\(Default) = "Windows Setup - FAT32 Converter"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {HKLM...CLSID} = "CNavExtBho Class"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Personal Firewall"
-> {HKLM...CLSID} = "CNisExtBho Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {HKLM...CLSID} = "Universal Plug and Play Devices"
\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\UPNPUI.DLL" [MS]
"{30424D42-5946-11D2-B8E5-006097C9C6FF}" = "Norton WipeInfo"
-> {HKLM...CLSID} = "Wipe Info"
\InProcServer32\(Default) = "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\WFSHELEX.DLL" ["Symantec Corporation"]
"{5E44E225-A408-11CF-B581-008029601108}" = "Roxio DragToDisc Shell Extension"
-> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension"
\InProcServer32\(Default) = "C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 6\DRAGTODISC\SHELLEX.DLL" ["Roxio"]
"{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC}" = "My Media"
-> {HKLM...CLSID} = "My Media"
\InProcServer32\(Default) = "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll" ["Roxio, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Norton WipeInfo\(Default) = "{30424D42-5946-11D2-B8E5-006097C9C6FF}"
-> {HKLM...CLSID} = "Wipe Info"
\InProcServer32\(Default) = "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\WFSHELEX.DLL" ["Symantec Corporation"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Norton WipeInfo\(Default) = "{30424D42-5946-11D2-B8E5-006097C9C6FF}"
-> {HKLM...CLSID} = "Wipe Info"
\InProcServer32\(Default) = "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\WFSHELEX.DLL" ["Symantec Corporation"]
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\WEBROOT\SPYSWE~1\SSCTXMNU.DLL" ["Webroot Software, Inc."]


System Policies {policy setting}:
---------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"CDRAutoRun" = (REG_BINARY) hex:00 00 00 00
{unrecognized setting}

HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\

"Homepage" = (REG_DWORD) hex:0x00000000
{Disable changing home page settings}

HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\

"NoBrowserOptions" = (REG_DWORD) hex:0x00000000
{Tools menu: Disable Internet Options... menu option}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Startup items in "Startup" & "All Users...Startup" folders:
-----------------------------------------------------------

C:\WINDOWS\Start Menu\Programs\StartUp
"CleanSweep Smart Sweep-Internet Sweep" -> shortcut to: "C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe" ["Symantec Corporation"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"Tune-up Application Start" -> launches: "walign" [MS]
"PCHealth Scheduler for Data Collection" -> launches: "C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE -c" [MS]
"Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"]
"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe /task:C:\WINDOWS\ALLUSE~1\APPLIC~1\SYMANTEC\NORTON~1\TASKS\MYCOMP.SCA" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1
C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4
C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
-> {HKLM...CLSID} = "Norton Personal Firewall"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Personal Firewall"
-> {HKLM...CLSID} = "Norton Personal Firewall"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
[Strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome"

Missing lines (compared with English-language version):
[Strings]: 2 lines


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]
hpzl9x12\Driver = "hpzl9x12.dll" ["HP"]
usbmon.dll\Driver = "usbmon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 23 seconds, including 6 seconds for message boxes)




StartupList report, 4/15/2007, 12:25:25 PM
StartupList version: 1.52.2
Started from : C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\ISSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SoundMan = SOUNDMAN.EXE
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
NPROTECT = C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
QD FastAndSafe =
Symantec Core LC = C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
LoadQM = loadqm.exe
SpySweeper = "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SSDPSRV = C:\WINDOWS\SYSTEM\ssdpsrv.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
ATIPOLL = ati2evxx.exe
ATISmart = C:\WINDOWS\SYSTEM\ati2s9ag.exe
KB918547 = C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
KB891711 = C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
ccEvtMgr = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
CSINJECT.EXE = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
NPROTECT = C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
SymTray - Norton SystemWorks = C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
ALU Scheduler Service = C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
ccSetMgr = "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ISSVC = "C:\Program Files\Norton Personal Firewall\ISSVC.exe"
ccProxy = C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
MSNIA = C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[SetupcPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf

[AppletsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf

[PerUser_CVT_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf

[FontsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf

[PerUser_HNW_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_HNW_Inis 64 C:\WINDOWS\INF\ICS.inf

[PerUser_ICW_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[PerUser_moviemaker] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_moviemaker 64 C:\WINDOWS\INF\moviemk.inf

[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

[PerUser_Msinfo] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf

[PerUser_Msinfo2] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf

[MotownMmsysPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf

[MotownAvivideoPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_Base] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf

[ShellPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf

[Shell2PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf

[PerUser_winbase_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_winapps_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[TapiPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf

[PerUser_MSWordPad_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf

[PerUserOldLinks] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf

[MmoptRegisterPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf

[PerUser_CDPlayer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf

[OlsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsMsnPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf

[PerUser_PCHealth] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PCHealth 64 C:\WINDOWS\INF\pchealth.inf

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[PerUser_Paint_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_Calc_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_dxxspace_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf

[PerUser_Enable_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 C:\WINDOWS\INF\enable.inf

[PerUser_Wingames_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\games.inf

[PerUser_ZoneGame_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ZoneGame_Inis 64 C:\WINDOWS\INF\games.inf

[PerUser_PBGame_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PBGame_Inis 64 C:\WINDOWS\INF\games.inf

[MotownRecPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_Vol] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf

[MotownMPlayPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_RNA_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf

[PerUser_CharMap_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_Dialer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_ClipBrd_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf

[MmoptMusicaPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptJunglePerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptRobotzPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptUtopiaPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 C:\WINDOWS\INF\mmopt.inf

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[Shell3PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 C:\WINDOWS\INF\shell3.inf

[Theme_MoreWindows_PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 C:\WINDOWS\INF\themes.inf

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\SYSTEM\Rundll32.exe C:\WINDOWS\SYSTEM\mscories.dll,Install

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 7/4/2007, 12:53:10)

[Rename]
NUL=C:\WINDOWS\TTFCACHE
NUL=C:\WINDOWS\TTFCACHE
C:\WINDOWS\SYSTEM\RICHED20.DLL=C:\WINDOWS\SYSTEM\TBMD212.TMP
NUL=C:\WINDOWS\TTFCACHE
C:\WINDOWS\SYSTEM\RICHED20.DLL=C:\WINDOWS\SYSTEM\TBMF000.TMP
NUL=C:\WINDOWS\TTFCACHE
NUL=C:\WINDOWS\TTFCACHE
C:\WINDOWS\SYSTEM\CP_28605.NLS=C:\WINDOWS\SYSTEM\TBM311.TMP
C:\WINDOWS\SYSTEM\CP_20269.NLS=C:\WINDOWS\SYSTEM\TBM395.TMP
C:\WINDOWS\SYSTEM\CP_28592.NLS=C:\WINDOWS\SYSTEM\TBM0396.TMP
C:\WINDOWS\SYSTEM\CP_28593.NLS=C:\WINDOWS\SYSTEM\TBM396.TMP
C:\WINDOWS\SYSTEM\CP_28594.NLS=C:\WINDOWS\SYSTEM\TBM3A0.TMP
C:\WINDOWS\SYSTEM\CP_28595.NLS=C:\WINDOWS\SYSTEM\TBM03A1.TMP
C:\WINDOWS\SYSTEM\CP_28597.NLS=C:\WINDOWS\SYSTEM\TBM3A1.TMP
C:\WINDOWS\SYSTEM\CP_28599.NLS=C:\WINDOWS\SYSTEM\TBM03A4.TMP
C:\WINDOWS\SYSTEM\CP_1251.NLS=C:\WINDOWS\SYSTEM\TBM3A4.TMP
C:\WINDOWS\SYSTEM\CP_1253.NLS=C:\WINDOWS\SYSTEM\TBM03A7.TMP
C:\WINDOWS\SYSTEM\CP_1254.NLS=C:\WINDOWS\SYSTEM\TBM3A5.TMP
C:\WINDOWS\SYSTEM\CP_1255.NLS=C:\WINDOWS\SYSTEM\TBM03A8.TMP
C:\WINDOWS\SYSTEM\CP_1257.NLS=C:\WINDOWS\SYSTEM\TBM3B0.TMP
C:\WINDOWS\SYSTEM\CP_20866.NLS=C:\WINDOWS\SYSTEM\TBM03B2.TMP
C:\WINDOWS\SYSTEM\CP_21866.NLS=C:\WINDOWS\SYSTEM\TBM3B1.TMP
C:\WINDOWS\SYSTEM\CP_28591.NLS=C:\WINDOWS\SYSTEM\TBM03B3.TMP
C:\WINDOWS\SYSTEM\CP_874.NLS=C:\WINDOWS\SYSTEM\TBM03B4.TMP
C:\WINDOWS\SYSTEM\CP_932.NLS=C:\WINDOWS\SYSTEM\TBM3B2.TMP
NUL=C:\WINDOWS\TTFCACHE
C:\WINDOWS\SYSTEM\RICHED20.DLL=C:\WINDOWS\SYSTEM\TBM1236.TMP
NUL=C:\WINDOWS\TTFCACHE
C:\WINDOWS\SYSTEM\CP_28605.NLS=C:\WINDOWS\SYSTEM\TBM3090.TMP
C:\WINDOWS\SYSTEM\CP_20269.NLS=C:\WINDOWS\SYSTEM\TBM31D5.TMP
C:\WINDOWS\SYSTEM\CP_28592.NLS=C:\WINDOWS\SYSTEM\TBM31D6.TMP
C:\WINDOWS\SYSTEM\CP_28593.NLS=C:\WINDOWS\SYSTEM\TBM31D7.TMP
C:\WINDOWS\SYSTEM\CP_28594.NLS=C:\WINDOWS\SYSTEM\TBM31D8.TMP
C:\WINDOWS\SYSTEM\CP_28595.NLS=C:\WINDOWS\SYSTEM\TBM31D9.TMP
C:\WINDOWS\SYSTEM\CP_28597.NLS=C:\WINDOWS\SYSTEM\TBM31E1.TMP
C:\WINDOWS\SYSTEM\CP_28599.NLS=C:\WINDOWS\SYSTEM\TBM31E3.TMP
C:\WINDOWS\SYSTEM\CP_1251.NLS=C:\WINDOWS\SYSTEM\TBM31E6.TMP
C:\WINDOWS\SYSTEM\CP_1253.NLS=C:\WINDOWS\SYSTEM\TBM31E8.TMP
C:\WINDOWS\SYSTEM\CP_1254.NLS=C:\WINDOWS\SYSTEM\TBM31E9.TMP
C:\WINDOWS\SYSTEM\CP_1255.NLS=C:\WINDOWS\SYSTEM\TBM31EA.TMP
C:\WINDOWS\SYSTEM\CP_1257.NLS=C:\WINDOWS\SYSTEM\TBM31EC.TMP
C:\WINDOWS\SYSTEM\CP_20866.NLS=C:\WINDOWS\SYSTEM\TBM31EE.TMP
C:\WINDOWS\SYSTEM\CP_21866.NLS=C:\WINDOWS\SYSTEM\TBM31F0.TMP
C:\WINDOWS\SYSTEM\CP_28591.NLS=C:\WINDOWS\SYSTEM\TBM31F1.TMP
C:\WINDOWS\SYSTEM\CP_874.NLS=C:\WINDOWS\SYSTEM\TBM31F2.TMP
C:\WINDOWS\SYSTEM\CP_932.NLS=C:\WINDOWS\SYSTEM\TBM31F3.TMP
NUL=C:\WINDOWS\TTFCACHE
C:\WINDOWS\SYSTEM\CP_28605.NLS=C:\WINDOWS\SYSTEM\TBM3350.TMP
C:\WINDOWS\SYSTEM\CP_20269.NLS=C:\WINDOWS\SYSTEM\TBM4062.TMP
C:\WINDOWS\SYSTEM\CP_28592.NLS=C:\WINDOWS\SYSTEM\TBM4063.TMP
C:\WINDOWS\SYSTEM\CP_28593.NLS=C:\WINDOWS\SYSTEM\TBM4064.TMP
C:\WINDOWS\SYSTEM\CP_28594.NLS=C:\WINDOWS\SYSTEM\TBM4065.TMP
C:\WINDOWS\SYSTEM\CP_28595.NLS=C:\WINDOWS\SYSTEM\TBM4066.TMP
C:\WINDOWS\SYSTEM\CP_28597.NLS=C:\WINDOWS\SYSTEM\TBM4068.TMP
C:\WINDOWS\SYSTEM\CP_28599.NLS=C:\WINDOWS\SYSTEM\TBM406A.TMP
C:\WINDOWS\SYSTEM\CP_1251.NLS=C:\WINDOWS\SYSTEM\TBM4071.TMP
C:\WINDOWS\SYSTEM\CP_1253.NLS=C:\WINDOWS\SYSTEM\TBM4073.TMP
C:\WINDOWS\SYSTEM\CP_1254.NLS=C:\WINDOWS\SYSTEM\TBM4074.TMP
C:\WINDOWS\SYSTEM\CP_1255.NLS=C:\WINDOWS\SYSTEM\TBM4075.TMP
C:\WINDOWS\SYSTEM\CP_1257.NLS=C:\WINDOWS\SYSTEM\TBM4077.TMP
C:\WINDOWS\SYSTEM\CP_20866.NLS=C:\WINDOWS\SYSTEM\TBM4079.TMP
C:\WINDOWS\SYSTEM\CP_21866.NLS=C:\WINDOWS\SYSTEM\TBM407A.TMP
C:\WINDOWS\SYSTEM\CP_28591.NLS=C:\WINDOWS\SYSTEM\TBM407B.TMP
C:\WINDOWS\SYSTEM\CP_874.NLS=C:\WINDOWS\SYSTEM\TBM407C.TMP
C:\WINDOWS\SYSTEM\CP_932.NLS=C:\WINDOWS\SYSTEM\TBM407D.TMP
NUL=C:\WINDOWS\TTFCACHE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\PROGRA~1\ATITEC~1\ATICON~1;"C:\Program Files\Common Files\Roxio Shared\DLLShared"
SET PS5ROOT=C:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\

--------------------------------------------------

C:\CONFIG.SYS listing:

*File is empty*

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

*File not found*

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

NAV Helper - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
Norton Personal Firewall - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Norton SystemWorks One Button Checkup.job
Norton AntiVirus - Scan my computer.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[DirectAnimation Java Classes]
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...9089.3098958333

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH9B.OCX
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[Office Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\SYSTEM\OGACHECKCONTROL.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=58813

[Groove Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\GROOVEAX.DLL
CODEBASE = http://www.nick.com/common/groove/gx/GrooveAX27.cab

[Virtools WebPlayer Class]
InProcServer32 = C:\PROGRAM FILES\VIRTOOLS\3D LIFE PLAYER\WEBPLAYER.OCX
CODEBASE = http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
CODEBASE = http://security.symantec.com/sscv6/SharedC...n9x/AvSniff.cab

[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\OSCAN8.OCX
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\SYSTEM\KASPERSKY LAB\KASPERSKY ONLINE SCANNER\KAVWEBSCAN.DLL
CODEBASE = http://www.kaspersky.com/kos/eng/partner/d...ebscan_ansi.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\OPUC.DLL
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc4.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll
Protocol #1: C:\WINDOWS\SYSTEM\mswsosp.dll
Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #4: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll
Protocol #6: C:\WINDOWS\SYSTEM\rsvpsp.dll

--------------------------------------------------

Enumerating Win9x VxD services:

VNETSUP: vnetsup.vxd
NDIS: ndis.vxd
JAVASUP: JAVASUP.VXD
CONFIGMG: *CONFIGMG
VPOWERD: *VPOWERD
NTKern: *NTKERN
VWIN32: *VWIN32
VFBACKUP: *VFBACKUP
VCOMM: *VCOMM
COMBUFF: *COMBUFF
IFSMGR: *IFSMGR
IOS: *IOS
MTRR: *MTRR
SPOOLER: *SPOOLER
UDF: *UDF
VFAT: *VFAT
VCACHE: *VCACHE
VCOND: *VCOND
VCDFSD: *VCDFSD
VXDLDR: *VXDLDR
VDEF: *VDEF
VPICD: *VPICD
VTD: *VTD
REBOOT: *REBOOT
VDMAD: *VDMAD
VSD: *VSD
V86MMGR: *V86MMGR
PAGESWAP: *PAGESWAP
DOSMGR: *DOSMGR
VMPOLL: *VMPOLL
SHELL: *SHELL
PARITY: *PARITY
BIOSXLAT: *BIOSXLAT
VMCPD: *VMCPD
VTDAPI: *VTDAPI
PERF: *PERF
VNETBIOS: vnetbios.vxd
VREDIR: vredir.vxd
DFS: dfs.vxd
SYMTDI: SYMTDI.VXD

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL
AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 30,298 bytes
Report generated in 0.248 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#10 krh1326

krh1326
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 15 April 2007 - 12:53 PM

I want to take a minute to thank you for several things. Thank you for taking the time to help a stranger. I know that I don't have fraction of the time I want to do the things that I want to do, let alone to help others.
Thank you for putting up with my lack of knowledge and efficiency with computers. :thumbsup:

#11 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 AM

Posted 15 April 2007 - 03:46 PM

The kaspersky log got cut off, please upload it to here

#12 krh1326

krh1326
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 15 April 2007 - 05:06 PM

I think I did it right.

Thanx again

#13 krh1326

krh1326
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 16 April 2007 - 08:09 PM

<html>
<head>
<title>KASPERSKY ONLINE SCANNER REPORT</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
</head>

<style>
.pagetitle { font-size:20px; color:#FFFFFF; font-family: Arial, Geneva, sans-serif; }
.text { font-size:11px; font-family: Arial, Geneva, sans-serif; }
TD { font-size:11px; font-family: Arial, Geneva, sans-serif; }
</style>

<body>
<table width='100%' height='110' border='0'>
<tr height='30' align='center' bgcolor='#005447'>
<td colspan='2' height='30' class='pagetitle'>
<b>KASPERSKY ONLINE SCANNER REPORT</b>
</td>
</tr>
<tr height='70'>
<td colspan='2' height='70'>
Sunday, April 15, 2007 1:35:14 PM<br>
Operating System: Microsoft Windows Millennium Edition<br>
Kaspersky Online Scanner version: 5.0.83.0<br>
Kaspersky Anti-Virus database last update: 15/04/2007<br>
Kaspersky Anti-Virus database records: 297603<br>
</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
</table>
<table width='100%' height='145' border='0'>
<tr height='20' bgcolor='#EFEBDE'>
<td colspan='2' height='20'><b>Scan Settings</b></td>
</tr>
<tr height='15'>
<td height='15' width='250'>Scan using the following antivirus database</td>
<td>extended</td>
</tr>
<tr height='15'>
<td height='15'>Scan Archives</td>
<td>true</td>
</tr>
<tr height='15'>
<td height='15'>Scan Mail Bases</td>
<td>true</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
<tr height='20' bgcolor='#EFEBDE'>
<td height='20'><b>Scan Target</b></td>
<td>My Computer</td>
</tr>
<tr height='20'>
<td colspan='2' height='20'>
a:\<br>
c:\<br>
d:\<br>
e:\
</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
<tr height='20' bgcolor='#EFEBDE'>
<td colspan='2' height='20'><b>Scan Statistics</b></td>
</tr>
<tr height='15'>
<td height='15'>Total number of scanned objects</td>
<td>87946</td>
</tr>
<tr height='15'>
<td height='15'>Number of viruses found</td>
<td>0</td>
</tr>
<tr height='15'>
<td height='15'>Number of infected objects</td>
<td>0 / 0</td>
</tr>
<tr height='15'>
<td height='15'>Number of suspicious objects</td>
<td>0</td>
</tr>
<tr height='15'>
<td height='15'>Duration of the scan process</td>
<td>01:01:31</td>
</tr>
</table>
<br>
<table width='100%' border='0'>
<tr height='20' bgcolor='#EFEBDE'>
<td height='20'><b>Infected Object Name</b></td>
<td width='200'><b>Virus Name</b></td>
<td width='100'><b>Last Action</b></td>
</tr>
<tr height='20'>
<td height='20'>c:\_RESTORE\LOGS\vxdsfp.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\_RESTORE\LOGS\vxdalt1.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\SYSTEM\WBEM\REPOSITORY\CIM.REP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbd </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbk </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbd </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbk </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\TEMP\fdr-145477519.fdr </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Microsoft\MSN\db\KRHenrikson-MSN-Com.sdf </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\MSN6\UserData\{DBA38A40-32A1-01C7-0200-000025DD54B1}\favthumb.dbx </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS8545D606-D61A-4F32-A8FD-96A04C964E08.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS3D958A89-9B57-4ED9-BBA0-D293961FA737.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSAC76AC01-A686-4042-BFF7-156C9A9072BB.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS709452C9-F28F-4B85-89BB-3C0EDC8C0585.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS146ED709-C2A3-4AE0-B6D2-B0BBEFCA12A7.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC880F34-5C45-4AB4-8C20-D6E7E8FB6B7E.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSC2E7EE60-E4DC-4CA9-892E-2EDE05FCCB87.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSD59D4B2A-62EC-48FB-8931-964C72C0C770.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSC9CC8168-0F96-4444-8642-B3F79325DA0C.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS409EEECA-9ABB-4A8E-91DF-09ABBE5C4444.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSF8549C03-8CB5-4895-AF10-84146ACAA328.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSF76D49A2-22F8-4504-ACA9-D89131C88CAB.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS5248667A-0F1F-4DB8-9F10-80EDAC00C059.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS889C415F-93CB-4DD1-AF7C-62323C7E5C5E.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS89643C0D-72F0-4FD6-8BEA-38E535E39DA0.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSDC76293E-84AE-49D0-87EF-867EC6ACAAA2.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS7ECF875A-6539-4AC7-BDF9-E0CDA22F19B4.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSC48B9B59-D98C-4DE6-B8D2-F3C11F195CC0.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS16D13048-92A3-402B-A5EC-79EF50B01F54.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS4AD079EE-247A-47DF-9D9F-F291EEEC091A.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS787AC494-52BF-433E-ABB1-7C5AEDAB3D10.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSF2408A80-D4EF-44EF-81EA-E642250E9487.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS9D18F1FF-D26B-4205-B6CD-B4C26A94BA51.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSB2F9DB0D-F39D-4D2C-B009-B99713DF92DE.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS823D9424-25FA-4380-BFA2-331FDC65377A.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS63B1DA7E-7044-4365-9D62-E55F56B23F88.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFBE9E10-71A7-4A96-BBDD-023CEC6BEA55.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS0E8E1AE7-6811-44D7-B57A-2450522DEF52.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSEC6402B4-5E5D-44A3-9585-1039CB7C8828.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCFDE3980-C416-45DD-8FD7-54C55634C8F9.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSFA3F43DA-427C-46C6-8015-6E646ABDAAA0.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSADF0A4EC-1EE8-49B0-97EF-85E9ECBC816B.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS517F950D-2386-4F18-A16C-03D1A4D5152C.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSA4C5F290-7136-4B58-BC6E-046FEF93B4B9.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSD8EC3FB7-5B7B-43F2-8776-D1F003AF12AF.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS6BA389AD-AAA8-4419-9821-792E866DC5BF.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSB2D205A1-5201-4BD1-BDCA-1581DDC30AA0.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSEC9265EE-6884-430D-979E-CF1E74F58D13.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSB9B4509C-139D-4B12-94D2-EB16656CE7FA.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS12B6E7C3-1649-490A-9CCB-3914100A597C.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS8D0763A9-DB69-427F-818D-9659223EB96E.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS594A32E5-6335-4737-91B9-DF3A7BF7445C.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS0B59D7C9-3805-4424-A8BA-EF90C194D48B.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSF71B3852-5347-406F-A64F-AAD128966E1B.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSA8F58524-A633-47A3-ABF3-777287F0974F.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSB1D9EF74-6F6A-4623-A9BA-5E1648F32F63.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS558B1DB1-3F88-4283-82D5-F7F9777C0399.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSE41FB19E-694D-4204-AF66-9DF1DF1B486A.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSBA811233-A7C2-4D3C-B1FD-9626763998F4.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS679B243F-D8FB-4F71-8BDE-2AEA969F6A50.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS39E8CC8A-2669-4339-AD1D-AA99EE42D897.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS6FCA8C6E-CCB7-451A-9A06-3828DB144007.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS3FCA60C2-DF60-43B5-839F-FF018884E638.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSB99312C5-38BC-4EA9-8E84-251E5302C63C.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSE2B6678A-CF4A-432F-878F-CABA36048A5C.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS56AB2BE1-533D-49DD-A13E-F04DD2987BB2.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSA6F89322-F39C-4382-8F23-772BE74A7355.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy

Sweeper\Temp\SSCSD52CA97B-E28F-4940-A37F-633A8378CB39.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS82DA8E0C-B517-4504-BCF1-1AF4288E28E7.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS8B74AF8E-EABD-4B9D-A07E-44DC2749A6E9.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSB3B38B75-E0F1-4E42-AF8C-F754AECCDB38.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS02B31FBC-9CA1-4C0F-A590-1FAFE3836E47.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS79904C81-73B9-43CC-A7D0-B9CA448FD0DA.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS7D2579BC-1E11-433A-9ED9-7D82E72E9B19.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSA91CB3AC-0464-4833-B898-70B9C21D9CF0.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2670DB4-C63A-407F-9098-FC6C751D71B7.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSC4C5D011-BA55-43E4-926E-760300FC87F2.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS4260DF9F-99A9-48A1-A06B-CEFE7C803FE2.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS4B83123F-F6A9-4572-9649-3D4A82FB1816.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSD0C9FEB5-05A8-4411-948F-2CA5404CC4F0.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSA00A8174-A9AC-40A5-911F-70992C59F31F.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS056B3D7C-ED17-4D3D-8B19-D9FEC2B30665.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSDB505B2D-6496-4562-A092-B3D5EFEE2B1C.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS61A35717-30D6-4CD8-B46B-02726A0D7883.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS7CA46924-4DC9-4A15-A693-E704CB5E26E5.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS5EE9EF0D-AA0E-443C-8E38-9DF24F5026DA.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS6E2361F5-A6A8-4201-873C-6BB7C1367EFC.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS0611FE0A-4B9A-459A-A046-CE1B591B1164.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSF05402B9-9C67-47F3-912B-CAA038267062.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS5C4F0361-FFC8-4D77-8DBB-741F8E050907.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS2CA0D1E2-1EF8-4F23-B839-BE194B43F570.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS8AED9EC4-4ACA-49C8-BD15-E7AD48DB0C3D.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS45ECA9A0-84CC-4D14-A203-0F584AE7B21B.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS0F8EDFAB-0DFF-422E-B5A6-26D5773B73D5.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSE14A6F83-7999-4AB0-8694-787016467976.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS6BF4046B-7D0D-4941-8246-C6D4A1DD278F.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS784F5D47-52B7-44D8-B84B-AABD0F91EC0C.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSE4828D07-E70C-4DB3-9E91-1FFA6835EB99.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSEB21E39A-7FE6-4AE5-AA05-332507BBEFA1.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSAD748E63-CDF7-4554-AC27-5350DBC6B99E.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS2EF8C437-7126-4E6C-81F8-8FF3097F4E50.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSFA25427E-DC63-40D6-9A3F-0DA8DFDE4396.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSA8092507-D73A-49EA-9329-5200F26D33B2.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS572C6145-0314-4574-B6A7-539D03B292DE.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS69DB4D89-A2B5-4A0B-B251-671CCB756AA5.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS3017C8A4-973B-4701-8B64-6685B0F92141.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS0EE32316-032C-40F3-849A-F52BFB2433D3.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS3A55F651-FE23-42F8-812C-C286F9DE59B3.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSF0E90394-DE74-44D0-9ECB-0667E63A2003.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS6D7D28D0-F075-498D-A4D5-A984E93F2131.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS9690EF93-12A9-4D4B-9C6D-37787A1C6FC2.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS0F1752C5-3899-4344-91A1-1555F7ABB30B.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS8FB208C3-426F-48FA-BBB0-EF63E819311D.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS4D2ECBB0-09EF-42EE-AF24-F96E4C3311B5.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Application Data\Webroot\Spy Sweeper\Logs\070405203601.ses </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Temporary Internet Files\Content.IE5\Y5V458JQ\ADSAdClient31[13] </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Temporary Internet Files\Content.IE5\CVIJKF4V\ADSAdClient31[13] </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Cookies\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\History\History.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\All Users\Application Data\Symantec\LiveUpdate\2007-04-15_Log.ALUSchedulerSvc.LiveUpdate </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\All Users\Application Data\Symantec\Common Client\settings.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\All Users\Application Data\Symantec\Common Client\Confid.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\All Users\Application Data\Symantec\Common Client\Content.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\All Users\Application Data\Symantec\Common Client\WebHist.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\All Users\Application Data\Symantec\Common Client\Privacy.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\All Users\Application Data\Symantec\Common Client\Restrict.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Sti_Trace.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\Sti_Event.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WINDOWS\wiaservc.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\Common Files\Symantec Shared\SNDSYS.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\Common Files\Symantec Shared\SNDFW.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\Common Files\Symantec Shared\SNDCON.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\Common Files\Symantec Shared\SNDALRT.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\Common Files\Symantec Shared\SNDIDS.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\Common Files\Symantec Shared\SNDDBG.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\Norton SystemWorks\Norton AntiVirus\AVVirus.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\Norton SystemWorks\Norton AntiVirus\AVApp.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\Norton SystemWorks\Norton AntiVirus\AVError.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\MSN\MsnInstaller\install.mar </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\MSN\MSNCoreFiles\calendar.mar </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<

#14 krh1326

krh1326
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 16 April 2007 - 08:12 PM

</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\MSN\MSNCoreFiles\calendar.mar </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\MSN\MSNCoreFiles\mibas.mar </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\MSN\MSNCoreFiles\miadv.mar </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\MSN\MSNCoreFiles\printing.mar </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\MSN\MSNCoreFiles\qos.mar </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\MSN\MSNCoreFiles\market.mar </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\MSN\MSNCoreFiles\micd.mar </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\MSN\MSNCoreFiles\market16.mar </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\Program Files\MSN\MSNCoreFiles\themedef16.mar </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\RECYCLED\NPROTECT\NPROTECT.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>c:\WIN386.SWP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td colspan='3' height='20'><b>Scan process completed.</b></td>
</tr>
</table>
</body>
</html>

#15 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 AM

Posted 17 April 2007 - 12:07 PM

  • Create a folder on your desktop called Sysclean.
  • Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.
  • Go to http://www.trendmicro.com/download/pattern.asp and download the Virus Pattern File (Official Pattern Release) to your desktop.
    This file will be called lptXXX.zip (XXX represents the version number)
  • Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX. Read here how to unzip/extract properly.
  • Move the lpt$vpn.XXX to the Sysclean-folder you created on your desktop.
  • Open the sysclean-folder and doubleclick sysclean.com.
  • Check: "Automatically clean or delete detected files".
  • Click scan.
Open your sysclean-folder and copy and paste the contents of sysclean.log in your next reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users