Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

My problem has returned, new log attached

Started by sergei91 , Nov 15 2005 10:06 AM

  • This topic is locked This topic is locked
15 replies to this topic

#1 sergei91

sergei91

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 15 November 2005 - 10:06 AM

Unfortunately i thought the problem i had was resolved but it came back this morning. I was working with LDTate to resolve the problem (I will attach a link to the past posts as they are now closed)
http://forums.tomcoy...ST&f=46&t=49847
The problem is the same as previous, the computer acts as if NOTHING is installed. If you click any program icon, you get a bad image warning or it creates a new desktop shortcut. You have to log off then shut down and the problem resolves.
Here is the log file;

Logfile of HijackThis v1.99.1
Scan saved at 8:05:34 AM, on 11/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PowerPanelPlus\upssrv.exe
C:\PowerPanelPlus\upsio.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Drivers\Utils\Cleaners & Spyware\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O12 "EP1394D3_001" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Scott"
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....119/CTSUEng.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127664543328
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www3.wireles...SyncInstall.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....12119/CTPID.cab
O18 - Protocol: bw+0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: UPS Service (CyberPowerUPS) - CyberPower Systems, Inc. - C:\PowerPanelPlus\upssrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

    Advertisements

Register to Remove

#2 sergei91

sergei91

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 16 November 2005 - 09:32 AM

bump

Edited by sergei91, 16 November 2005 - 09:32 AM.

#3 sergei91

sergei91

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 17 November 2005 - 10:31 AM

My problem is getting worse and worse. The computer is basically unusable every morning. I cannot seem to figure out what the heck is causing this strange behavior. As I said above when I go to bed the computer works fine, when i wake up EVERY morning the computer is unusable until restart. No applications will open, and I can't even shut the machine down as it says I'm not allowed to shut down. The only way to shut the machine down is to log off and then restart. Crazy! I ran a new log file this morning right after restart. I also have run numerous Ad Aware, Spy bot, Edwido scans and found nothing.

Log file of HijackThis v1.99.1
Scan saved at 8:23:28 AM, on 11/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PowerPanelPlus\upssrv.exe
C:\PowerPanelPlus\upsio.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Drivers\Utils\Cleaners & Spyware\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O12 "EP1394D3_001" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Scott"
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....119/CTSUEng.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127664543328
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www3.wireles...SyncInstall.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....12119/CTPID.cab
O18 - Protocol: bw+0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: UPS Service (CyberPowerUPS) - CyberPower Systems, Inc. - C:\PowerPanelPlus\upssrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 November 2005 - 05:28 PM

Darn sergei91, thought we killed that.

Nothing bad is showing ib your log.

Go here and run the test.
Microsoft - Malicious Software Removal Tool
http://www.microsoft...ve/default.mspx

Download and run this one.
RootkitRevealer
http://www.sysintern...itRevealer.html

Please post the results.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#5 sergei91

sergei91

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 20 November 2005 - 01:47 PM

I have to cut the rootKit scan into 2 posts becauseof the length; HKLM\SOFTWARE\Zone Labs\ZoneAlarm\BlockCount 11/20/2005 8:47 AM 4 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Zone Labs\ZoneAlarm\IncomingCount 11/20/2005 8:47 AM 4 bytes Data mismatch between Windows API and raw hive data. C:\Documents and Settings\Scott\Cookies\scott@symantecstore[2].txt 11/20/2005 8:53 AM 213 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Cookies\scott@yahoo[1].txt 11/20/2005 8:52 AM 809 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Cookies\scott@yahoo[2].txt 11/20/2005 1:34 AM 632 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\100feA[1].swf 11/20/2005 1:31 AM 17.26 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\111905_AP_iraq_200[1].jpg 11/20/2005 1:32 AM 29.99 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\120.LAWest[1].gif 11/20/2005 1:32 AM 5.11 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\25x25-smiley-01[1].gif 11/20/2005 1:31 AM 1.30 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\25x25_redpepper[1].gif 11/20/2005 1:31 AM 875 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\2_horiz_dots[1].gif 11/20/2005 8:53 AM 43 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\2_horiz_dots[2].gif 11/20/2005 8:55 AM 43 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\2_vert_dots[1].gif 11/20/2005 8:54 AM 43 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\703[1].gif 11/20/2005 1:32 AM 774 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\70iltB[1].gif 11/20/2005 8:14 AM 2.64 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\93005_yahsw4c1_mail_marine[1].jpg 11/20/2005 1:31 AM 488 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\add_to_cart[1].gif 11/20/2005 8:55 AM 411 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\addtomyyahoo4[1].gif 11/20/2005 1:32 AM 719 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\arc_grey_br_10.en-us[1].gif 11/20/2005 8:52 AM 104 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\arc_trans_tr_10.en-us[1].gif 11/20/2005 8:52 AM 58 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\arrow[1].gif 11/20/2005 8:53 AM 48 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\arrow[2].gif 11/20/2005 8:53 AM 48 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\arrow_btn[1].gif 11/20/2005 8:53 AM 98 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\background[1].gif 11/20/2005 1:32 AM 43 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\background[2].gif 11/20/2005 8:16 AM 74 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\basic[1].htm 11/20/2005 8:52 AM 321 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\bg_nav_cnrl_on[1].gif 11/20/2005 1:32 AM 75 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\birthday[1].gif 11/20/2005 8:15 AM 441 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\box_bg_line_bottom.en-us[1].gif 11/20/2005 8:52 AM 55 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\box_bg_line_top.en-us[1].gif 11/20/2005 8:53 AM 228 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\box_tl_corner.en-us[1].gif 11/20/2005 8:53 AM 62 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\bullet[1].gif 11/20/2005 1:32 AM 826 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\bullet_chevron.en-us[1].gif 11/20/2005 8:52 AM 48 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\CA2VS37O.41969511676760806 11/20/2005 8:53 AM 86 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\CABU9KDX.5871247519038301 11/20/2005 8:54 AM 97 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\CAQ74TC5.25436883714681935 11/20/2005 8:55 AM 225 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\CAUNK5MZ.24533594540443398 11/20/2005 8:54 AM 97 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\chevron_down.en-us[1].gif 11/20/2005 8:52 AM 51 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\commonValidation3-25-3[1].js 11/20/2005 8:53 AM 30.85 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\controlsNext[1].gif 11/20/2005 1:32 AM 137 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\CoolKids120[1].jpg 11/20/2005 1:32 AM 3.15 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\crucialF728x90[1].swf 11/20/2005 8:15 AM 25.36 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\dish_remotes_728x90[1].gif 11/20/2005 1:32 AM 12.07 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\ec_dynamic[1].htm 11/20/2005 8:53 AM 11.84 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\f_norm[1].gif 11/20/2005 8:16 AM 358 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\Flamingo_001[1].jpg 11/20/2005 1:31 AM 1.57 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\global[1].css 11/20/2005 1:32 AM 31.05 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\global[1].js 11/20/2005 1:32 AM 15.65 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\hho_compare[1].gif 11/20/2005 8:54 AM 181 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\hho_nav_products[1].gif 11/20/2005 8:53 AM 1.56 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\hho_special_promo[1].gif 11/20/2005 8:55 AM 1.01 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\hm-SystemWorks-brandedLogo.en-us[1].gif 11/20/2005 8:52 AM 7.32 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\hm-SystemWorks-productShot_Large.en-us[1].gif 11/20/2005 8:52 AM 7.82 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\hm_downloads_off[1].gif 11/20/2005 8:53 AM 599 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\hm_store_off.en-us[1].gif 11/20/2005 8:52 AM 1.11 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\hm_store_on[1].gif 11/20/2005 8:53 AM 1.07 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\hm_threats_off[1].gif 11/20/2005 8:53 AM 706 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\inbc1[1].gif 11/20/2005 1:31 AM 162 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\index[2].htm 11/20/2005 8:15 AM 1.14 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\kabc_300.Header[1].gif 11/20/2005 1:32 AM 718 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\lastpost[1].gif 11/20/2005 8:15 AM 376 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\logo-nav.en-us[1].gif 11/20/2005 8:52 AM 6.66 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\ma_search_1[1].gif 11/20/2005 8:52 AM 1.59 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\mail12_1[1].gif 11/20/2005 1:32 AM 531 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\metro_benCtr_validate[1].js 11/20/2005 8:53 AM 3.76 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\msg_folder[1].gif 11/20/2005 8:16 AM 959 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\myyhp_1.6[2].js 11/20/2005 1:31 AM 3.06 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\NAV06[1].gif 11/20/2005 8:54 AM 13.02 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\nav[1].js 11/20/2005 1:32 AM 12.55 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\navmain-sub-background[1].gif 11/20/2005 8:16 AM 1.04 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\nwt_lplearnmorefree_160x35[1].gif 11/20/2005 1:31 AM 804 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\perc1[1].gif 11/20/2005 1:31 AM 146 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\pixel[1].gif 11/20/2005 8:53 AM 49 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\post12_1[1].gif 11/20/2005 1:32 AM 319 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\qt_lo_1[1].gif 11/20/2005 1:31 AM 68 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\rc_wc3c5_sw_1[1].gif 11/20/2005 1:31 AM 166 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\rc_wg2w_sw_1[1].gif 11/20/2005 1:31 AM 111 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\repeating[1].gif 11/20/2005 8:53 AM 51 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\right_arrow_blue[1].gif 11/20/2005 8:53 AM 155 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\RootkitRevealer[1].gif 11/20/2005 8:16 AM 42.20 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\search[1].htm 11/20/2005 8:51 AM 67.50 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\seeking[1].gif 11/20/2005 1:31 AM 898 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\shift1[1].gif 11/20/2005 1:31 AM 57 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\shim[1].gif 11/20/2005 1:32 AM 43 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\show_ads[2].js 11/20/2005 8:15 AM 11.99 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\sntc1[1].gif 11/20/2005 1:31 AM 219 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\star_redthreehalf16_3[1].gif 11/20/2005 1:32 AM 637 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\stwinels[1].js 11/20/2005 8:53 AM 1.10 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\tn_NAV06_HHO[1].gif 11/20/2005 8:53 AM 2.86 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\tn_NIS3.0_mac[1].gif 11/20/2005 8:54 AM 2.04 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\tn_NPM04[1].gif 11/20/2005 8:54 AM 1.84 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\tn_NPM8.0[1].gif 11/20/2005 8:54 AM 1.91 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\tn_NSW06_2Y[1].gif 11/20/2005 8:54 AM 3.66 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\tn_NSW06Premier_HHO[1].gif 11/20/2005 8:54 AM 3.02 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\tn_SB_NSW06_NPF06_HHO1[1].jpg 11/20/2005 8:53 AM 11.72 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\ult_ylc_3[1].js 11/20/2005 8:51 AM 2.73 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\USandCA_on.en-us[1].gif 11/20/2005 8:53 AM 173 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\utility_about.en-us[1].gif 11/20/2005 8:52 AM 492 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\utility_leftcurve.en-us[1].gif 11/20/2005 8:53 AM 184 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\utility_partners.en-us[1].gif 11/20/2005 8:53 AM 289 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\utility_symantec.en-us[1].gif 11/20/2005 8:52 AM 445 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\utility_symantec.en-us[2].gif 11/20/2005 8:53 AM 445 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\www.symantec[1].com 11/20/2005 8:53 AM 18.53 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\yahoo[1].htm 11/20/2005 8:44 AM 53.96 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\ygma_200506171349[1].css 11/20/2005 1:31 AM 1.52 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\ymail_ec_logo_1[1].gif 11/20/2005 1:31 AM 5.19 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\yq_050926[1].js 11/20/2005 1:32 AM 23.38 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0T2B49I7\yregml_200507281530[1].js 11/20/2005 1:31 AM 3.02 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\092205_120_sony[1].jpg 11/20/2005 1:32 AM 2.23 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\101305_25x25_musicnote[1].gif 11/20/2005 1:31 AM 387 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\1105_180x150_toy_no_v1[1].gif 11/20/2005 1:32 AM 9.79 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\20050830_59311_1_300x100_mm_ylj_w2m[1].jpg 11/20/2005 1:31 AM 11.70 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\24[1].gif 11/20/2005 1:32 AM 475 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\2_horiz_dots[1].gif 11/20/2005 8:53 AM 43 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\2_vert_dots[1].gif 11/20/2005 8:53 AM 43 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\3992-33070-10420-2[2].htm 11/20/2005 8:45 AM 375 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\3a_go.en-us[1].gif 11/20/2005 8:53 AM 231 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\3a_go[1].gif 11/20/2005 8:52 AM 233 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\5a_email.en-us[1].gif 11/20/2005 8:53 AM 164 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\5a_print.en-us[1].gif 11/20/2005 8:52 AM 190 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\93005_yahsw4c1_mail_note2[1].gif 11/20/2005 1:31 AM 387 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\adsonar[1].js 11/20/2005 1:32 AM 4.50 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\arrow_btn[1].gif 11/20/2005 8:54 AM 98 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\askthemayorthumb2[1].jpg 11/20/2005 1:32 AM 5.00 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\bc_new[1].gif 11/20/2005 8:15 AM 375 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\bg_nav_cnrr_on200[1].gif 11/20/2005 1:32 AM 368 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\blank[1].gif 11/20/2005 8:53 AM 49 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\bottom-icon[1].gif 11/20/2005 8:53 AM 60 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\box_bg_line_bottom.en-us[1].gif 11/20/2005 8:53 AM 55 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\box_bg_line_right.en-us[1].gif 11/20/2005 8:53 AM 62 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\box_br_corner.en-us[1].gif 11/20/2005 8:53 AM 63 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\bt_dd_2[1].gif 11/20/2005 1:31 AM 70 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\bullet_square.en-us[1].gif 11/20/2005 8:52 AM 42 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\buy_download_irc[1].gif 11/20/2005 8:53 AM 1.48 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\buy_now_bg[1].gif 11/20/2005 8:55 AM 48 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\buy_now_bottom[1].gif 11/20/2005 8:55 AM 240 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\CAIVGH2N.htm 11/20/2005 8:15 AM 5.64 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\CALWWZHT.39071756562795123 11/20/2005 8:53 AM 86 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\CANAI9VR.17615565549750356 11/20/2005 8:53 AM 86 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\ckbx_grn[1].gif 11/20/2005 8:51 AM 692 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\clip_1[1].gif 11/20/2005 1:31 AM 220 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\controlsPause[1].gif 11/20/2005 1:32 AM 91 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\cookieScript[1].js 11/20/2005 8:53 AM 1.28 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\crucialF728x90[1].htm 11/20/2005 8:16 AM 3.89 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\crucialF728x90[1].js 11/20/2005 8:15 AM 3.30 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\defaulttheme_050926b[1].css 11/20/2005 1:32 AM 9.48 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\ec_MAIN[1].htm 11/20/2005 8:53 AM 61.12 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\ec_MAIN[2].htm 11/20/2005 8:54 AM 68.92 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\ec_Main[3].htm 11/20/2005 8:55 AM 81.04 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\empty[1].gif 11/20/2005 1:32 AM 43 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\f_norm_no[1].gif 11/20/2005 8:16 AM 338 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\ff2[1].htm 11/20/2005 1:32 AM 914 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\fsp[1].js 11/20/2005 1:32 AM 19.44 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\gawker_150[1].gif 11/20/2005 1:32 AM 2.14 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\generic[1].css 11/20/2005 8:53 AM 9.86 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\global_nav_bottom[1].gif 11/20/2005 8:53 AM 299 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\global_nav_top[1].gif 11/20/2005 8:53 AM 234 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\header[1].gif 11/20/2005 8:16 AM 10.48 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\hm_bar[1].jpg 11/20/2005 8:53 AM 626 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\hm_bar_copy[1].gif 11/20/2005 8:53 AM 961 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\hm_home_off.en-us[1].gif 11/20/2005 8:52 AM 515 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\hm_home_off[1].gif 11/20/2005 8:53 AM 515 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\hm_prod_off[1].gif 11/20/2005 8:53 AM 546 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\hm_support_off[1].gif 11/20/2005 8:53 AM 497 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\hm_threats_off.en-us[1].gif 11/20/2005 8:52 AM 706 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\im12_1[1].gif 11/20/2005 1:32 AM 312 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\index[1].htm 11/20/2005 8:15 AM 13.40 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\index[2].htm 11/20/2005 8:15 AM 22.92 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\ipb_board[1].js 11/20/2005 8:15 AM 1.89 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\kabc_120.WeatherSat[1].jpg 11/20/2005 1:32 AM 1.99 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\kabc_468[1].jpg 11/20/2005 1:32 AM 584 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\key_features[1].gif 11/20/2005 8:55 AM 620 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\logo_new52[1].jpg 11/20/2005 8:53 AM 12.04 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\ma_mail_1[1].gif 11/20/2005 1:31 AM 1.37 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\main[1].css 11/20/2005 8:16 AM 6.28 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\mastercard_062005[1].gif 11/20/2005 1:31 AM 1.24 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\nav[1].css 11/20/2005 1:32 AM 9.88 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\nwt_lplearn_160x35[1].gif 11/20/2005 1:31 AM 804 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\option2_img[1].gif 11/20/2005 8:53 AM 5.03 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\page[1].css 11/20/2005 8:52 AM 64.09 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\page[1].js 11/20/2005 8:52 AM 18.15 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\page[2].css 11/20/2005 8:53 AM 6.09 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\PEG_9236_unbr_FairFightHepCBH_blue_120x600_20k[1].gif 11/20/2005 1:32 AM 5.52 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\plain_continue_btn[1].gif 11/20/2005 8:53 AM 655 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\popup_icon[1].gif 11/20/2005 8:52 AM 60 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\promo_HS_2_BB_282x115[1].jpg 11/20/2005 8:53 AM 30.56 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\rc_wc3c5_ne_1[1].gif 11/20/2005 1:31 AM 167 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\rc_wc3c5_se_1[1].gif 11/20/2005 1:31 AM 167 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\rc_wg2w_nw_1[1].gif 11/20/2005 1:31 AM 111 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\reuters120[1].gif 11/20/2005 1:32 AM 1.29 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\shd_r_2[1].gif 11/20/2005 1:31 AM 50 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\siteAds[2].js 11/20/2005 1:32 AM 3.23 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\space[1].gif 11/20/2005 8:52 AM 43 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\spacer[1].gif 11/20/2005 8:53 AM 43 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\spacer[2].gif 11/20/2005 8:53 AM 43 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\src_wc4w_nw_1[1].gif 11/20/2005 1:31 AM 95 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\src_wc4w_se_1[1].gif 11/20/2005 1:31 AM 95 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\stmenu[1].js 11/20/2005 8:53 AM 15.75 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\stw[1].gif 11/20/2005 1:31 AM 145 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\tn_NAS05[1].gif 11/20/2005 8:54 AM 1.69 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\tn_NAV06_3pck_HHO[1].gif 11/20/2005 8:54 AM 2.79 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\tn_NIS06_2y[1].gif 11/20/2005 8:54 AM 3.62 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\tn_NIS06_HHO[1].gif 11/20/2005 8:53 AM 2.92 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\tn_SMS_4[1].gif 11/20/2005 8:54 AM 3.51 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\tshc1[1].gif 11/20/2005 1:31 AM 236 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\uh_bk[1].gif 11/20/2005 1:31 AM 43 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\uh_crn2[1].gif 11/20/2005 1:31 AM 105 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\utility_cartlogo.en-us[1].gif 11/20/2005 8:52 AM 734 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\utility_login.en-us[1].gif 11/20/2005 8:53 AM 226 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\webcam[1].jpg 11/20/2005 1:32 AM 3.74 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\WinternalsSponsor[1].gif 11/20/2005 8:16 AM 1.42 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\ylib_dom[1].js 11/20/2005 1:31 AM 4.66 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\ymknb_lb[1].gif 11/20/2005 1:31 AM 78 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\JZUAWFJB\yschx_20050614[1].css 11/20/2005 8:51 AM 11.32 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\092205_tgifsm[1].jpg 11/20/2005 1:32 AM 6.37 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\100505_25x25_icon_yahoo_2[1].gif 11/20/2005 1:31 AM 407 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\111905_AP_lottery_200[1].jpg 11/20/2005 1:32 AM 31.23 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\170[1].gif 11/20/2005 1:32 AM 804 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\33B[1].gif 11/20/2005 1:32 AM 1.21 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\3a_addtocart.en-us[1].gif 11/20/2005 8:52 AM 386 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\abc_ticker4[1].swf 11/20/2005 1:32 AM 2.86 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\age[1].gif 11/20/2005 1:31 AM 71 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\ar_next[1].gif 11/20/2005 8:52 AM 68 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\arrow_btn[1].gif 11/20/2005 8:53 AM 98 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\back_to_top[1].gif 11/20/2005 8:53 AM 165 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\ban_HHO_SubRenewal110605[1].jpg 11/20/2005 8:53 AM 12.09 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\ban_NSW06Premier[1].gif 11/20/2005 8:55 AM 2.16 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\bf_readonly[1].gif 11/20/2005 8:15 AM 580 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\bg_dashed_line.en-us[1].gif 11/20/2005 8:52 AM 84 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\bg_nav_cnrl[1].gif 11/20/2005 1:32 AM 70 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\bg_nav_cnrr[1].gif 11/20/2005 1:32 AM 70 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\blkc1[1].gif 11/20/2005 1:31 AM 177 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\blko1[1].gif 11/20/2005 1:31 AM 245 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\bnr_21[1].jpg 11/20/2005 1:31 AM 7.59 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\bottom_3[1].gif 11/20/2005 8:53 AM 72 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\box_bg_line_left.en-us[1].gif 11/20/2005 8:53 AM 214 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\box_bg_line_right.en-us[1].gif 11/20/2005 8:53 AM 62 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\box_bl_corner.en-us[1].gif 11/20/2005 8:53 AM 62 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\box_br_corner.en-us[1].gif 11/20/2005 8:52 AM 63 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\box_NSW06Premier_HHO[1].gif 11/20/2005 8:55 AM 7.75 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\CAFD9FM2.2922327964290766 11/20/2005 8:54 AM 11 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\CAQVQ3UL.2788930850019357 11/20/2005 8:54 AM 25 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\chevron.en-us[1].gif 11/20/2005 8:52 AM 51 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\controlsPlay[1].gif 11/20/2005 1:32 AM 192 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\dftc1[1].gif 11/20/2005 1:31 AM 223 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\ec_main[1].htm 11/20/2005 8:53 AM 69.62 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\ec_main[2].htm 11/20/2005 8:53 AM 75.87 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\ec_MAIN[3].htm 11/20/2005 8:54 AM 117.22 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\f_closed[1].gif 11/20/2005 8:16 AM 371 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\features[1].htm 11/20/2005 8:52 AM 17.49 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\fonts_200502080901[1].css 11/20/2005 1:31 AM 739 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\global[1].js 11/20/2005 1:32 AM 2.92 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\global_nav_dots[1].gif 11/20/2005 8:53 AM 213 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\globalstores_off.en-us[1].gif 11/20/2005 8:53 AM 168 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\govt_rel_prod[1].gif 11/20/2005 8:55 AM 2.24 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\header-background[1].gif 11/20/2005 8:16 AM 511 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\hho_nav_resources[1].gif 11/20/2005 8:53 AM 2.28 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\hm_search.en-us[1].gif 11/20/2005 8:52 AM 746 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\hm_search[1].gif 11/20/2005 8:53 AM 746 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\hm_support_off.en-us[1].gif 11/20/2005 8:52 AM 497 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\hm_tile[1].gif 11/20/2005 8:53 AM 99 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\HS_1_Fan_282x205[1].jpg 11/20/2005 8:53 AM 57.88 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\ie[1].css 11/20/2005 8:53 AM 25.95 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\ie_print[1].css 11/20/2005 8:53 AM 26.01 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\index[1].css 11/20/2005 1:32 AM 17.96 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\index[1].php 11/20/2005 8:45 AM 14.15 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\index[2].htm 11/20/2005 8:15 AM 45.21 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\index[3].htm 11/20/2005 8:15 AM 129.82 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\index[4].htm 11/20/2005 8:52 AM 17.82 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\index[5].htm 11/20/2005 8:52 AM 17.49 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\ipb_forum[1].js 11/20/2005 8:16 AM 15.53 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\ipb_usercp[1].js 11/20/2005 8:16 AM 5.38 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\kabc_120.WeatherRadar[1].gif 11/20/2005 1:32 AM 3.33 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\kabc_header[1].jpg 11/20/2005 1:32 AM 14.89 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\ma_nws_1[1].gif 11/20/2005 1:32 AM 1.50 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\mail_blue_all[2].css 11/20/2005 1:31 AM 43.06 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\main[1].js 11/20/2005 8:16 AM 435 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\mc2[1].js 11/20/2005 8:51 AM 6.60 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\myabc7Thumb[1].gif 11/20/2005 1:32 AM 4.26 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\nc_tuhead[2].js 11/20/2005 8:53 AM 2 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\NIS_ASforWdwsXPlogo[1].jpg 11/20/2005 8:55 AM 3.62 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\nomail1[1].gif 11/20/2005 1:32 AM 229 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\nwmail16_1[1].gif 11/20/2005 1:31 AM 1.04 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\p_online[1].gif 11/20/2005 8:15 AM 1.29 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\pixel[1].gif 11/20/2005 8:53 AM 49 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\printButton[1].js 11/20/2005 8:53 AM 780 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\prnt12_1[1].gif 11/20/2005 1:32 AM 311 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\px_w[1].gif 11/20/2005 1:31 AM 43 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\rc_c4c3w_se_1[1].gif 11/20/2005 1:31 AM 164 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\rc_wg2w_se_1[1].gif 11/20/2005 1:31 AM 111 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\right_arrow_green[1].gif 11/20/2005 8:53 AM 155 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\right_arrow_plum[1].gif 11/20/2005 8:53 AM 155 bytes Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\RootkitRevealer[1].htm 11/20/2005 8:16 AM 21.09 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\sb_productOffer_PromoCenter.en-us[1].gif 11/20/2005 8:52 AM 4.71 KB Hidden from Windows API. C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\W9YNO7QX\shd_m_2[1].gif 11/20/2005 1:31 AM 67 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Scott\Local

#6 sergei91

sergei91

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 20 November 2005 - 01:53 PM

PART 2 of Root Kit scan C:\RECYCLE\NPROTECT 11/20/2005 8:50 AM 0 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000000.edb 11/17/2005 7:57 AM 64.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000002 11/17/2005 7:58 AM 324.09 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000003 11/17/2005 7:58 AM 446.28 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000005 11/17/2005 8:00 AM 324.09 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000006 11/17/2005 8:00 AM 446.87 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000011.CID 11/17/2005 8:02 AM 125.20 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000012.CID 11/17/2005 8:02 AM 127.23 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000014 11/17/2005 8:03 AM 323.20 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000015 11/17/2005 8:03 AM 446.38 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000016 11/17/2005 8:03 AM 323.20 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000017 11/17/2005 8:03 AM 447.71 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000018 11/17/2005 8:03 AM 324.38 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000019 11/17/2005 8:03 AM 449.20 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000020 11/17/2005 8:03 AM 327.70 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000021 11/17/2005 8:03 AM 453.69 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000022 11/17/2005 8:04 AM 328.84 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000023 11/17/2005 8:04 AM 455.23 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000025 11/17/2005 8:04 AM 331.12 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000026 11/17/2005 8:04 AM 458.23 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000028.CID 11/17/2005 8:05 AM 127.23 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000029.CID 11/17/2005 8:05 AM 129.25 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000030 11/17/2005 8:06 AM 335.77 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000031 11/17/2005 8:06 AM 463.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000032 11/17/2005 8:06 AM 335.77 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000033 11/17/2005 8:06 AM 464.37 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000035 11/17/2005 8:06 AM 336.98 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000036 11/17/2005 8:06 AM 465.93 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000037 11/17/2005 8:07 AM 338.18 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000038 11/17/2005 8:07 AM 467.49 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000039 11/17/2005 8:07 AM 339.38 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000040 11/17/2005 8:07 AM 469.03 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000041 11/17/2005 8:07 AM 340.55 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000042 11/17/2005 8:07 AM 470.58 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000043 11/17/2005 8:08 AM 341.74 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000044 11/17/2005 8:08 AM 472.14 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000045 11/17/2005 8:08 AM 344.11 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000046 11/17/2005 8:08 AM 475.25 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000047 11/17/2005 8:08 AM 345.32 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000048 11/17/2005 8:08 AM 476.81 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000050 11/17/2005 8:09 AM 346.52 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000051 11/17/2005 8:09 AM 478.38 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000052 11/17/2005 8:09 AM 347.72 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000053 11/17/2005 8:09 AM 479.96 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000054 11/17/2005 8:09 AM 348.94 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000055 11/17/2005 8:09 AM 481.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000056 11/17/2005 8:09 AM 350.16 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000057 11/17/2005 8:09 AM 483.11 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000058 11/17/2005 8:10 AM 351.38 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000059 11/17/2005 8:10 AM 484.68 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000060 11/17/2005 8:10 AM 352.60 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000061 11/17/2005 8:10 AM 486.25 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000063 11/17/2005 8:10 AM 353.80 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000064 11/17/2005 8:10 AM 487.82 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000065.CID 11/17/2005 8:10 AM 129.25 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000067 11/17/2005 8:11 AM 355.01 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000068.CID 11/17/2005 8:11 AM 131.27 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000069 11/17/2005 8:11 AM 488.01 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000070 11/17/2005 8:11 AM 355.01 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000071 11/17/2005 8:11 AM 489.35 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000072 11/17/2005 8:11 AM 356.18 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000073 11/17/2005 8:11 AM 490.87 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000074 11/17/2005 8:12 AM 357.31 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000075 11/17/2005 8:12 AM 492.40 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000076 11/17/2005 8:12 AM 358.47 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000077 11/17/2005 8:12 AM 493.91 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000078 11/17/2005 8:12 AM 359.60 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000079 11/17/2005 8:12 AM 495.44 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000080 11/17/2005 8:12 AM 360.76 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000081 11/17/2005 8:12 AM 496.96 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000083 11/17/2005 8:13 AM 361.90 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000084 11/17/2005 8:13 AM 498.47 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000085 11/17/2005 8:13 AM 363.03 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000086 11/17/2005 8:13 AM 500.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000087 11/17/2005 8:13 AM 364.17 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000088 11/17/2005 8:14 AM 501.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000089 11/17/2005 8:14 AM 365.34 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000090 11/17/2005 8:14 AM 503.04 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000091 11/17/2005 8:14 AM 366.46 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000092 11/17/2005 8:14 AM 504.54 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000097 11/17/2005 8:20 AM 367.58 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000098 11/17/2005 8:20 AM 504.74 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000101.ini 11/17/2005 8:20 AM 82 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000102.beg 11/17/2005 8:20 AM 113 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000103.dat 11/17/2005 8:20 AM 32.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000104.dat 11/17/2005 8:20 AM 32.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000105.xzc 11/17/2005 8:20 AM 300 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000106.egi 11/17/2005 8:20 AM 154 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000107.lnp 11/17/2005 8:20 AM 16.47 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000108.sux 11/17/2005 8:20 AM 788 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000109.rtv 11/17/2005 8:20 AM 67 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000113.sol 11/17/2005 8:21 AM 46 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000114.sol 11/17/2005 8:21 AM 66 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000115.sol 11/17/2005 8:21 AM 89 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000116.sol 11/17/2005 8:21 AM 108 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000117.sol 11/17/2005 8:21 AM 133 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000118.sol 11/17/2005 8:21 AM 151 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000119.sol 11/17/2005 8:21 AM 173 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000120.sol 11/17/2005 8:21 AM 196 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000121.sol 11/17/2005 8:21 AM 226 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000122.sol 11/17/2005 8:21 AM 257 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000123.sol 11/17/2005 8:21 AM 278 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000126.GCD 11/17/2005 8:22 AM 2.99 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000146.ini 11/17/2005 8:35 AM 82 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000147.xjm 11/17/2005 8:35 AM 113 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000148.pru 11/17/2005 8:35 AM 300 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000157.sol 11/17/2005 6:01 PM 46 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000158.sol 11/17/2005 6:01 PM 66 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000159.sol 11/17/2005 6:01 PM 89 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000160.sol 11/17/2005 6:01 PM 108 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000161.sol 11/17/2005 6:01 PM 133 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000162.sol 11/17/2005 6:01 PM 151 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000163.sol 11/17/2005 6:01 PM 173 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000164.sol 11/17/2005 6:01 PM 196 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000165.sol 11/17/2005 6:01 PM 226 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000166.sol 11/17/2005 6:01 PM 257 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000167.sol 11/17/2005 6:01 PM 278 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000169.edb 11/17/2005 6:02 PM 64.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000178.GCD 11/17/2005 6:09 PM 3.03 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000192.cab 11/17/2005 6:30 PM 15.45 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000200.cab 11/17/2005 6:30 PM 12.49 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000220.edb 11/17/2005 6:36 PM 64.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000267.GCD 11/17/2005 8:06 PM 2.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000272.cat 11/17/2005 8:06 PM 6.97 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000274.zip 11/17/2005 8:06 PM 147.60 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000276.cat 11/17/2005 8:06 PM 6.97 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000278.zip 11/17/2005 8:06 PM 905.67 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000279.cat 11/17/2005 8:06 PM 6.97 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000281.zip 11/17/2005 8:06 PM 309.81 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000283.GCD 11/17/2005 8:06 PM 2.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000285.GCD 11/17/2005 8:06 PM 2.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000287.GCD 11/17/2005 8:06 PM 2.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000289.GCD 11/17/2005 8:06 PM 2.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000309.XML 11/17/2005 8:25 PM 53 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000317.ini 11/17/2005 8:34 PM 82 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000318.svx 11/17/2005 8:34 PM 113 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000319.dat 11/17/2005 8:34 PM 64.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000320.jlo 11/17/2005 8:34 PM 300 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000321.xab 11/17/2005 8:34 PM 334 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000322.dfi 11/17/2005 8:34 PM 30.21 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000323.zbe 11/17/2005 8:34 PM 303 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000324.wya 11/17/2005 8:34 PM 134 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000330.sol 11/17/2005 8:40 PM 46 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000331.sol 11/17/2005 8:40 PM 66 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000332.sol 11/17/2005 8:40 PM 89 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000333.sol 11/17/2005 8:40 PM 108 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000334.sol 11/17/2005 8:40 PM 133 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000335.sol 11/17/2005 8:40 PM 151 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000336.sol 11/17/2005 8:40 PM 173 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000337.sol 11/17/2005 8:40 PM 196 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000338.sol 11/17/2005 8:40 PM 226 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000339.sol 11/17/2005 8:40 PM 257 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000340.sol 11/17/2005 8:40 PM 278 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000407.txt 11/17/2005 10:27 PM 82.71 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000471 11/18/2005 12:30 AM 57 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000495.GCD 11/18/2005 1:12 AM 8.29 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000497.GCD 11/18/2005 1:12 AM 8.29 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000499.GCD 11/18/2005 1:12 AM 8.29 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000727.ini 11/18/2005 7:57 AM 82 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000728.ybc 11/18/2005 7:57 AM 113 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00000729.dat 11/18/2005 7:57 AM 32.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000730.dat 11/18/2005 7:57 AM 32.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00000731.lmp 11/18/2005 7:57 AM 300 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001018.cab 11/18/2005 4:19 PM 15.45 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001026.cab 11/18/2005 4:19 PM 12.49 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001042.edb 11/18/2005 4:24 PM 64.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001099.sol 11/18/2005 5:56 PM 46 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001100.sol 11/18/2005 5:56 PM 66 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001101.sol 11/18/2005 5:56 PM 89 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001102.sol 11/18/2005 5:56 PM 108 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001103.sol 11/18/2005 5:56 PM 133 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001104.sol 11/18/2005 5:56 PM 151 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001105.sol 11/18/2005 5:56 PM 173 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001106.sol 11/18/2005 5:56 PM 196 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001107.sol 11/18/2005 5:56 PM 226 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001108.sol 11/18/2005 5:56 PM 257 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001109.sol 11/18/2005 5:56 PM 278 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001136 11/18/2005 6:30 PM 197.84 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001137.dll 11/18/2005 6:30 PM 273.50 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001138.sys 11/18/2005 6:30 PM 1.75 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001139.dll 11/18/2005 6:30 PM 273.50 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001140.sys 11/18/2005 6:30 PM 1.75 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001141.dll 11/18/2005 6:30 PM 13.72 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001142.exe 11/18/2005 6:30 PM 204.72 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001143.rq0 11/18/2005 6:30 PM 453 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001144.exe 11/18/2005 6:30 PM 30.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001145.inf 11/18/2005 6:30 PM 705 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001146.txt 11/18/2005 6:30 PM 455 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001147.cat 11/18/2005 6:30 PM 12.55 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001148.dll 11/18/2005 6:30 PM 21.72 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001149.exe 11/18/2005 6:30 PM 701.22 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001150.url 11/18/2005 6:30 PM 5.20 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001151.ver 11/18/2005 6:30 PM 753 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001152.inf 11/18/2005 6:30 PM 613 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001153.INF 11/18/2005 6:30 PM 8.47 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001154.INF 11/18/2005 6:30 PM 16.12 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001155.INF 11/18/2005 6:30 PM 16.81 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001156.dll 11/18/2005 6:30 PM 363.22 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001157.PSM 11/18/2005 6:30 PM 2.11 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001158.STA 11/18/2005 6:30 PM 4 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001159.TXT 11/18/2005 6:30 PM 17 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001160.STA 11/18/2005 6:30 PM 34 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001161.STA 11/18/2005 6:30 PM 34 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001166.edb 11/18/2005 6:35 PM 64.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001221.GCD 11/18/2005 8:06 PM 2.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001224.GCD 11/18/2005 8:06 PM 2.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001288.mch 11/18/2005 9:38 PM 36.71 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001316.txt 11/18/2005 10:29 PM 66.05 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001381 11/19/2005 12:30 AM 57 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001406.GCD 11/19/2005 1:15 AM 9.09 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001408.GCD 11/19/2005 1:15 AM 9.09 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001410.GCD 11/19/2005 1:15 AM 9.09 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001412.GCD 11/19/2005 1:15 AM 9.09 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001414.GCD 11/19/2005 1:15 AM 9.09 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001438.dat 11/19/2005 1:46 AM 48.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001557.LNK 11/19/2005 6:54 AM 104 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001558.LNK 11/19/2005 6:54 AM 104 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001573.edb 11/19/2005 7:05 AM 64.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001575.ini 11/19/2005 7:07 AM 33.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001577.SBI 11/19/2005 7:07 AM 751 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001578.SBI 11/19/2005 7:07 AM 110.90 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001579.SBI 11/19/2005 7:07 AM 151.93 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001580.SBI 11/19/2005 7:07 AM 9.82 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001581.SBI 11/19/2005 7:07 AM 85.94 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001582.SBI 11/19/2005 7:07 AM 398 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001583.SBI 11/19/2005 7:07 AM 1.67 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001584.SBI 11/19/2005 7:07 AM 80.60 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001585.SBI 11/19/2005 7:07 AM 60.51 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001586.SBS 11/19/2005 7:07 AM 2.76 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001587.SBS 11/19/2005 7:07 AM 3.06 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001588.SBS 11/19/2005 7:07 AM 51 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001589.SBS 11/19/2005 7:07 AM 167 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001590.SBS 11/19/2005 7:07 AM 13.82 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001591.UTI 11/19/2005 7:07 AM 32.42 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001592.UTS 11/19/2005 7:07 AM 992 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001593.SBS 11/19/2005 7:07 AM 214 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001594.SBS 11/19/2005 7:07 AM 67.89 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001595.SBS 11/19/2005 7:07 AM 4.38 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001596.SBS 11/19/2005 7:07 AM 42.44 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001597.SBI 11/19/2005 7:07 AM 12.83 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001598.SBS 11/19/2005 7:07 AM 297.64 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001599.SBS 11/19/2005 7:07 AM 1.24 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001601.NFO 11/19/2005 7:07 AM 201.45 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001602.TXT 11/19/2005 7:15 AM 581 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001615.GCD 11/19/2005 7:16 AM 3.07 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001622.XML 11/19/2005 7:16 AM 2.34 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001628.cab 11/19/2005 7:16 AM 15.45 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001648.XML 11/19/2005 7:17 AM 28 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001651.edb 11/19/2005 7:22 AM 64.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001664.XML 11/19/2005 7:37 AM 53 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001684.ini 11/19/2005 7:57 AM 82 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001685.ors 11/19/2005 7:57 AM 113 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001686.dat 11/19/2005 7:57 AM 48.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001687.twy 11/19/2005 7:57 AM 192.39 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001688.qtv 11/19/2005 7:57 AM 300 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001689.FHK 11/19/2005 7:57 AM 243 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001690.ZBE 11/19/2005 7:57 AM 1.05 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001691.MOR 11/19/2005 7:57 AM 614 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001692.LNP 11/19/2005 7:57 AM 260 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001693.dpr 11/19/2005 7:57 AM 31.91 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001694.wyb 11/19/2005 7:57 AM 973 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001695.uxz 11/19/2005 7:57 AM 134 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001700.sol 11/19/2005 8:02 AM 46 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001701.sol 11/19/2005 8:02 AM 66 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001702.sol 11/19/2005 8:02 AM 89 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001703.sol 11/19/2005 8:02 AM 108 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001704.sol 11/19/2005 8:02 AM 133 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001705.sol 11/19/2005 8:02 AM 151 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001706.sol 11/19/2005 8:02 AM 173 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001707.sol 11/19/2005 8:02 AM 196 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001708.sol 11/19/2005 8:02 AM 226 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001709.sol 11/19/2005 8:02 AM 257 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001710.sol 11/19/2005 8:02 AM 278 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001851.cab 11/19/2005 12:06 PM 15.45 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001859.cab 11/19/2005 12:06 PM 12.49 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001874.edb 11/19/2005 12:11 PM 64.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001910.ini 11/19/2005 12:51 PM 82 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001911.knp 11/19/2005 12:51 PM 113 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001912.dat 11/19/2005 12:51 PM 64.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001913.vxa 11/19/2005 12:51 PM 300 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001952.sol 11/19/2005 1:49 PM 46 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001953.sol 11/19/2005 1:49 PM 66 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001954.sol 11/19/2005 1:49 PM 89 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001955.sol 11/19/2005 1:49 PM 108 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001956.sol 11/19/2005 1:49 PM 133 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001957.sol 11/19/2005 1:49 PM 151 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001958.sol 11/19/2005 1:49 PM 173 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001959.sol 11/19/2005 1:49 PM 196 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001960.sol 11/19/2005 1:49 PM 226 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001961.sol 11/19/2005 1:49 PM 257 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001962.sol 11/19/2005 1:49 PM 278 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001992.ini 11/19/2005 2:27 PM 82 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001993.lmp 11/19/2005 2:27 PM 113 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00001994.dat 11/19/2005 2:27 PM 64.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00001995.qsv 11/19/2005 2:27 PM 300 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002068.sol 11/19/2005 4:32 PM 46 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002069.sol 11/19/2005 4:32 PM 66 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002070.sol 11/19/2005 4:32 PM 89 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002071.sol 11/19/2005 4:32 PM 108 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002072.sol 11/19/2005 4:32 PM 133 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002073.sol 11/19/2005 4:32 PM 151 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002074.sol 11/19/2005 4:32 PM 173 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002075.sol 11/19/2005 4:32 PM 196 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002076.sol 11/19/2005 4:32 PM 226 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002077.sol 11/19/2005 4:32 PM 257 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002078.sol 11/19/2005 4:32 PM 278 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002080.edb 11/19/2005 4:33 PM 1.01 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002203.GCD 11/19/2005 8:06 PM 2.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002285.txt 11/19/2005 10:29 PM 66.68 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002349 11/20/2005 12:30 AM 57 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002376.GCD 11/20/2005 1:15 AM 9.90 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002378.GCD 11/20/2005 1:15 AM 9.90 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002380.GCD 11/20/2005 1:15 AM 9.90 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002392.GCD 11/20/2005 1:18 AM 2.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002395.GCD 11/20/2005 1:19 AM 2.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002397.GCD 11/20/2005 1:19 AM 2.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002399.GCD 11/20/2005 1:19 AM 2.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002401.GCD 11/20/2005 1:19 AM 2.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002403.GCD 11/20/2005 1:19 AM 2.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002405.GCD 11/20/2005 1:19 AM 2.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002407.GCD 11/20/2005 1:19 AM 2.53 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002418.ini 11/20/2005 1:21 AM 82 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002419.ikn 11/20/2005 1:21 AM 113 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002420.dat 11/20/2005 1:21 AM 32.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002421.dat 11/20/2005 1:21 AM 32.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002422.kmo 11/20/2005 1:21 AM 300 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002429.sol 11/20/2005 1:31 AM 46 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002430.sol 11/20/2005 1:31 AM 66 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002431.sol 11/20/2005 1:31 AM 89 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002432.sol 11/20/2005 1:31 AM 108 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002433.sol 11/20/2005 1:31 AM 133 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002434.sol 11/20/2005 1:31 AM 151 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002435.sol 11/20/2005 1:31 AM 173 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002436.sol 11/20/2005 1:31 AM 196 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002437.sol 11/20/2005 1:31 AM 226 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002438.sol 11/20/2005 1:31 AM 257 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002439.sol 11/20/2005 1:31 AM 278 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00002459.edb 11/20/2005 8:16 AM 64.00 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002460.SYS 11/20/2005 8:17 AM 7.49 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002462 11/20/2005 8:18 AM 24.11 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002463 11/20/2005 8:18 AM 6.77 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002466 11/20/2005 8:19 AM 6.12 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002482 11/20/2005 8:43 AM 13.92 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002489 11/20/2005 8:47 AM 24.11 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002492 11/20/2005 8:49 AM 24.11 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002493 11/20/2005 8:49 AM 6.77 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00002497 11/20/2005 8:50 AM 6.12 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\NPROTECT.LOG 11/20/2005 8:07 AM 631.38 KB Hidden from Windows API. The MS scan was clean I'm beginning to wonder if this is not an application problem, not a Malware problem. Reason is is that when this problem starts it is only at night, which is also when I have most of my scheduled scans (i.e Norton Scans, Spyware scans etc) running. What do you think? Wither that or some type of Malware has attached itself to one of my scheduled scans?

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 November 2005 - 01:59 PM

I'm beginning to wonder if this is not an application problem, not a Malware problem. Reason is is that when this problem starts it is only at night,

Very well could be.

Lets do this. Also make sure you empty Norton's NPROTECT from the RECYCLE Bin if this doesn't do it.

Download System Security Suite. Extract it from the zip file into a folder.
http://www.igorshpak.../3ssetup104.zip
Under "items to clear" click all.
After scan: click "clear selected items"

Reboot and Rescan with HJT and post a new log here.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 November 2005 - 02:12 PM

Lets also give this one a go.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#9 sergei91

sergei91

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 20 November 2005 - 07:54 PM

Here is the new HJT logfile;

Logfile of HijackThis v1.99.1
Scan saved at 5:53:05 PM, on 11/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PowerPanelPlus\upssrv.exe
C:\PowerPanelPlus\upsio.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Drivers\Utils\Cleaners & Spyware\HijackThis1991.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O12 "EP1394D3_001" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....119/CTSUEng.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127664543328
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www3.wireles...SyncInstall.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....12119/CTPID.cab
O18 - Protocol: bw+0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: UPS Service (CyberPowerUPS) - CyberPower Systems, Inc. - C:\PowerPanelPlus\upssrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMHHFCF - Unknown owner - C:\DOCUME~1\Scott\LOCALS~1\Temp\IMHHFCF.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

#10 sergei91

sergei91

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 20 November 2005 - 07:55 PM

Here is the logfile form Apropos; Log of AproposFix v1 ************ Running from directory: C:\Documents and Settings\Administrator\Desktop\aproposfix ************ Registry entries found: ************ No service found! Removing hidden folder: No folder found! Deleting files: Backing up files: Done! Removing registry entries: REGEDIT4 Done! Finished!

    Advertisements

Register to Remove

#11 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 21 November 2005 - 03:55 PM

Go to Start > Run and type in Services.msc then click OK

Click the Extended tab.

Scroll down until you find IMHHFCF

Click once on the service to highlight it.

Click Stop

Right-Click on the service.

Click on 'Properties'

Select the 'General' tab

Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box

From the drop-down menu, click on 'Disabled'

Click the 'Apply' tab, then click 'OK'

The service is now stopped and disabled.


I suggest you do this:

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O23 - Service: IMHHFCF - Unknown owner - C:\DOCUME~1\Scott\LOCALS~1\Temp\IMHHFCF.exe (file missing)

Close ALL windows and browsers except HijackThis and click "Fix checked"




1. Open My Computer
2. Right click on your hard drive that you wish to clean (C drive, for example)
3. In the context menu that opens, select properties
4. Under the general tab you should select Disk Cleanup
5. Windows will scan your drive which will take a few seconds/minutes
6. A box will display the various files you can remove.
Check all boxes except compress old files (If listed)
7. Click OK and windows will comply.

Restart your computer.

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#12 sergei91

sergei91

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 22 November 2005 - 10:24 AM

I ran the services and disabled the IMHHFCF, however when I ran HJT it did not appear as you said it would under the 023 Service: So I could not remove it.
I went ahead and completed the disk cleanup anyway and created a new log file;

Logfile of HijackThis v1.99.1
Scan saved at 8:20:20 AM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PowerPanelPlus\upssrv.exe
C:\PowerPanelPlus\upsio.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Drivers\Utils\Cleaners & Spyware\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O12 "EP1394D3_001" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....119/CTSUEng.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127664543328
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www3.wireles...SyncInstall.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....12119/CTPID.cab
O18 - Protocol: bw+0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E985F6B3-3AE1-4304-BCB2-07F416A5967B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: UPS Service (CyberPowerUPS) - CyberPower Systems, Inc. - C:\PowerPanelPlus\upssrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

#13 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 November 2005 - 02:51 PM

Good Job :thumbup:


Log looks good :D :thumbup: How is it running any issues?

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Click Start> My Computer, select the Tools menu and then Folder Options, after the new window appears select the View tab…]
This time select the: Restore Defaults
Select: Apply, and click OK




If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Safe Surfing. :D

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#14 sergei91

sergei91

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 22 November 2005 - 10:35 PM

Thanks again :) for your help Hopefully you wont hear from me again! Scott

#15 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 23 November 2005 - 12:09 PM

Great job :thumbup: You're more then welcome. Glad we were able to help Peace be with you :wavey:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·