WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

PC 'Jacked and Nearly Inoperable

Started by monza , Dec 02 2005 04:20 PM

This topic is locked

41 replies to this topic

#1 monza

Authentic Member

Authentic Member
33 posts

Posted 02 December 2005 - 04:20 PM

The problem with this PC is that it starts up with one of the svchost.exe files at nearly 100% CPU usage. There are at least 4 of these processes: one (1) LOCAL SERVICE, one (1) NETWORK SERVICE, and two (2) SYSTEM. One (1) of the SYSTEM svchost.exe files is the CPU hog. Also, when the PC boots the taskbar is inaccessable. If the mouse hovers over it, there is merely an hour glass that flickers as if their is not enough memory. Killing the one (1) instance of svchost.exe drops CPU usage from 100% to around 20-40%, but still leaves the taskbar inaccessable.

I have have booted in 'selective startup' mode with no startup processes and get the same results. However, if I boot in 'diagnostic startup' mode (and obviously in safe mode) everything works fine (except for the network :-|). Booting in 'selective startup' mode with no startup processes or system services but still processing the system.ini file and boot.ini file leaves the PC in good shape (like diagnostic).

Recently, (as in 5 mins ago) if I boot with the system services loaded then change the system configuration (i.e. process ini files), the taskbar begins to work, but the svchost.exe still has the CPU taxed.

Here is the HijackThis log file with no startup services loaded:

Logfile of HijackThis v1.99.1
Scan saved at 4:25:04 PM, on 12/2/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\lmboqys.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\ehqkiuy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
C:\WINDOWS\System32\lfihgr.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.templebaptistofdalton.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\System32\vbrundll.dll (file missing)
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\System32\bho.dll (file missing)
O2 - BHO: IEWebCatcher Class - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ehqkiuy] C:\WINDOWS\ehqkiuy.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [waciytu] C:\WINDOWS\System32\lfihgr.exe r
O4 - HKCU\..\Run: [Win32res] C:\WINDOWS\win32res.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120002357368
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGFycnkgSGF0aGNvY2sA\command.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\lmboqys.exe

Here is the log file in normal mode:

Logfile of HijackThis v1.99.1
Scan saved at 5:12:45 PM, on 12/2/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\lmboqys.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\ehqkiuy.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\medgs1.exe
C:\WINDOWS\System32\muqfneg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
C:\Documents and Settings\All Users\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.templebaptistofdalton.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\System32\vbrundll.dll (file missing)
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\System32\bho.dll (file missing)
O2 - BHO: IEWebCatcher Class - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ehqkiuy] C:\WINDOWS\ehqkiuy.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\dlplls.exe reg_run
O4 - HKLM\..\Run: [wfwall1.exe] C:\WINDOWS\System32\wfwall1.exe
O4 - HKLM\..\Run: [webnexus.exe] C:\WINDOWS\System32\webnexus.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [virD] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\etb\pokapoka70.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\etb\pokapoka70.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [removeist.exe] C:\WINDOWS\System32\removeist.exe
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [mmxp2passion.exe] C:\WINDOWS\System32\mmxp2passion.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [jrm] c:\windows\mrjj.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\wfwall1.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitedph32.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [cashplusmedia1.exe] C:\WINDOWS\System32\cashplusmedia1.exe
O4 - HKLM\..\Run: [apisvc.exe] C:\WINDOWS\System32\apisvc.exe
O4 - HKLM\..\Run: [AdCom9788-seedrevshare.exe] C:\WINDOWS\System32\AdCom9788-seedrevshare.exe
O4 - HKLM\..\Run: [002] C:\WINDOWS\System32\medgs1.exe
O4 - HKLM\..\Run: [cumuvb] C:\WINDOWS\System32\muqfneg.exe r
O4 - HKCU\..\Run: [Win32res] C:\WINDOWS\win32res.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - Global Startup: RealSecure® Desktop Protector.lnk = ?
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120002357368
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGFycnkgSGF0aGNvY2sA\command.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\lmboqys.exe

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 13 December 2005 - 11:51 AM

monza, Welcome to the forum, sorry for the delay, we have been up to our ears in infected computers from people like yourself. You have a pretty large range of infections going on, all of these together are the cause of your system being one step away from being inoperable. One of the main reasons for all the infections is that your operating system is seriously out of date. Once we get you clean you have to update it or you are going to get reinfected all over again. If you have not resolved your issue and still need my assistance, post a new HJT log please. Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 monza

Authentic Member

Authentic Member
33 posts

Posted 13 December 2005 - 12:34 PM

The reason why the OS is out-of-date is because I reinstalled the OS in an effort to overcome some of the problems. I did one online update of critical components and then the PC was 'jacked and inoperable again. As of right now, the network card is on lock-down, so I couldn't update it if I wanted to. Maybe if I get the issues resolved it will start working again.

Here is the latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:25:55 PM, on 12/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
C:\WINDOWS\System32\ocmcil.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
C:\Documents and Settings\All Users\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.templebaptistofdalton.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\dlplls.exe reg_run
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [apisvc.exe] C:\WINDOWS\System32\apisvc.exe
O4 - HKLM\..\Run: [aozasb] C:\WINDOWS\System32\ocmcil.exe r
O4 - HKCU\..\Run: [Win32res] C:\WINDOWS\win32res.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - Global Startup: RealSecure® Desktop Protector.lnk = ?
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120002357368
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#4 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 13 December 2005 - 01:31 PM

Monza,

Your system has changed dramaically since your last post. I would like you to run Ewido Security Suite, its important that it runs in Safemode.

Ewido Security Suite
o Launch Ewido, there should be an icon on your desktop for it to double-click.
o Click on update
o You should see Update Complete when done.
o Now close out the program

Now reboot into Safemode
To Enter SAFEMODE

* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD

Now open Ewido
o Click on scanner.
o Run a full system scan
o Let the program scan the machine.
o While the scan is in progress you will be prompted to clean files, click OK.
o Select Perform action on all infections
o Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
o Click Save report.
o Save the report to your desktop.

Now while still in Safemode, run HJT Scan Only , close all open windows, the only window you should have open is HJT. Put a checkmark in the following entries and click on Fix Checked

O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\dlplls.exe reg_run
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [apisvc.exe] C:\WINDOWS\System32\apisvc.exe
O4 - HKLM\..\Run: [aozasb] C:\WINDOWS\System32\ocmcil.exe r
O4 - HKCU\..\Run: [Win32res] C:\WINDOWS\win32res.exe

Exit HJT

Now while still in Safemode, enable windows to show all files and folders

SHOW HIDDEN FILES AND FOLDERS

* Click on MY COMPUTER
* Then on your C: Drive
* Then to TOOLS/ FOLDER OPTIONS/ VIEW
* Choose the radio button to SHOW HIDDEN FILES AND FOLDERS
* Take the checkmark out of HIDE EXTENSIONS FOR KNOWN FILE TYPES
* Then APPLY/ OK

* Don't forget to reverse this once your computer is clean

Now look for a delete the following files in RED, some of them may be gone already.

C:\WINDOWS\win32res.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\System32\dlplls.exe
C:\WINDOWS\System32\vidctrl
C:\WINDOWS\System32\regsync.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\apisvc.exe
C:\WINDOWS\System32\ocmcil.exe

Reboot normally, download and install CCLeaner, this will clean all the temp files and garbage that is cluttering up your system.

Download and Install CCleaner

* Click on Run Cleaner
* Run the Issues Scan < When it asks you to backup the Registry..Say Yes

Run l Housecall, let it scan your system and clean everything it finds.

When your done, post the log from Ewido, anything that Housecall found and could not fix along with a new HJT log please.

Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#5 monza

Authentic Member

Authentic Member
33 posts

Posted 19 December 2005 - 03:47 PM

Ok, I downloaded Ewido. The network card on the PC is 'jacked, too, so I manually downloaded and installed the entire virus definition package.

Here is the scan log:
[quote]
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:45:45 PM, 12/13/2005
+ Report-Checksum: EFC39556

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Hotbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\Install -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\MachineInfo -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\PI -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\PI\3.2 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Security -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Enum -> Spyware.BargainBuddy : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\Profiles\default\3dc6024g.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\Profiles\default\3dc6024g.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\Profiles\default\3dc6024g.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\Profiles\default\3dc6024g.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\Profiles\default\3dc6024g.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\Profiles\default\3dc6024g.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\Profiles\default\3dc6024g.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\Profiles\default\3dc6024g.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Larry Hathcock\Local Settings\Temporary Internet Files\Content.IE5\CDNZQKPY\tb[1].txt -> Spyware.ToolBand : Cleaned with backup
C:\Program Files\Common Files\system32.dll/gui.exe -> Downloader.Agent.rv : Error during cleaning
C:\WINDOWS\bs7beta.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\offun.exe -> Downloader.VB.hw : Cleaned with backup
C:\WINDOWS\system\QBUninstaller.exe -> Downloader.Small.aly : Cleaned with backup
C:\WINDOWS\system32\ixendo.exe -> Trojan.Poler.a : Cleaned with backup
C:\WINDOWS\system32\yunguyo.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\Vielqbiw.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\winadvt.dll -> Spyware.ToolBand : Cleaned with backup
D:\WINDOWS\Temporary Internet Files\Content.IE5\SD0CYOK8\exitpop[1].htm -> Trojan.NoClose.i : Cleaned with backup
D:\WINDOWS\Temporary Internet Files\Content.IE5\QV4XKBMN\consumerinfo2[1].htm -> Spyware.BookedSpace : Cleaned with backup
D:\WINDOWS\Cookies\frontdesk@ads.link4ads[1].txt -> Spyware.Cookie.Link4ads : Cleaned with backup
D:\WINDOWS\Cookies\frontdesk@ads.link4ads[3].txt -> Spyware.Cookie.Link4ads : Cleaned with backup
D:\WINDOWS\Cookies\frontdesk@preferences[1].txt -> Spyware.Cookie.Preferences : Cleaned with backup
D:\WINDOWS\Cookies\frontdesk@ads15.hyperbanner[1].txt -> Spyware.Cookie.Hyperbanner : Cleaned with backup
D:\WINDOWS\Cookies\frontdesk@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
D:\WINDOWS\Cookies\frontdesk@www.hightrafficads[1].txt -> Spyware.Cookie.Hightrafficads : Cleaned with backup
D:\WINDOWS\Cookies\frontdesk@spms.bpath[2].txt -> Spyware.Cookie.Bpath : Cleaned with backup
D:\WINDOWS\Cookies\frontdesk@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
D:\WINDOWS\Cookies\frontdesk@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup

::Report End
[/quote]

Then I ran HJT.

Here is the log:
[quote]Logfile of HijackThis v1.99.1
Scan saved at 4:47:59 PM, on 12/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\dlplls.exe reg_run
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [apisvc.exe] C:\WINDOWS\System32\apisvc.exe
O4 - Global Startup: RealSecure® Desktop Protector.lnk = ?
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120002357368
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[/quote]

I fixed each of the items you mention except for the ones which were corrected by Ewido and therefore no longer running. I was unable to locate any of the files you wished to delete after setting all of my folder options to the correct preferences. I noticed before that when I killed certain spyware or virus processes, certain .exe files would disappear from the windows folder. They would then reappear once rebooted. However, I could not locate the files mentioned.

I also downloaded and installed the CCleaner. I ran both the cleaner and the issue scanner.

Here is the log from the cleaner:
[quote]
CLEANING COMPLETE - (89.279 secs)
------------------------------------------------------------------------------------------
591.7MB removed.

Details of files deleted
------------------------------------------------------------------------------------------
IE Temporary Internet Files (1202 files) 8.10MB
C:\Documents and Settings\Larry Hathcock\Cookies\larry hathcock@a[1].txt 0 bytes
C:\Documents and Settings\Larry Hathcock\Local Settings\History\History.IE5\desktop.ini 113 bytes
Marked for deletion: C:\Documents and Settings\Larry Hathcock\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marked for deletion: C:\Documents and Settings\Larry Hathcock\Cookies\index.dat
Marked for deletion: C:\Documents and Settings\Larry Hathcock\Local Settings\History\History.IE5\index.dat
C:\WINDOWS\TEMP\CONEXANT_INSTALL.LOG 43.64KB
C:\WINDOWS\TEMP\HP000000.IDX 0.25MB
C:\WINDOWS\TEMP\HP000001.PDL 6 bytes
C:\WINDOWS\TEMP\hpdbglog.txt 680 bytes
C:\WINDOWS\TEMP\hpdj00srv00.log 3.20KB
C:\WINDOWS\TEMP\hpzcoi00.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi01.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi02.log 756 bytes
C:\WINDOWS\TEMP\hpzcoi03.log 694 bytes
C:\WINDOWS\TEMP\hpzcoi04.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi05.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi06.log 757 bytes
C:\WINDOWS\TEMP\hpzcoi07.log 694 bytes
C:\WINDOWS\TEMP\hpzcoi08.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi09.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi10.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi11.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi12.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi13.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi14.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi15.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi16.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi17.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi18.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi19.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi20.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi21.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi22.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi23.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi24.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi25.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi26.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi27.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi28.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi29.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi30.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi31.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi32.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi33.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi34.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi35.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi36.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi37.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi38.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi39.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi40.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi41.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi42.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi43.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi44.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi45.log 596 bytes
C:\WINDOWS\TEMP\hpzcoi46.log 757 bytes
C:\WINDOWS\TEMP\hpzcoi47.log 685 bytes
C:\WINDOWS\TEMP\hpzglue00.log 337 bytes
C:\WINDOWS\TEMP\HPZset000.log 664 bytes
C:\WINDOWS\TEMP\HPZset001.log 664 bytes
C:\WINDOWS\TEMP\IECE.tmp 0.33MB
C:\WINDOWS\TEMP\Perflib_Perfdata_51c.dat 16.00KB
C:\WINDOWS\TEMP\Perflib_Perfdata_5e4.dat 16.00KB
C:\WINDOWS\TEMP\Perflib_Perfdata_5e8.dat 16.00KB
C:\WINDOWS\TEMP\Perflib_Perfdata_610.dat 16.00KB
C:\WINDOWS\TEMP\Perflib_Perfdata_628.dat 16.00KB
C:\WINDOWS\TEMP\Perflib_Perfdata_638.dat 16.00KB
C:\WINDOWS\TEMP\Perflib_Perfdata_65c.dat 16.00KB
C:\WINDOWS\TEMP\Perflib_Perfdata_660.dat 16.00KB
C:\WINDOWS\TEMP\Perflib_Perfdata_914.dat 16.00KB
C:\WINDOWS\TEMP\Perflib_Perfdata_f64.dat 16.00KB
C:\WINDOWS\TEMP\servic000.log 344 bytes
C:\WINDOWS\TEMP\servic001.log 516 bytes
C:\WINDOWS\TEMP\servic002.log 172 bytes
C:\WINDOWS\TEMP\servic003.log 510 bytes
C:\WINDOWS\TEMP\SPL27.tmp 0.75MB
C:\WINDOWS\TEMP\SPL2D.tmp 0.25MB
C:\WINDOWS\TEMP\T30DebugLogFile.txt 0 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat 0 bytes
C:\WINDOWS\TEMP\_ISTMP0.DIR\Projects.ini 6.06KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\131266_1116_188_1808_62.41.tmp1 5.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\131380_2688_1852_2740_62.41.tmp1 5.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\131402_2688_1852_2732_62.41.tmp1 5.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\GLM4D.tmp 12.50KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\History\History.IE5\desktop.ini 113 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\IEC1.tmp 0.32MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\IEC12.tmp 0.32MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\IEC2B.tmp 0.33MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\IEC7.tmp 0.32MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\InstHelp.dll 56.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\IUCheck.log 587 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_0debMU7JNL6DQBE 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_3az9zbrmB9DH3FX 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_48ZSLyz5ZK81kfn 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_4IRVntRbXyL8vjT 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_72Hjx6Fvwandedh 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_7iq3x9OjnY83eP3 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_8UXSQsGmqStVhjr 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_bBzIq21xFCEt0Uj 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_BGARlp4uY2xsaV 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_Bot 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_bqmcc8ie4RchP2k 2.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_c3vPTyZQLgg 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_cE0qgXRlVoEbKmW 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_Cy7RY5qGBE53tJu 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_D1ESy8sTBfqyacQ 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_D43m6HRloDNk2wM 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_dfr8j9tta3s3vnI 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_DtOVhWybUnsWouY 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_EXlso622kpFZYqA 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_eYMR89YIS4MSBKw 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_GvzH5V1fuE8nr5 2.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_HmRa6zKh24qUVED 2.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_lELTFKyXJq8iCM1 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_mav7m38qWl5M 2.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_nqrSb8hQotIiRWD 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_P2c3wfoXjn1pNT1 2.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_PUs5kp00Zo2hIjK 2.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_RKE2Eln3xWWV3Ml 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_RtDgewcaxXxzXsG 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_RVouKjcBF4yuKQG 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_rytXkyOkGFOfHJy 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_T8MFN3LsN57hckj 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_wpcyRAlJUvKYvJv 2.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_XHmj 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_yVfiXe6cZYiWqCq 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\me_zjZxaRCiYqMNilc 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\MSSVPN32.TMP 0.38MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Abcpy.ini 2.96KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\DATA.TAG 103 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\data1.cab 6.50KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\data1.hdr 28.66KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Help\ENU\ACROBAT.PDF 27.78KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Help\ENU\DocBox.pdf 3.99KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Help\ENU\MiniReader.pdf 75.21KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Help\ENU\Reader.pdf 0.96MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\lang.dat 22.99KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\layout.bin 609 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\os.dat 450 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\AceLite.dll 0.38MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\ACROFX32.DLL 52.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\AcroRd32.exe 3.69MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\ActiveX\AcroIEHelper.ocx 36.92KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\ActiveX\pdf.ocx 0.37MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\ActiveX\pdf.tlb 3.95KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\Agm.dll 1.09MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\Bib.dll 0.14MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\Browser\nppdf32.dll 100.89KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\CoolType.dll 1.38MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\JavaScripts\aform.js 33.78KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\msvcp60.dll 0.38MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\msvcrt.dll 0.25MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\oleaut32.dll 0.57MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\Optional\README.TXT 46 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\AcroFill.api 0.61MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\EScript.api 0.61MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\EWH32.api 68.07KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\hls.api 52.06KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\Infusium.api 0.26MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\InterTrust\DocBox.api 0.39MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\InterTrust\NPDocBox.dll 0.21MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\Movie\Movie.api 0.26MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\Movie\QT2.dll 24.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\Movie\QT3.dll 32.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\Movie\QT4.dll 36.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\MSAA.api 0.10MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\reflow.api 0.24MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\search.api 0.20MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\vdkhome\enu\vdk10.lng 22.74KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\vdkhome\enu\vdk10.rsd 60.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\vdkhome\enu\vdk10.rst 2.30KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\vdkhome\enu\vdk10.stc 3.07KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\vdkhome\enu\vdk10.stp 3.07KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\vdkhome\enu\vdk10.syd 0.77MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\vdkhome\vdk10.cmp 3.95KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\vdkhome\vdk10.lic 41 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\vdkhome\vdk10.std 2.02KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\vdkhome\vdk10.syx 415 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\vdkhome\vdk10.thd 304 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\WEBBUY\HTML\btn_submit.gif 746 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\WEBBUY\HTML\table_btm.gif 249 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\WEBBUY\HTML\template1.html 2.02KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\WEBBUY\HTML\template2.html 2.93KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\WEBBUY\HTML\template5.html 192 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\WEBBUY\HTML\title_acrobat.gif 742 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\WEBBUY\HTML\title_adobe.gif 806 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\WEBBUY\HTML\title_end.gif 223 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\WEBBUY\HTML\title_mid.gif 300 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\Webbuy.api 0.41MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\weblink.api 0.10MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\plug_ins\WHA.api 68.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\RdrENU.xml 198 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\SPPlugins\ADMPlugin.apl 0.85MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\SPPlugins\ExpressViews.apl 0.19MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\Uninstall\Uninst.dll 80.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\vdk150.dll 0.84MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Reader\WHA Library.dll 0.16MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\ReadMe.html 21.75KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\CMap\Identity-H 6.25KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\CMap\Identity-V 1.17KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\ENUtxt.pdf 1.38KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\AdobeFnt.lst 23 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\cobo____.pfb 49.35KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\cob_____.pfb 34.67KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\com_____.pfb 33.77KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\coo_____.pfb 47.33KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\COBO____.PFM 686 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\COB_____.PFM 679 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\COM_____.PFM 674 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\COO_____.PFM 682 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\SY______.PFM 672 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\ZD______.PFM 684 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\ZX______.MMM 7.08KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\zx______.pfm 683 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\ZY______.MMM 7.08KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\zy______.pfm 684 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\_ABI____.PFM 5.21KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\_AB_____.PFM 5.21KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\_AI_____.PFM 5.68KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\_A______.PFM 5.67KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\_ebi____.pfm 4.57KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\_eb_____.pfm 4.83KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\_ei_____.pfm 4.70KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\PFM\_er_____.pfm 4.58KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\SY______.PFB 33.89KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\ZD______.PFB 48.43KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\ZX______.PFB 73.80KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\ZY______.PFB 94.16KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\_ABI____.PFB 31.27KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\_AB_____.PFB 31.22KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\_AI_____.PFB 31.36KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\_A______.PFB 31.33KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\_ebi____.pfb 37.64KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\_eb_____.pfb 34.55KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\_ei_____.pfb 36.64KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Resource\Font\_er_____.pfb 34.55KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\Setup.exe 72.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\SETUP.INI 103 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\setup.ins 0.15MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\setup.lid 49 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\SVG Files\NPSVGVw.dll 0.29MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\SVG Files\ReadMe.html 18.73KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\SVG Files\SVG Viewer License.txt 22.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\SVG Files\SVGAbout.svg 77.58KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\SVG Files\SVGControl.dll 0.47MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\SVG Files\SVGHelp.html 2.86KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\SVG Files\SVGRSRC.DLL 12.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\SVG Files\SVGView.dll 1.52MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\SVG Files\SVGViewer.dict 18.01KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\SVG Files\SVGViewer.ini 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\SVG Files\SVGViewer.zip 0.19MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\_INST32I.EX_ 0.28MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\_ISDel.exe 27.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\_Setup.dll 34.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\_sys1.cab 0.17MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\_sys1.hdr 4.95KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\_user1.cab 0.26MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\pft8~tmp\_user1.hdr 5.65KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\s318.7 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\setup.exe 0.21MB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\89ABCDEF\desktop.ini 67 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8VQD612P\desktop.ini 67 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GLERCLMJ\desktop.ini 67 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\desktop.ini 67 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\WER112.tmp.dir00\appcompat.txt 14.55KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\WER5.tmp 0 bytes
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\WER5.tmp.dir00\sysdata.xml 59.42KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF233C.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF26BB.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF27EF.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF29E0.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF53DF.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF6017.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF64.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF64BD.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF6677.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF685B.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF6997.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF7081.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF7237.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF72D4.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF747E.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF748A.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF759E.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF776A.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF8717.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF8FBD.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DF9547.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DFA2B9.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DFA860.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DFAD04.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DFB26F.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DFE06E.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DFF47.tmp 16.00KB
C:\DOCUME~1\LARRYH~1\LOCALS~1\Temp\~DFFA2A.tmp 16.00KB
C:\WINDOWS\MEMORY.DMP 511.6MB
C:\WINDOWS\MiniDump\Mini102605-01.dmp 64.00KB
C:\WINDOWS\MiniDump\Mini102605-02.dmp 64.00KB
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 61.07KB
C:\WINDOWS\system32\wbem\Logs\mofcomp.log 20.20KB
C:\WINDOWS\system32\wbem\Logs\setup.log 9.39KB
C:\WINDOWS\system32\wbem\Logs\wbemcore.log 238 bytes
C:\WINDOWS\system32\wbem\Logs\wbemess.log 31.59KB
C:\WINDOWS\system32\wbem\Logs\wbemprox.log 8.68KB
C:\WINDOWS\system32\wbem\Logs\WBEMSNMP.log 2 bytes
C:\WINDOWS\system32\wbem\Logs\WinMgmt.log 12.35KB
C:\WINDOWS\system32\wbem\Logs\wmiadap.log 807 bytes
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 780 bytes
C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ 64.03KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.lo_ 0.11MB
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\COM+.log 1.41KB
C:\WINDOWS\comsetup.log 0.16MB
C:\WINDOWS\dahotfix.log 1.70KB
C:\WINDOWS\DHCPUPG.LOG 403 bytes
C:\WINDOWS\DtcInstall.log 243 bytes
C:\WINDOWS\FaxSetup.log 0.40MB
C:\WINDOWS\IEPatchUninstall.log 40 bytes
C:\WINDOWS\iis6.log 52.10KB
C:\WINDOWS\imsins.log 1.34KB
C:\WINDOWS\KB821557.log 15.90KB
C:\WINDOWS\KB823182.log 28.73KB
C:\WINDOWS\KB823559.log 31.68KB
C:\WINDOWS\KB824105.log 27.51KB
C:\WINDOWS\KB824141.log 26.67KB
C:\WINDOWS\KB825119.log 26.11KB
C:\WINDOWS\KB828035.log 21.23KB
C:\WINDOWS\KB828741.log 0.15MB
C:\WINDOWS\KB835732.log 0.16MB
C:\WINDOWS\KB837001.log 12.14KB
C:\WINDOWS\KB839643.log 8.56KB
C:\WINDOWS\KB839645.log 10.01KB
C:\WINDOWS\KB840315.log 8.57KB
C:\WINDOWS\KB840374.log 22.91KB
C:\WINDOWS\KB840987.log 82.50KB
C:\WINDOWS\KB841356.log 3.58KB
C:\WINDOWS\KB841533.log 3.32KB
C:\WINDOWS\KB841873.log 10.55KB
C:\WINDOWS\KB842773.log 8.79KB
C:\WINDOWS\KB873376.log 3.40KB
C:\WINDOWS\MDACSET.log 22.81KB
C:\WINDOWS\msgsocm.log 20.33KB
C:\WINDOWS\nsw.log 289 bytes
C:\WINDOWS\ntdtcsetup.log 0.10MB
C:\WINDOWS\ocgen.log 0.21MB
C:\WINDOWS\ocmsn.log 18.68KB
C:\WINDOWS\Q306676.log 10.41KB
C:\WINDOWS\Q308387.log 10.41KB
C:\WINDOWS\Q308402.log 10.41KB
C:\WINDOWS\Q308677.log 10.76KB
C:\WINDOWS\Q308928.log 10.53KB
C:\WINDOWS\Q309056.log 10.22KB
C:\WINDOWS\Q309521.log 21.21KB
C:\WINDOWS\Q310051.log 10.26KB
C:\WINDOWS\Q310601.log 10.81KB
C:\WINDOWS\Q311542.log 10.41KB
C:\WINDOWS\Q311822.log 10.20KB
C:\WINDOWS\Q311889.log 10.46KB
C:\WINDOWS\Q311967.log 10.19KB
C:\WINDOWS\Q313450.log 18.97KB
C:\WINDOWS\Q313596.log 10.41KB
C:\WINDOWS\Q314147.log 10.41KB
C:\WINDOWS\Q314862.log 19.52KB
C:\WINDOWS\Q315000.log 10.41KB
C:\WINDOWS\Q315403.log 10.41KB
C:\WINDOWS\Q316134.log 10.41KB
C:\WINDOWS\Q316253.log 10.48KB
C:\WINDOWS\Q317277.log 10.66KB
C:\WINDOWS\Q318138.log 29.81KB
C:\WINDOWS\Q319580.log 11.04KB
C:\WINDOWS\Q321856.log 363 bytes
C:\WINDOWS\Q323172.log 30.39KB
C:\WINDOWS\Q323255.log 12.37KB
C:\WINDOWS\Q324096.log 31.82KB
C:\WINDOWS\Q324380.log 31.41KB
C:\WINDOWS\Q326830.log 13.88KB
C:\WINDOWS\Q328940.log 21.02KB
C:\WINDOWS\Q329048.log 30.60KB
C:\WINDOWS\Q329115.log 13.66KB
C:\WINDOWS\Q329170.log 16.95KB
C:\WINDOWS\Q329390.log 13.09KB
C:\WINDOWS\Q329441.log 19.65KB
C:\WINDOWS\Q329834.log 30.61KB
C:\WINDOWS\Q810577.log 32.42KB
C:\WINDOWS\Q811493.log 38.70KB
C:\WINDOWS\Q811630.log 28.42KB
C:\WINDOWS\Q815021.log 20.17KB
C:\WINDOWS\Q817606.log 28.39KB
C:\WINDOWS\Q818966.log 362 bytes
C:\WINDOWS\Q819696.log 31.80KB
C:\WINDOWS\Q828026.log 22.16KB
C:\WINDOWS\regopt.log 2.93KB
C:\WINDOWS\sessmgr.setup.log 2.09KB
C:\WINDOWS\setupact.log 70.90KB
C:\WINDOWS\setupapi.log 0.38MB
C:\WINDOWS\setuperr.log 0 bytes
C:\WINDOWS\Sti_Trace.log 0 bytes
C:\WINDOWS\svcpack.log 10.68KB
C:\WINDOWS\tsoc.log 0.16MB
C:\WINDOWS\wiadebug.log 216 bytes
C:\WINDOWS\wiaservc.log 49 bytes
C:\WINDOWS\Windows Update.log 0.13MB
C:\WINDOWS\WindowsUpdate.log 0.66MB
C:\WINDOWS\wsdu.log 215 bytes
C:\WINDOWS\xpsp1hfm.log 72.17KB
C:\WINDOWS\imsins.BAK 1.34KB
C:\WINDOWS\ntbtlog.txt 0.27MB
C:\WINDOWS\OEWABLog.txt 1.91KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 21.1MB
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp 0.23MB
C:\WINDOWS\Debug\mrt.log 2.29KB
C:\WINDOWS\Debug\NetSetup.LOG 7.42KB
C:\WINDOWS\Debug\oakley.log 0 bytes
C:\WINDOWS\security\logs\backup.log 2.97KB
C:\WINDOWS\security\logs\SceRoot.log 1.73KB
C:\WINDOWS\security\logs\scesetup.log 1.01MB
C:\WINDOWS\security\logs\scecomp.old 24.13KB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\17B60911d01 48.76KB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\182BEA87d01 19.52KB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\1FC2DCD6d01 87.54KB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\21F3A5D8d01 15.5MB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\32955A42d01 82.04KB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\3EEA6246d01 28.01KB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\417DB630d01 19.08KB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\4A9C3D35d01 49.58KB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\4AF0BC07d01 24.17KB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\55C32115d01 21.77KB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\8FE08206d01 21.68KB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\9BA12749d01 34.42KB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\9F1E7B58d01 37.26KB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\C5BCA8AFd01 19.56KB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\CEF83390d01 34.99KB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\DE381EF7d01 30.78KB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\_CACHE_001_ 0.22MB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\_CACHE_002_ 0.17MB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\_CACHE_003_ 0.32MB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\cache\_CACHE_MAP_ 0.13MB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\history.dat 1.94KB
C:\Documents and Settings\Larry Hathcock\Application Data\Mozilla\profiles\default\3dc6024g.slt\downloads.rdf 2.02KB
Removed Cookie: infospace.com
Removed Cookie: infospace.com
Removed Cookie: infospace.com
Removed Cookie: infospace.com
Removed Cookie: netscape.com
Removed Cookie: atwola.com
Removed Cookie: sun.com
Removed Cookie: sun.com
Removed Cookie: sun.com
Removed Cookie: sun.com
Removed Cookie: sun.com
Removed Cookie: sun.com
Removed Cookie: sun.com
Removed Cookie: sun.com
Removed Cookie: sun.com
Removed Cookie: microsoft.com
C:\Documents and Settings\Larry Hathcock\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 300 bytes
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\09212005.Log 876 bytes
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\09302005.Log 5.15KB
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10182005.Log 662 bytes
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10262005.Log 4.32KB
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11292005.Log 8.92KB
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12012005.Log 0.14MB
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12022005.Log 93.49KB
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12132005.Log 1.09KB
C:\Documents and Settings\Larry Hathcock\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\08072005.Log 1.47MB
C:\Documents and Settings\Larry Hathcock\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\08082005.Log 0.30MB
C:\Documents and Settings\Larry Hathcock\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\08122005.Log 43.67KB
C:\Documents and Settings\Larry Hathcock\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\09302005.Log 4.08KB
C:\Documents and Settings\Larry Hathcock\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10262005.Log 3.05KB
C:\Documents and Settings\Larry Hathcock\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12012005.Log 69.67KB
C:\Documents and Settings\Larry Hathcock\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12022005.Log 86.04KB
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.curdefs_symalllanguages_livetri.zip 2.52KB
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.jul_symalllanguages_livetri.zip 2.52KB
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.oct_symalllanguages_livetri.zip 2.52KB
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.old_symalllanguages_livetri.zip 2.57KB
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.sep_symalllanguages_livetri.zip 2.52KB
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\liveupdate_2.0_english_livetri.zip 3.33KB
C:\Program Files\Lavasoft\Ad-Aware SE Professional\defs.ref.old 0.48MB
C:\Documents and Settings\Larry Hathcock\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2005-08-07 19-09-34.txt 34.97KB
C:\Documents and Settings\Larry Hathcock\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2005-12-01 15-56-21.txt 7.06KB
C:\Documents and Settings\Larry Hathcock\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2005-12-01 16-03-48.txt 4.39KB
C:\Documents and Settings\Larry Hathcock\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2005-12-01 16-12-29.txt 30.66KB
C:\Documents and Settings\Larry Hathcock\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2005-12-02 21-03-47.txt 51.34KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BorderPanel.class-3c14a8ad-1ad32ebe.class 5.81KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BorderPanel.class-3c14a8ad-1ad32ebe.idx 286 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\click.au-7319cf46-3d69aa0b.au 1.54KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\click.au-7319cf46-3d69aa0b.idx 257 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\facade.gif-74370c38-4521b360.gif 2.15KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\facade.gif-74370c38-4521b360.idx 305 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Fader.class-2537fda5-1cda10f8.class 12.18KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Fader.class-2537fda5-1cda10f8.idx 292 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\FixFontHeadline.class-153c6e13-4660ec99.class 2.83KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\FixFontHeadline.class-153c6e13-4660ec99.idx 272 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\FixFontHeadlines.class-151d4f90-36f28b48.class 7.32KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\FixFontHeadlines.class-151d4f90-36f28b48.idx 273 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ImageCanvas.class-31d4f1c8-68d29853.class 821 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ImageCanvas.class-31d4f1c8-68d29853.idx 285 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\logo.gif-9a58a0a-46b56128.gif 1.46KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\logo.gif-9a58a0a-46b56128.idx 262 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\MD5.class-29fca593-6f7b8154.class 5.42KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\MD5.class-29fca593-6f7b8154.idx 278 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\MD5State.class-243d6746-2fc7aa77.class 644 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\MD5State.class-243d6746-2fc7aa77.idx 282 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\shallwedance2004-150.jpg-464b53ba-458fa4fd.idx 284 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\shallwedance2004-150.jpg-464b53ba-458fa4fd.jpg 8.36KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SizeablePanel.class-35cdfc5e-7d0ebce2.class 554 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SizeablePanel.class-35cdfc5e-7d0ebce2.idx 287 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\slipper.class-5c1c49bf-4b44721e.class 7.87KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\slipper.class-5c1c49bf-4b44721e.idx 272 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\speed.class-7db2195c-47ec41f9.class 8.46KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\speed.class-7db2195c-47ec41f9.idx 280 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\teamamericaworldpolice150.jpg-6bd44977-5bb10a17.idx 289 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\teamamericaworldpolice150.jpg-6bd44977-5bb10a17.jpg 5.93KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\thedustfactory150.jpg-172c19ef-2a7e6c3d.idx 281 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\thedustfactory150.jpg-172c19ef-2a7e6c3d.jpg 8.82KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0�

#6 monza

Authentic Member

Authentic Member
33 posts

Posted 19 December 2005 - 03:54 PM

continued...

C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\v51.class-77c453ee-55b1b29f.class 6.02KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\v51.class-77c453ee-55b1b29f.idx 270 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\v51Sleep.class-f644dbf-7ecf4365.class 698 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\v51Sleep.class-f644dbf-7ecf4365.idx 274 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\adcontroller.jar-5fbb3b78-1ffcd425.idx 173 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\adcontroller.jar-5fbb3b78-1ffcd425.zip 0.18MB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\download.jar-4057f6dd-4ea7f200.idx 192 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\download.jar-4057f6dd-4ea7f200.zip 2.13KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\FcPred.jar-18607d9a-1e41644c.idx 84 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\FcPred.jar-18607d9a-1e41644c.zip 13.99KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\FcPred.jar-2a25bd4b-75c775dd.idx 84 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\FcPred.jar-2a25bd4b-75c775dd.zip 14.06KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ledticker.jar-8e5f802-559b0906.idx 86 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ledticker.jar-8e5f802-559b0906.zip 30.34KB
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\REL.jar-2bd57318-29caa7c4.idx 172 bytes
C:\Documents and Settings\Larry Hathcock\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\REL.jar-2bd57318-29caa7c4.zip 72.22KB
C:\Program Files\Ewido\Security Suite\logfile.txt 984 bytes
------------------------------------------------------------------------------------------

As I mentioned, the network card is 'jacked along with the rest of the PC, so could not run Housecall. I also found no way to manually download it.

Once I rebooted to run HJT in normal mode, Ewido crashed immediately after logging in. I tried several times and it did so repeatedly. I was going to go ahead and run HJT, but I could not get a single program or window to open beside the Task Manager. The PC seemed to be even more inoperable than before running the scanners. So, I logged in under a different user than the one which seems to have the most problems. I was able to successfully run and log HJT at that point.

Here is the log. Keep in mind that this is under a different user than everything else:

Logfile of HijackThis v1.99.1
Scan saved at 12:09:34 AM, on 12/14/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
C:\Documents and Settings\All Users\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\taskmgr.exe

F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Global Startup: RealSecure® Desktop Protector.lnk = ?
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120002357368
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#7 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 29 December 2005 - 06:38 AM

Monza, I apologize for not responding but we had a clich in the network recently and I never got an email notification that you replied back. I am going to review your posts and be back to you in a bit. Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#8 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 29 December 2005 - 07:06 AM

Monza,

No need to post the reports in a quote, its just making the post wider that is hard to read. Ewido is one of the best programs out on the market and it would not harm your system in any way. If you look over the report, it got rid of a lot of garbage that you inherited from the internet. I see nothing bad on your log, not to say that something could be hidden that is causing you problems. What I would like you to do is to download and run Spy Sweeper. It will also remove bad programs and the report will show if anything that may be hidden that is not turning up with HJT. Be sure to run the 14 day free trial and not the free online scan.

Download the trial version of Spy Sweeper from Here
Scroll to the bottom of the page and intall the 4.5 trial and not the free online scan.
Install it using the Standard Install option. (You will be asked for your e-mail address,
it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C.
Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread along with a new HJT log.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#9 monza

Authentic Member

Authentic Member
33 posts

Posted 30 December 2005 - 10:38 AM

Okay, I have performed the requested operations. I also did some on my own. As I mentioned before, the network card on this PC was 'jacked along with the rest of the PC. I had no internet or LAN connections. I downloaded a winsock fix from Webroot's website. As soon as I installed this fix, the network card became operational again and the PC was not booted with the CPU at peak operation anymore. I am actually posting these logs from the 'jacked PC right now, so alot has improved. I'm not sure if it is back to tip-top condition yet, though.

That said, here is my SpySweeper log:

********
11:14 PM: | Start of Session, Thursday, December 29, 2005 |
11:14 PM: Spy Sweeper started
11:14 PM: Sweep initiated using definitions version 593
11:15 PM: Starting Memory Sweep
11:20 PM: Memory Sweep Complete, Elapsed Time: 00:05:07
11:20 PM: Starting Registry Sweep
11:20 PM: Found Adware: apropos
11:20 PM: HKLM\software\aprps\ (2 subtraces) (ID = 103741)
11:20 PM: Found Adware: bookedspace
11:20 PM: HKLM\software\configuration manager\cfgmgr52\ (357 subtraces) (ID = 104873)
11:20 PM: Found Adware: cws_analyzeie
11:20 PM: HKCR\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116873)
11:20 PM: HKLM\software\classes\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116895)
11:20 PM: Found Adware: delfin
11:20 PM: HKLM\software\laltin\ (2 subtraces) (ID = 124857)
11:20 PM: HKLM\software\vidctrl\ (3 subtraces) (ID = 124897)
11:20 PM: Found Adware: networkessentials
11:20 PM: HKLM\software\novo\ (23 subtraces) (ID = 136175)
11:20 PM: HKLM\software\np\ (2 subtraces) (ID = 136176)
11:20 PM: Found Adware: regsync
11:20 PM: HKCR\typelib\{00dc9ff2-ea77-49c7-8def-722fd81cab59}\ (9 subtraces) (ID = 139345)
11:20 PM: HKLM\software\classes\typelib\{00dc9ff2-ea77-49c7-8def-722fd81cab59}\ (9 subtraces) (ID = 139349)
11:20 PM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\regsync.exe\ (1 subtraces) (ID = 139354)
11:20 PM: Found Adware: elitemediagroup-mediamotor
11:20 PM: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (18 subtraces) (ID = 140131)
11:20 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
11:20 PM: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (18 subtraces) (ID = 140223)
11:20 PM: Found Adware: visfx
11:20 PM: HKLM\system\currentcontrolset\services\windows overlay components\ (12 subtraces) (ID = 712954)
11:20 PM: Found Adware: directrevenue-abetterinternet
11:20 PM: HKLM\software\microsoft\windows\currentversion\uninstall\bsto-1\ (7 subtraces) (ID = 746835)
11:20 PM: Found Adware: clkoptimizer
11:20 PM: HKLM\software\qstat\ (5 subtraces) (ID = 769771)
11:20 PM: Found Adware: ezula ilookup
11:20 PM: HKLM\software\microsoft\webext\ (29 subtraces) (ID = 828947)
11:20 PM: Found Adware: maxifiles
11:20 PM: HKCR\typelib\{fff24f28-3ae2-46cd-aebe-2f625133a1ca}\ (9 subtraces) (ID = 829253)
11:20 PM: HKLM\software\classes\typelib\{fff24f28-3ae2-46cd-aebe-2f625133a1ca}\ (9 subtraces) (ID = 829282)
11:20 PM: HKLM\software\qstat\ || brr (ID = 877670)
11:20 PM: Found Adware: mediamotor - popuppers
11:20 PM: HKCR\iemonitor.cbrowsers\ (3 subtraces) (ID = 960700)
11:20 PM: HKCR\iemonitor.ieevents\ (3 subtraces) (ID = 960704)
11:20 PM: HKCR\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960733)
11:20 PM: HKCR\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960748)
11:20 PM: HKLM\software\classes\iemonitor.cbrowsers\ (3 subtraces) (ID = 960762)
11:20 PM: HKLM\software\classes\iemonitor.ieevents\ (3 subtraces) (ID = 960766)
11:20 PM: HKLM\software\classes\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960795)
11:20 PM: HKLM\software\classes\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960810)
11:20 PM: Found Adware: command
11:20 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
11:20 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
11:20 PM: HKU\WRSS_Profile_S-1-5-21-1957994488-1708537768-854245398-500\software\aurora\ (18 subtraces) (ID = 360174)
11:20 PM: Found Adware: adcom
11:20 PM: HKU\WRSS_Profile_S-1-5-21-1957994488-1708537768-854245398-500\software\adcom\ (2 subtraces) (ID = 861431)
11:20 PM: Found Adware: cas
11:20 PM: HKU\WRSS_Profile_S-1-5-21-1957994488-1708537768-854245398-500\software\cas2\ (ID = 862278)
11:20 PM: Found Adware: ist software
11:20 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1006\software\ist\ (1 subtraces) (ID = 129108)
11:20 PM: Found Trojan Horse: trojan-downloader-pacisoft
11:20 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1006\software\psof1\ (2 subtraces) (ID = 136530)
11:20 PM: Found Adware: drsnsrch hijacker
11:20 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1006\software\dsrch\ (4 subtraces) (ID = 509156)
11:20 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1006\software\adcom\ (4 subtraces) (ID = 861431)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\mvu\ (5 subtraces) (ID = 124884)
11:21 PM: Found Adware: hotbar
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\hotbar\ (37 subtraces) (ID = 127565)
11:21 PM: Found Adware: drsnsrch.com hijack
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\ist\ (1 subtraces) (ID = 129108)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\updater\ (1 subtraces) (ID = 136178)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\psof1\ (29 subtraces) (ID = 136530)
11:21 PM: Found Adware: surfsidekick
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\surfsidekick3\ (2 subtraces) (ID = 143412)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\dsrch\ (11 subtraces) (ID = 509156)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\cas2\ (8 subtraces) (ID = 862278)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\director\ || baseurl (ID = 980277)
11:21 PM: Found Adware: cws_analyzeie default.home hijacker
11:21 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || start page (ID = 116863)
11:21 PM: Registry Sweep Complete, Elapsed Time:00:00:59
11:21 PM: Starting Cookie Sweep
11:21 PM: Found Spy Cookie: a cookie
11:21 PM: billy@a[2].txt (ID = 2027)
11:21 PM: Found Spy Cookie: btgrab cookie
11:21 PM: billy@btg.btgrab[2].txt (ID = 2333)
11:21 PM: Found Spy Cookie: cliks cookie
11:21 PM: billy@cliks[2].txt (ID = 2414)
11:21 PM: Found Spy Cookie: offeroptimizer cookie
11:21 PM: billy@offeroptimizer[2].txt (ID = 3087)
11:21 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:21 PM: Starting File Sweep
11:21 PM: Found Trojan Horse: 2nd-thought
11:21 PM: c:\program files\common files\slmss (2 subtraces) (ID = -2147481537)
11:21 PM: c:\windows\system32\nsvsvc (1 subtraces) (ID = -2147481119)
11:21 PM: c:\documents and settings\all users\application data\nsv (17 subtraces) (ID = -2147481136)
11:21 PM: c:\windows\system32\vidctrl (ID = -2147481117)
11:21 PM: c:\documents and settings\all users\application data\vidctrl (2 subtraces) (ID = -2147477475)
11:21 PM: c:\windows\cfgmgr52 (108 subtraces) (ID = -2147479590)
11:22 PM: system32.dll (ID = 156271)
11:22 PM: Found Adware: dealhelper
11:22 PM: rbbeoju3.xml (ID = 57652)
11:26 PM: rbbeoju.xml (ID = 57649)
11:27 PM: rbbeoju1.xml (ID = 57650)
11:27 PM: rbbeojk.xml (ID = 57646)
11:27 PM: rbbeojk2.xml (ID = 57648)
11:27 PM: Found Adware: begin2search
11:27 PM: vhe233a1.ico (ID = 51074)
11:27 PM: rbbeoju2.xml (ID = 57651)
11:28 PM: cwebpage.dll (ID = 69301)
11:29 PM: rbbeojk1.xml (ID = 57647)
11:31 PM: wmv2007.dbd (ID = 57693)
11:32 PM: x.bmp (ID = 69314)
11:34 PM: wmv1215.dbd (ID = 57687)
11:34 PM: wmv1920.dbd (ID = 57692)
11:34 PM: 538.dfn (ID = 133429)
11:34 PM: Found Adware: imgiant
11:34 PM: imgga.exe (ID = 198238)
11:35 PM: wmv0412.ddx (ID = 57682)
11:35 PM: wmv0904.ddx (ID = 57691)
11:35 PM: Found Adware: weirdontheweb
11:35 PM: weirdontheweb.url (ID = 87896)
11:35 PM: wmv0106.ddx (ID = 57679)
11:35 PM: rbbeojdk.xml (ID = 57645)
11:35 PM: wmv1909.ddx (ID = 57691)
11:35 PM: wmv0504.ddx (ID = 57682)
11:35 PM: wmv1125.ddx (ID = 57685)
11:35 PM: wmv0315.ddx (ID = 57682)
11:35 PM: wmv1204.ddx (ID = 57682)
11:35 PM: wmv0204.ddx (ID = 57682)
11:35 PM: Found Adware: ieplugin
11:35 PM: backup-20051202-162422-810.inf (ID = 63343)
11:40 PM: Found Adware: tibs dialer
11:40 PM: xxx.lnk (ID = 79520)
11:40 PM: xxx.lnk (ID = 79520)
12:01 AM: Found System Monitor: potentially rootkit-masked files
12:01 AM: dxtuni32.exe (ID = 0)
12:01 AM: atmmndis9.sys (ID = 0)
12:02 AM: Warning: Unhandled Archive Type
12:02 AM: Warning: Unhandled Archive Type
12:02 AM: Warning: Invalid Stream
12:04 AM: File Sweep Complete, Elapsed Time: 00:43:09
12:04 AM: Full Sweep has completed. Elapsed time 00:49:31
12:04 AM: Traces Found: 926
11:00 AM: Removal process initiated
11:00 AM: Quarantining All Traces: 2nd-thought
11:00 AM: Quarantining All Traces: clkoptimizer
11:00 AM: Quarantining All Traces: cws_analyzeie
11:00 AM: Quarantining All Traces: directrevenue-abetterinternet
11:00 AM: Quarantining All Traces: potentially rootkit-masked files
11:00 AM: potentially rootkit-masked files is in use. It will be removed on reboot.
11:00 AM: dxtuni32.exe is in use. It will be removed on reboot.
11:00 AM: atmmndis9.sys is in use. It will be removed on reboot.
11:00 AM: Quarantining All Traces: visfx
11:00 AM: Quarantining All Traces: apropos
11:00 AM: Quarantining All Traces: begin2search
11:00 AM: Quarantining All Traces: cas
11:00 AM: Quarantining All Traces: delfin
11:00 AM: Quarantining All Traces: hotbar
11:00 AM: Quarantining All Traces: maxifiles
11:00 AM: Quarantining All Traces: surfsidekick
11:00 AM: Quarantining All Traces: tibs dialer
11:00 AM: Quarantining All Traces: trojan-downloader-pacisoft
11:00 AM: Quarantining All Traces: adcom
11:00 AM: Quarantining All Traces: bookedspace
11:00 AM: Quarantining All Traces: command
11:00 AM: Quarantining All Traces: cws_analyzeie default.home hijacker
11:00 AM: Quarantining All Traces: dealhelper
11:00 AM: Quarantining All Traces: drsnsrch hijacker
11:00 AM: Quarantining All Traces: drsnsrch.com hijack
11:00 AM: Quarantining All Traces: elitemediagroup-mediamotor
11:00 AM: Quarantining All Traces: ezula ilookup
11:00 AM: Quarantining All Traces: ieplugin
11:00 AM: Quarantining All Traces: imgiant
11:00 AM: Quarantining All Traces: ist software
11:00 AM: Quarantining All Traces: mediamotor - popuppers
11:00 AM: Quarantining All Traces: networkessentials
11:00 AM: Quarantining All Traces: regsync
11:00 AM: Quarantining All Traces: weirdontheweb
11:00 AM: Quarantining All Traces: a cookie
11:00 AM: Quarantining All Traces: btgrab cookie
11:00 AM: Quarantining All Traces: cliks cookie
11:00 AM: Quarantining All Traces: offeroptimizer cookie
11:01 AM: Removal process completed. Elapsed time 00:01:09
11:11 AM: Processing Startup Alerts
11:11 AM: Allowed Startup entry: Mozilla Quick Launch
11:11 AM: Allowed Startup entry: MSMSGS
********
10:21 PM: | Start of Session, Thursday, December 29, 2005 |
10:21 PM: Spy Sweeper started
10:21 PM: Sweep initiated using definitions version 593
10:21 PM: Starting Memory Sweep
10:26 PM: Memory Sweep Complete, Elapsed Time: 00:04:43
10:26 PM: Starting Registry Sweep
10:26 PM: Found Adware: apropos
10:26 PM: HKLM\software\aprps\ (2 subtraces) (ID = 103741)
10:26 PM: Found Adware: bookedspace
10:26 PM: HKLM\software\configuration manager\cfgmgr52\ (357 subtraces) (ID = 104873)
10:26 PM: Found Adware: cws_analyzeie
10:26 PM: HKCR\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116873)
10:26 PM: HKLM\software\classes\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116895)
10:26 PM: Found Adware: delfin
10:26 PM: HKLM\software\laltin\ (2 subtraces) (ID = 124857)
10:26 PM: HKLM\software\vidctrl\ (3 subtraces) (ID = 124897)
10:26 PM: Found Adware: networkessentials
10:26 PM: HKLM\software\novo\ (23 subtraces) (ID = 136175)
10:26 PM: HKLM\software\np\ (2 subtraces) (ID = 136176)
10:26 PM: Found Adware: regsync
10:26 PM: HKCR\typelib\{00dc9ff2-ea77-49c7-8def-722fd81cab59}\ (9 subtraces) (ID = 139345)
10:26 PM: HKLM\software\classes\typelib\{00dc9ff2-ea77-49c7-8def-722fd81cab59}\ (9 subtraces) (ID = 139349)
10:26 PM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\regsync.exe\ (1 subtraces) (ID = 139354)
10:26 PM: Found Adware: elitemediagroup-mediamotor
10:26 PM: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (18 subtraces) (ID = 140131)
10:26 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
10:26 PM: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (18 subtraces) (ID = 140223)
********
10:20 PM: | Start of Session, Thursday, December 29, 2005 |
10:20 PM: Spy Sweeper started
10:20 PM: Sweep initiated using definitions version 593
10:20 PM: Sweep Canceled
10:20 PM: Traces Found: 0
10:21 PM: | End of Session, Thursday, December 29, 2005 |
********
10:18 PM: | Start of Session, Thursday, December 29, 2005 |
10:18 PM: Spy Sweeper started
10:18 PM: Messenger service has been disabled.
10:19 PM: Your spyware definitions have been updated.
10:20 PM: | End of Session, Thursday, December 29, 2005 |

I guess it is worth mentioning that during the first scan, while the PC was unattended, the PC apparently rebooted itself or crashed and rebooted. Whatever happened, I restarted the scan a second time and it was able to finish. There were 926 traces found remaining on the computer, even after all of the other scans performed by Ad-Aware, Symantic, Ewido, CCleaner, etc.

Here is the log from HJT taken just recently:

Logfile of HijackThis v1.99.1
Scan saved at 11:14:49 AM, on 12/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
C:\Documents and Settings\All Users\Desktop\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: RealSecure® Desktop Protector.lnk = ?
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120002357368
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Since I have internet access on this PC, I will try to go ahead and run the internet-based scanner Housecall which you previously requested I do. I will post the results, if any, of that scan when they are available. Also, if you would like for me to give you the link to the winsock fix that I installed, I would be more than happy to.

#10 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 30 December 2005 - 11:41 AM

Hiya doing Monza

Your log looks ok BUT this is why I was so persistent on you running Spysweeper. You have a Rootkit infection :rant2:

that could be the heart of your problems. A Rootkit is a malicous program that loads before the operating system loads so it goes undetected. But there is a fix for it.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix © Swandog46 from here:
Aproposfix

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

After you run the fix, run Spysweeper again just like I previously posted and paste a new Spysweeper log along with the other logs requested.

Ken

Edited by ken545, 30 December 2005 - 11:44 AM.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#11 monza

Authentic Member

Authentic Member
33 posts

Posted 30 December 2005 - 01:29 PM

Ok, I did not see any progress on the Housecall scan after an hour or so, so I continued with your requests. I ran the rootkit fix in safemode and rebooted. Then I ran HJT and SpySweeper.

Here is the log of the rootkit fix:

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\Administrator\Desktop\aproposfix

************

Registry entries found:

************

No service found!

Removing hidden folder:
No folder found!

Deleting files:

Backing up files:
Done!

Removing registry entries:

REGEDIT4

Done!

Finished!

Here is the HJT log file:

Logfile of HijackThis v1.99.1
Scan saved at 1:10:25 PM, on 12/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Documents and Settings\All Users\Desktop\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: RealSecure® Desktop Protector.lnk = ?
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120002357368
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

And here is the SpySweeper log:

********
1:11 PM: | Start of Session, Friday, December 30, 2005 |
1:11 PM: Spy Sweeper started
1:11 PM: Sweep initiated using definitions version 593
1:11 PM: Starting Memory Sweep
1:16 PM: Memory Sweep Complete, Elapsed Time: 00:04:53
1:16 PM: Starting Registry Sweep
1:16 PM: Registry Sweep Complete, Elapsed Time:00:00:25
1:16 PM: Starting Cookie Sweep
1:16 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:16 PM: Starting File Sweep
1:55 PM: File Sweep Complete, Elapsed Time: 00:38:41
1:55 PM: Full Sweep has completed. Elapsed time 00:44:13
1:55 PM: Traces Found: 0
********
11:14 PM: | Start of Session, Thursday, December 29, 2005 |
11:14 PM: Spy Sweeper started
11:14 PM: Sweep initiated using definitions version 593
11:15 PM: Starting Memory Sweep
11:20 PM: Memory Sweep Complete, Elapsed Time: 00:05:07
11:20 PM: Starting Registry Sweep
11:20 PM: Found Adware: apropos
11:20 PM: HKLM\software\aprps\ (2 subtraces) (ID = 103741)
11:20 PM: Found Adware: bookedspace
11:20 PM: HKLM\software\configuration manager\cfgmgr52\ (357 subtraces) (ID = 104873)
11:20 PM: Found Adware: cws_analyzeie
11:20 PM: HKCR\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116873)
11:20 PM: HKLM\software\classes\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116895)
11:20 PM: Found Adware: delfin
11:20 PM: HKLM\software\laltin\ (2 subtraces) (ID = 124857)
11:20 PM: HKLM\software\vidctrl\ (3 subtraces) (ID = 124897)
11:20 PM: Found Adware: networkessentials
11:20 PM: HKLM\software\novo\ (23 subtraces) (ID = 136175)
11:20 PM: HKLM\software\np\ (2 subtraces) (ID = 136176)
11:20 PM: Found Adware: regsync
11:20 PM: HKCR\typelib\{00dc9ff2-ea77-49c7-8def-722fd81cab59}\ (9 subtraces) (ID = 139345)
11:20 PM: HKLM\software\classes\typelib\{00dc9ff2-ea77-49c7-8def-722fd81cab59}\ (9 subtraces) (ID = 139349)
11:20 PM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\regsync.exe\ (1 subtraces) (ID = 139354)
11:20 PM: Found Adware: elitemediagroup-mediamotor
11:20 PM: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (18 subtraces) (ID = 140131)
11:20 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
11:20 PM: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (18 subtraces) (ID = 140223)
11:20 PM: Found Adware: visfx
11:20 PM: HKLM\system\currentcontrolset\services\windows overlay components\ (12 subtraces) (ID = 712954)
11:20 PM: Found Adware: directrevenue-abetterinternet
11:20 PM: HKLM\software\microsoft\windows\currentversion\uninstall\bsto-1\ (7 subtraces) (ID = 746835)
11:20 PM: Found Adware: clkoptimizer
11:20 PM: HKLM\software\qstat\ (5 subtraces) (ID = 769771)
11:20 PM: Found Adware: ezula ilookup
11:20 PM: HKLM\software\microsoft\webext\ (29 subtraces) (ID = 828947)
11:20 PM: Found Adware: maxifiles
11:20 PM: HKCR\typelib\{fff24f28-3ae2-46cd-aebe-2f625133a1ca}\ (9 subtraces) (ID = 829253)
11:20 PM: HKLM\software\classes\typelib\{fff24f28-3ae2-46cd-aebe-2f625133a1ca}\ (9 subtraces) (ID = 829282)
11:20 PM: HKLM\software\qstat\ || brr (ID = 877670)
11:20 PM: Found Adware: mediamotor - popuppers
11:20 PM: HKCR\iemonitor.cbrowsers\ (3 subtraces) (ID = 960700)
11:20 PM: HKCR\iemonitor.ieevents\ (3 subtraces) (ID = 960704)
11:20 PM: HKCR\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960733)
11:20 PM: HKCR\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960748)
11:20 PM: HKLM\software\classes\iemonitor.cbrowsers\ (3 subtraces) (ID = 960762)
11:20 PM: HKLM\software\classes\iemonitor.ieevents\ (3 subtraces) (ID = 960766)
11:20 PM: HKLM\software\classes\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960795)
11:20 PM: HKLM\software\classes\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960810)
11:20 PM: Found Adware: command
11:20 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
11:20 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
11:20 PM: HKU\WRSS_Profile_S-1-5-21-1957994488-1708537768-854245398-500\software\aurora\ (18 subtraces) (ID = 360174)
11:20 PM: Found Adware: adcom
11:20 PM: HKU\WRSS_Profile_S-1-5-21-1957994488-1708537768-854245398-500\software\adcom\ (2 subtraces) (ID = 861431)
11:20 PM: Found Adware: cas
11:20 PM: HKU\WRSS_Profile_S-1-5-21-1957994488-1708537768-854245398-500\software\cas2\ (ID = 862278)
11:20 PM: Found Adware: ist software
11:20 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1006\software\ist\ (1 subtraces) (ID = 129108)
11:20 PM: Found Trojan Horse: trojan-downloader-pacisoft
11:20 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1006\software\psof1\ (2 subtraces) (ID = 136530)
11:20 PM: Found Adware: drsnsrch hijacker
11:20 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1006\software\dsrch\ (4 subtraces) (ID = 509156)
11:20 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1006\software\adcom\ (4 subtraces) (ID = 861431)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\mvu\ (5 subtraces) (ID = 124884)
11:21 PM: Found Adware: hotbar
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\hotbar\ (37 subtraces) (ID = 127565)
11:21 PM: Found Adware: drsnsrch.com hijack
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\ist\ (1 subtraces) (ID = 129108)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\updater\ (1 subtraces) (ID = 136178)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\psof1\ (29 subtraces) (ID = 136530)
11:21 PM: Found Adware: surfsidekick
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\surfsidekick3\ (2 subtraces) (ID = 143412)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\dsrch\ (11 subtraces) (ID = 509156)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\cas2\ (8 subtraces) (ID = 862278)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\director\ || baseurl (ID = 980277)
11:21 PM: Found Adware: cws_analyzeie default.home hijacker
11:21 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || start page (ID = 116863)
11:21 PM: Registry Sweep Complete, Elapsed Time:00:00:59
11:21 PM: Starting Cookie Sweep
11:21 PM: Found Spy Cookie: a cookie
11:21 PM: billy@a[2].txt (ID = 2027)
11:21 PM: Found Spy Cookie: btgrab cookie
11:21 PM: billy@btg.btgrab[2].txt (ID = 2333)
11:21 PM: Found Spy Cookie: cliks cookie
11:21 PM: billy@cliks[2].txt (ID = 2414)
11:21 PM: Found Spy Cookie: offeroptimizer cookie
11:21 PM: billy@offeroptimizer[2].txt (ID = 3087)
11:21 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:21 PM: Starting File Sweep
11:21 PM: Found Trojan Horse: 2nd-thought
11:21 PM: c:\program files\common files\slmss (2 subtraces) (ID = -2147481537)
11:21 PM: c:\windows\system32\nsvsvc (1 subtraces) (ID = -2147481119)
11:21 PM: c:\documents and settings\all users\application data\nsv (17 subtraces) (ID = -2147481136)
11:21 PM: c:\windows\system32\vidctrl (ID = -2147481117)
11:21 PM: c:\documents and settings\all users\application data\vidctrl (2 subtraces) (ID = -2147477475)
11:21 PM: c:\windows\cfgmgr52 (108 subtraces) (ID = -2147479590)
11:22 PM: system32.dll (ID = 156271)
11:22 PM: Found Adware: dealhelper
11:22 PM: rbbeoju3.xml (ID = 57652)
11:26 PM: rbbeoju.xml (ID = 57649)
11:27 PM: rbbeoju1.xml (ID = 57650)
11:27 PM: rbbeojk.xml (ID = 57646)
11:27 PM: rbbeojk2.xml (ID = 57648)
11:27 PM: Found Adware: begin2search
11:27 PM: vhe233a1.ico (ID = 51074)
11:27 PM: rbbeoju2.xml (ID = 57651)
11:28 PM: cwebpage.dll (ID = 69301)
11:29 PM: rbbeojk1.xml (ID = 57647)
11:31 PM: wmv2007.dbd (ID = 57693)
11:32 PM: x.bmp (ID = 69314)
11:34 PM: wmv1215.dbd (ID = 57687)
11:34 PM: wmv1920.dbd (ID = 57692)
11:34 PM: 538.dfn (ID = 133429)
11:34 PM: Found Adware: imgiant
11:34 PM: imgga.exe (ID = 198238)
11:35 PM: wmv0412.ddx (ID = 57682)
11:35 PM: wmv0904.ddx (ID = 57691)
11:35 PM: Found Adware: weirdontheweb
11:35 PM: weirdontheweb.url (ID = 87896)
11:35 PM: wmv0106.ddx (ID = 57679)
11:35 PM: rbbeojdk.xml (ID = 57645)
11:35 PM: wmv1909.ddx (ID = 57691)
11:35 PM: wmv0504.ddx (ID = 57682)
11:35 PM: wmv1125.ddx (ID = 57685)
11:35 PM: wmv0315.ddx (ID = 57682)
11:35 PM: wmv1204.ddx (ID = 57682)
11:35 PM: wmv0204.ddx (ID = 57682)
11:35 PM: Found Adware: ieplugin
11:35 PM: backup-20051202-162422-810.inf (ID = 63343)
11:40 PM: Found Adware: tibs dialer
11:40 PM: xxx.lnk (ID = 79520)
11:40 PM: xxx.lnk (ID = 79520)
12:01 AM: Found System Monitor: potentially rootkit-masked files
12:01 AM: dxtuni32.exe (ID = 0)
12:01 AM: atmmndis9.sys (ID = 0)
12:02 AM: Warning: Unhandled Archive Type
12:02 AM: Warning: Unhandled Archive Type
12:02 AM: Warning: Invalid Stream
12:04 AM: File Sweep Complete, Elapsed Time: 00:43:09
12:04 AM: Full Sweep has completed. Elapsed time 00:49:31
12:04 AM: Traces Found: 926
11:00 AM: Removal process initiated
11:00 AM: Quarantining All Traces: 2nd-thought
11:00 AM: Quarantining All Traces: clkoptimizer
11:00 AM: Quarantining All Traces: cws_analyzeie
11:00 AM: Quarantining All Traces: directrevenue-abetterinternet
11:00 AM: Quarantining All Traces: potentially rootkit-masked files
11:00 AM: potentially rootkit-masked files is in use. It will be removed on reboot.
11:00 AM: dxtuni32.exe is in use. It will be removed on reboot.
11:00 AM: atmmndis9.sys is in use. It will be removed on reboot.
11:00 AM: Quarantining All Traces: visfx
11:00 AM: Quarantining All Traces: apropos
11:00 AM: Quarantining All Traces: begin2search
11:00 AM: Quarantining All Traces: cas
11:00 AM: Quarantining All Traces: delfin
11:00 AM: Quarantining All Traces: hotbar
11:00 AM: Quarantining All Traces: maxifiles
11:00 AM: Quarantining All Traces: surfsidekick
11:00 AM: Quarantining All Traces: tibs dialer
11:00 AM: Quarantining All Traces: trojan-downloader-pacisoft
11:00 AM: Quarantining All Traces: adcom
11:00 AM: Quarantining All Traces: bookedspace
11:00 AM: Quarantining All Traces: command
11:00 AM: Quarantining All Traces: cws_analyzeie default.home hijacker
11:00 AM: Quarantining All Traces: dealhelper
11:00 AM: Quarantining All Traces: drsnsrch hijacker
11:00 AM: Quarantining All Traces: drsnsrch.com hijack
11:00 AM: Quarantining All Traces: elitemediagroup-mediamotor
11:00 AM: Quarantining All Traces: ezula ilookup
11:00 AM: Quarantining All Traces: ieplugin
11:00 AM: Quarantining All Traces: imgiant
11:00 AM: Quarantining All Traces: ist software
11:00 AM: Quarantining All Traces: mediamotor - popuppers
11:00 AM: Quarantining All Traces: networkessentials
11:00 AM: Quarantining All Traces: regsync
11:00 AM: Quarantining All Traces: weirdontheweb
11:00 AM: Quarantining All Traces: a cookie
11:00 AM: Quarantining All Traces: btgrab cookie
11:00 AM: Quarantining All Traces: cliks cookie
11:00 AM: Quarantining All Traces: offeroptimizer cookie
11:01 AM: Removal process completed. Elapsed time 00:01:09
11:11 AM: Processing Startup Alerts
11:11 AM: Allowed Startup entry: Mozilla Quick Launch
11:11 AM: Allowed Startup entry: MSMSGS
********
10:21 PM: | Start of Session, Thursday, December 29, 2005 |
10:21 PM: Spy Sweeper started
10:21 PM: Sweep initiated using definitions version 593
10:21 PM: Starting Memory Sweep
10:26 PM: Memory Sweep Complete, Elapsed Time: 00:04:43
10:26 PM: Starting Registry Sweep
10:26 PM: Found Adware: apropos
10:26 PM: HKLM\software\aprps\ (2 subtraces) (ID = 103741)
10:26 PM: Found Adware: bookedspace
10:26 PM: HKLM\software\configuration manager\cfgmgr52\ (357 subtraces) (ID = 104873)
10:26 PM: Found Adware: cws_analyzeie
10:26 PM: HKCR\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116873)
10:26 PM: HKLM\software\classes\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116895)
10:26 PM: Found Adware: delfin
10:26 PM: HKLM\software\laltin\ (2 subtraces) (ID = 124857)
10:26 PM: HKLM\software\vidctrl\ (3 subtraces) (ID = 124897)
10:26 PM: Found Adware: networkessentials
10:26 PM: HKLM\software\novo\ (23 subtraces) (ID = 136175)
10:26 PM: HKLM\software\np\ (2 subtraces) (ID = 136176)
10:26 PM: Found Adware: regsync
10:26 PM: HKCR\typelib\{00dc9ff2-ea77-49c7-8def-722fd81cab59}\ (9 subtraces) (ID = 139345)
10:26 PM: HKLM\software\classes\typelib\{00dc9ff2-ea77-49c7-8def-722fd81cab59}\ (9 subtraces) (ID = 139349)
10:26 PM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\regsync.exe\ (1 subtraces) (ID = 139354)
10:26 PM: Found Adware: elitemediagroup-mediamotor
10:26 PM: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (18 subtraces) (ID = 140131)
10:26 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
10:26 PM: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (18 subtraces) (ID = 140223)
********
10:20 PM: | Start of Session, Thursday, December 29, 2005 |
10:20 PM: Spy Sweeper started
10:20 PM: Sweep initiated using definitions version 593
10:20 PM: Sweep Canceled
10:20 PM: Traces Found: 0
10:21 PM: | End of Session, Thursday, December 29, 2005 |
********
10:18 PM: | Start of Session, Thursday, December 29, 2005 |
10:18 PM: Spy Sweeper started
10:18 PM: Messenger service has been disabled.
10:19 PM: Your spyware definitions have been updated.
10:20 PM: | End of Session, Thursday, December 29, 2005 |

#12 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 30 December 2005 - 01:53 PM

monza,

We may be getting a false positive here, don't know. The Aprosos fix is picking up nothing yet Spysweeper still shows it as present.

Lets run this tool that will check your system for Rootkits, just follow the defauts and post the results.

http://www.majorgeek...aler_d4652.html

Then open up Spysweeper and go into the Quarintine folder and delete everything in there. Then run another scan with SS and post the log.

So post a new HJT log, the log from SS and the log from Rootkit Revealer.

Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#13 monza

Authentic Member

Authentic Member
33 posts

Posted 30 December 2005 - 11:04 PM

I downloaded and ran the rootkit revealer, but everytime I run it and it completes, Windows locks up. It is only freed once I shutdown the rootkit revealer. The last time I ran it, I was able to save almost all of the log before it crashed. Even in its partial form, it is still too long to post in one post, so I will post it in several.

Here it goess:

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\100.ucl 8/10/2004 7:34 AM 6.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\101.ucl 8/10/2004 7:34 AM 6.61 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\102.ucl 8/10/2004 7:34 AM 6.83 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\103.ucl 8/10/2004 7:34 AM 7.79 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\104.ucl 8/10/2004 7:34 AM 6.72 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\105.ucl 8/10/2004 7:34 AM 6.72 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\106.ucl 8/10/2004 7:34 AM 7.02 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\113.ucl 8/10/2004 7:34 AM 6.64 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\114.ucl 8/10/2004 7:34 AM 6.61 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\115.ucl 8/10/2004 7:34 AM 6.77 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\125.ucl 8/10/2004 7:34 AM 6.50 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\126.ucl 8/10/2004 7:34 AM 6.60 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\127.ucl 8/10/2004 7:34 AM 6.60 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\129.ucl 8/10/2004 7:34 AM 6.72 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\130.ucl 8/10/2004 7:34 AM 6.62 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\132.ucl 8/10/2004 7:34 AM 7.18 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\133.ucl 8/10/2004 7:34 AM 7.28 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\135.ucl 8/10/2004 7:34 AM 8.87 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\136.ucl 8/10/2004 7:34 AM 9.43 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\138.ucl 8/10/2004 7:34 AM 6.50 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\139.ucl 8/10/2004 7:34 AM 6.03 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\140.ucl 8/10/2004 7:34 AM 6.03 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\142.ucl 8/10/2004 7:34 AM 6.72 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\143.ucl 8/10/2004 7:34 AM 6.61 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\144.ucl 8/10/2004 7:34 AM 6.64 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\145.ucl 8/10/2004 7:34 AM 6.77 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\146.ucl 8/10/2004 7:34 AM 6.81 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\147.ucl 8/10/2004 7:34 AM 6.94 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\149.ucl 8/10/2004 7:34 AM 6.77 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\150.ucl 8/10/2004 7:34 AM 6.61 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\151.ucl 8/10/2004 7:34 AM 6.64 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\153.ucl 8/10/2004 7:34 AM 6.77 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\154.ucl 8/10/2004 7:34 AM 6.61 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\155.ucl 8/10/2004 7:34 AM 6.64 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\156.ucl 8/10/2004 7:34 AM 6.77 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\158.ucl 8/10/2004 7:34 AM 6.61 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\159.ucl 8/10/2004 7:34 AM 6.76 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\161.ucl 8/10/2004 7:34 AM 7.07 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\162.ucl 8/10/2004 7:34 AM 6.95 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\163.ucl 8/10/2004 7:34 AM 7.46 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\165.ucl 8/10/2004 7:34 AM 6.72 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\166.ucl 8/10/2004 7:34 AM 6.58 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\167.ucl 8/10/2004 7:34 AM 6.57 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\168.ucl 8/10/2004 7:34 AM 6.63 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\170.ucl 8/10/2004 7:34 AM 6.75 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\171.ucl 8/10/2004 7:34 AM 6.65 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\175.ucl 8/10/2004 7:34 AM 6.57 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\176.ucl 8/10/2004 7:34 AM 6.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\177.ucl 8/10/2004 7:34 AM 6.75 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\179.ucl 8/10/2004 7:34 AM 6.61 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\180.ucl 8/10/2004 7:34 AM 6.73 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\181.ucl 8/10/2004 7:34 AM 6.64 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\183.ucl 8/10/2004 7:34 AM 7.01 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\184.ucl 8/10/2004 7:34 AM 6.23 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\185.ucl 8/10/2004 7:34 AM 6.31 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\187.ucl 8/10/2004 7:34 AM 6.50 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\188.ucl 8/10/2004 7:34 AM 6.60 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\189.ucl 8/10/2004 7:34 AM 6.60 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\191.ucl 8/10/2004 7:34 AM 6.69 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\192.ucl 8/10/2004 7:34 AM 6.60 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\193.ucl 8/10/2004 7:34 AM 6.60 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\196.ucl 8/10/2004 7:34 AM 6.01 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\197.ucl 8/10/2004 7:34 AM 6.01 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\198.ucl 8/10/2004 7:34 AM 6.63 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\199.ucl 8/10/2004 7:34 AM 7.25 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\200.ucl 8/10/2004 7:34 AM 6.06 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\201.ucl 8/10/2004 7:34 AM 7.20 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\202.ucl 8/10/2004 7:34 AM 6.75 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\204.ucl 8/10/2004 7:34 AM 6.60 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\205.ucl 8/10/2004 7:34 AM 6.60 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\207.ucl 8/10/2004 7:34 AM 7.01 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\208.ucl 8/10/2004 7:34 AM 6.72 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\209.ucl 8/10/2004 7:34 AM 6.72 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\211.ucl 8/10/2004 7:34 AM 7.01 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\212.ucl 8/10/2004 7:34 AM 6.16 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\213.ucl 8/10/2004 7:34 AM 6.16 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\215.ucl 8/10/2004 7:34 AM 6.65 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\216.ucl 8/10/2004 7:34 AM 6.72 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\217.ucl 8/10/2004 7:34 AM 6.72 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\219.ucl 8/10/2004 7:34 AM 7.88 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\220.ucl 8/10/2004 7:34 AM 7.31 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\221.ucl 8/10/2004 7:34 AM 8.43 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\223.ucl 8/10/2004 7:34 AM 6.96 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\224.ucl 8/10/2004 7:34 AM 7.31 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\225.ucl 8/10/2004 7:34 AM 7.87 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\227.ucl 8/10/2004 7:34 AM 6.91 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\228.ucl 8/10/2004 7:34 AM 6.84 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\229.ucl 8/10/2004 7:34 AM 6.84 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\233.ucl 8/10/2004 7:34 AM 6.77 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\234.ucl 8/10/2004 7:34 AM 6.77 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\235.ucl 8/10/2004 7:34 AM 6.69 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\236.ucl 8/10/2004 7:34 AM 6.61 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\237.ucl 8/10/2004 7:34 AM 6.61 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\238.ucl 8/10/2004 7:34 AM 6.64 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\239.ucl 8/10/2004 7:34 AM 6.64 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\241.ucl 8/10/2004 7:34 AM 6.60 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\243.ucl 8/10/2004 7:34 AM 6.32 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\244.ucl 8/10/2004 7:34 AM 7.45 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\245.ucl 8/10/2004 7:34 AM 7.46 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\246.ucl 8/10/2004 7:34 AM 6.72 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\247.ucl 8/10/2004 7:34 AM 7.06 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\259.ucl 8/10/2004 7:34 AM 6.50 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\260.ucl 8/10/2004 7:34 AM 6.50 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\3099.ucl 8/10/2004 7:34 AM 6.82 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\3100.ucl 8/10/2004 7:34 AM 6.94 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\3101.ucl 8/10/2004 7:34 AM 6.62 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\321.ucl 8/10/2004 7:34 AM 6.48 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\322.ucl 8/10/2004 7:34 AM 6.49 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\323.ucl 8/10/2004 7:34 AM 6.49 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\324.ucl 8/10/2004 7:34 AM 6.37 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\325.ucl 8/10/2004 7:34 AM 6.69 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\326.ucl 8/10/2004 7:34 AM 6.67 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\327.ucl 8/10/2004 7:34 AM 6.70 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\328.ucl 8/10/2004 7:34 AM 6.48 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\329.ucl 8/10/2004 7:34 AM 6.45 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\330.ucl 8/10/2004 7:34 AM 6.75 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\331.ucl 8/10/2004 7:34 AM 6.75 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\332.ucl 8/10/2004 7:34 AM 6.64 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\333.ucl 8/10/2004 7:34 AM 6.76 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\334.ucl 8/10/2004 7:34 AM 6.63 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\335.ucl 8/10/2004 7:34 AM 6.46 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\336.ucl 8/10/2004 7:34 AM 6.75 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\337.ucl 8/10/2004 7:34 AM 6.46 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\338.ucl 8/10/2004 7:34 AM 6.75 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\339.ucl 8/10/2004 7:34 AM 6.50 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\340.ucl 8/10/2004 7:34 AM 6.84 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\341.ucl 8/10/2004 7:34 AM 6.50 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\342.ucl 8/10/2004 7:34 AM 6.50 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\343.ucl 8/10/2004 7:34 AM 6.50 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\344.ucl 8/10/2004 7:34 AM 6.50 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\345.ucl 8/10/2004 7:34 AM 6.50 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\346.ucl 8/10/2004 7:34 AM 6.50 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\347.ucl 8/10/2004 7:34 AM 6.50 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\3511.ucl 8/10/2004 7:34 AM 6.88 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\3514.ucl 8/10/2004 7:34 AM 6.99 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\3518.ucl 8/10/2004 7:34 AM 6.95 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\3521.ucl 8/10/2004 7:34 AM 7.07 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\3524.ucl 8/10/2004 7:34 AM 7.06 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\3527.ucl 8/10/2004 7:34 AM 7.44 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\3530.ucl 8/10/2004 7:34 AM 6.84 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\3534.ucl 8/10/2004 7:34 AM 6.88 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\3537.ucl 8/10/2004 7:34 AM 6.99 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\356.ucl 8/10/2004 7:34 AM 6.92 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\357.ucl 8/10/2004 7:34 AM 6.24 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\358.ucl 8/10/2004 7:34 AM 7.70 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\3660.ucl 8/10/2004 7:34 AM 6.88 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\3663.ucl 8/10/2004 7:34 AM 6.99 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\3666.ucl 8/10/2004 7:34 AM 6.99 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\3670.ucl 8/10/2004 7:34 AM 6.88 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\4165.ucl 8/10/2004 7:34 AM 7.45 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\4169.ucl 8/10/2004 7:34 AM 6.20 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\4173.ucl 8/10/2004 7:34 AM 7.46 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\4182.ucl 8/10/2004 7:34 AM 6.74 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\4186.ucl 8/10/2004 7:34 AM 6.63 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\430.ucl 8/10/2004 7:34 AM 6.91 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\431.ucl 8/10/2004 7:34 AM 6.94 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\432.ucl 8/10/2004 7:34 AM 6.94 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\434.ucl 8/10/2004 7:34 AM 6.94 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\435.ucl 8/10/2004 7:34 AM 6.73 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\437.ucl 8/10/2004 7:34 AM 6.79 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\438.ucl 8/10/2004 7:34 AM 6.79 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\439.ucl 8/10/2004 7:34 AM 6.82 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\441.ucl 8/10/2004 7:34 AM 6.74 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\442.ucl 8/10/2004 7:34 AM 6.93 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\443.ucl 8/10/2004 7:34 AM 6.73 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\444.ucl 8/10/2004 7:34 AM 6.76 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\445.ucl 8/10/2004 7:34 AM 6.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\446.ucl 8/10/2004 7:34 AM 6.74 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\448.ucl 8/10/2004 7:34 AM 6.74 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\468.ucl 8/10/2004 7:34 AM 6.82 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\469.ucl 8/10/2004 7:34 AM 6.94 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\470.ucl 8/10/2004 7:34 AM 6.56 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\4708.ucl 8/10/2004 7:34 AM 6.66 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\471.ucl 8/10/2004 7:34 AM 6.82 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\4718.ucl 8/10/2004 7:34 AM 6.78 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\472.ucl 8/10/2004 7:34 AM 6.94 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\474.ucl 8/10/2004 7:34 AM 6.45 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\476.ucl 8/10/2004 7:34 AM 6.63 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\477.ucl 8/10/2004 7:34 AM 6.75 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\478.ucl 8/10/2004 7:34 AM 6.52 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\84.ucl 8/10/2004 7:34 AM 6.60 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\96.ucl 8/10/2004 7:34 AM 6.78 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\97.ucl 8/10/2004 7:34 AM 6.76 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\98.ucl 8/10/2004 7:34 AM 6.76 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\99.ucl 8/10/2004 7:34 AM 6.47 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\Config\channel.cfg 8/10/2004 7:34 AM 1.24 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180000.VBN 12/1/2005 11:27 AM 17.60 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180001.VBN 12/1/2005 11:27 AM 17.60 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180002.VBN 12/1/2005 11:28 AM 4.95 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180003.VBN 12/1/2005 11:28 AM 4.95 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180004.VBN 12/1/2005 11:28 AM 4.93 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180005.VBN 12/1/2005 11:28 AM 4.93 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180006.VBN 12/1/2005 11:28 AM 4.90 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180007.VBN 12/1/2005 11:28 AM 4.90 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180008.VBN 12/1/2005 11:28 AM 4.95 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180009.VBN 12/1/2005 11:28 AM 4.95 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0118000A.VBN 12/1/2005 11:28 AM 4.95 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0118000B.VBN 12/1/2005 11:28 AM 4.95 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0118000C.VBN 12/1/2005 11:28 AM 4.90 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0118000D.VBN 12/1/2005 11:28 AM 4.90 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0118000E.VBN 12/1/2005 11:28 AM 419.82 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0118000F.VBN 12/1/2005 11:28 AM 419.82 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180010.VBN 12/1/2005 11:29 AM 4.93 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180011.VBN 12/1/2005 11:29 AM 4.93 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180012.VBN 12/1/2005 11:29 AM 4.93 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180013.VBN 12/1/2005 11:29 AM 4.93 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180014.VBN 12/1/2005 11:40 AM 140.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180015.VBN 12/1/2005 11:40 AM 140.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180016.VBN 12/1/2005 11:58 AM 14.81 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180017.VBN 12/1/2005 11:58 AM 14.81 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180018.VBN 12/1/2005 12:10 PM 8.24 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180019.VBN 12/1/2005 12:10 PM 8.24 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0118001A.VBN 12/1/2005 12:13 PM 4.62 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0118001B.VBN 12/1/2005 12:13 PM 4.62 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E00000.VBN 10/26/2005 7:38 AM 6.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E00001.VBN 10/26/2005 7:38 AM 139.10 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E00002.VBN 10/26/2005 7:38 AM 131.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E00003.VBN 10/26/2005 7:38 AM 135.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E00004.VBN 10/26/2005 7:39 AM 287.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E00005.VBN 10/26/2005 7:39 AM 6.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02000000.VBN 12/2/2005 9:42 PM 71.90 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02000001.VBN 12/2/2005 9:43 PM 276.03 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02000002.VBN 12/2/2005 10:42 PM 1.89 MB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02600000.VBN 10/26/2005 8:43 AM 6.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02600001.VBN 10/26/2005 8:43 AM 139.10 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02600002.VBN 10/26/2005 8:43 AM 112.09 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C00000.VBN 9/30/2005 2:34 PM 85.09 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C00001.VBN 9/30/2005 2:35 PM 17.60 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C00002.VBN 9/30/2005 2:35 PM 120.09 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C00003.VBN 9/30/2005 2:35 PM 6.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C00004.VBN 9/30/2005 2:37 PM 3.78 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C00005.VBN 9/30/2005 2:50 PM 18.09 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C00006.VBN 9/30/2005 2:53 PM 227.09 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C00007.VBN 9/30/2005 2:54 PM 14.91 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C00008.VBN 9/30/2005 2:54 PM 14.91 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C00009.VBN 9/30/2005 2:54 PM 14.91 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C0000A.VBN 9/30/2005 2:54 PM 14.91 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C0000B.VBN 9/30/2005 2:54 PM 14.91 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C0000C.VBN 9/30/2005 2:54 PM 14.91 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C0000D.VBN 9/30/2005 2:54 PM 14.91 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C0000E.VBN 9/30/2005 2:54 PM 14.91 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C0000F.VBN 9/30/2005 2:54 PM 14.91 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C00010.VBN 9/30/2005 2:55 PM 17.10 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\043C0000.VBN 10/26/2005 8:56 AM 6.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\043C0001.VBN 10/26/2005 8:56 AM 139.10 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05980000.VBN 11/29/2005 2:37 PM 14.91 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05980001.VBN 11/29/2005 2:49 PM 139.10 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05980002.VBN 11/29/2005 3:07 PM 14.91 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05980003.VBN 11/29/2005 3:34 PM 14.91 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\059C0000.VBN 11/29/2005 2:19 PM 31.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\059C0001.VBN 11/29/2005 2:19 PM 6.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\059C0002.VBN 11/29/2005 2:19 PM 18.09 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\059C0003.VBN 11/29/2005 2:19 PM 139.10 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\059C0004.VBN 11/29/2005 2:19 PM 154.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\059C0005.VBN 11/29/2005 2:19 PM 6.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\059C0006.VBN 11/29/2005 2:19 PM 16.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\059C0007.VBN 11/29/2005 2:19 PM 154.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\059C0008.VBN 11/29/2005 2:19 PM 6.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\059C0009.VBN 11/29/2005 2:19 PM 14.91 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\059C000A.VBN 11/29/2005 2:19 PM 14.91 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\059C000B.VBN 11/29/2005 2:19 PM 22.09 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\059C000C.VBN 11/29/2005 2:19 PM 91.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\059C000D.VBN 11/29/2005 2:19 PM 99.09 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\059C000E.VBN 11/29/2005 2:19 PM 131.59 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\059C000F.VBN 11/29/2005 2:19 PM 24.09 KB Vis

#14 monza

Authentic Member

Authentic Member
33 posts

Posted 30 December 2005 - 11:09 PM

Ok, nevermind. I can't post the Rootkit Revealer log here. It is too long. It is nearly 600,000 characters long. I think that may be why it was cut off by notepad. I will have to email it to you.

Here is my new SS log:

********
10:55 PM: | Start of Session, Friday, December 30, 2005 |
10:55 PM: Spy Sweeper started
10:55 PM: Sweep initiated using definitions version 594
10:55 PM: Starting Memory Sweep
11:00 PM: Memory Sweep Complete, Elapsed Time: 00:05:03
11:00 PM: Starting Registry Sweep
11:00 PM: Registry Sweep Complete, Elapsed Time:00:00:25
11:00 PM: Starting Cookie Sweep
11:00 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:00 PM: Starting File Sweep
11:40 PM: File Sweep Complete, Elapsed Time: 00:40:00
11:40 PM: Full Sweep has completed. Elapsed time 00:45:36
11:40 PM: Traces Found: 0
********
1:11 PM: | Start of Session, Friday, December 30, 2005 |
1:11 PM: Spy Sweeper started
1:11 PM: Sweep initiated using definitions version 593
1:11 PM: Starting Memory Sweep
1:16 PM: Memory Sweep Complete, Elapsed Time: 00:04:53
1:16 PM: Starting Registry Sweep
1:16 PM: Registry Sweep Complete, Elapsed Time:00:00:25
1:16 PM: Starting Cookie Sweep
1:16 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:16 PM: Starting File Sweep
1:55 PM: File Sweep Complete, Elapsed Time: 00:38:41
1:55 PM: Full Sweep has completed. Elapsed time 00:44:13
1:55 PM: Traces Found: 0
2:45 PM: BHO Shield: found: -- BHO installation allowed at user request
2:45 PM: Processing Startup Alerts
2:45 PM: Allowed Startup entry: SunJavaUpdateSched
10:20 PM: Your spyware definitions have been updated.
10:54 PM: BHO Shield: found: ssv.dll-- BHO installation allowed at user request
10:54 PM: Processing Startup Alerts
10:54 PM: Allowed Startup entry: SunJavaUpdateSched
10:54 PM: Deletion from quarantine initiated
10:54 PM: Processing: 2nd-thought
10:54 PM: Processing: a cookie
10:54 PM: Processing: adcom
10:54 PM: Processing: apropos
10:54 PM: Processing: begin2search
10:54 PM: Processing: bookedspace
10:54 PM: Processing: btgrab cookie
10:54 PM: Processing: cas
10:54 PM: Processing: cliks cookie
10:54 PM: Processing: clkoptimizer
10:54 PM: Processing: command
10:54 PM: Processing: cws_analyzeie
10:54 PM: Processing: cws_analyzeie default.home hijacker
10:54 PM: Processing: dealhelper
10:54 PM: Processing: delfin
10:54 PM: Processing: directrevenue-abetterinternet
10:54 PM: Processing: drsnsrch hijacker
10:54 PM: Processing: drsnsrch.com hijack
10:54 PM: Processing: elitemediagroup-mediamotor
10:54 PM: Processing: ezula ilookup
10:54 PM: Processing: hotbar
10:54 PM: Processing: ieplugin
10:54 PM: Processing: imgiant
10:54 PM: Processing: ist software
10:54 PM: Processing: maxifiles
10:54 PM: Processing: mediamotor - popuppers
10:54 PM: Processing: networkessentials
10:54 PM: Processing: offeroptimizer cookie
10:54 PM: Processing: potentially rootkit-masked files
10:54 PM: Processing: regsync
10:54 PM: Processing: surfsidekick
10:54 PM: Processing: tibs dialer
10:54 PM: Processing: trojan-downloader-pacisoft
10:54 PM: Processing: visfx
10:54 PM: Processing: weirdontheweb
10:54 PM: Deletion from quarantine completed. Elapsed time 00:00:05
10:55 PM: | End of Session, Friday, December 30, 2005 |
********
11:14 PM: | Start of Session, Thursday, December 29, 2005 |
11:14 PM: Spy Sweeper started
11:14 PM: Sweep initiated using definitions version 593
11:15 PM: Starting Memory Sweep
11:20 PM: Memory Sweep Complete, Elapsed Time: 00:05:07
11:20 PM: Starting Registry Sweep
11:20 PM: Found Adware: apropos
11:20 PM: HKLM\software\aprps\ (2 subtraces) (ID = 103741)
11:20 PM: Found Adware: bookedspace
11:20 PM: HKLM\software\configuration manager\cfgmgr52\ (357 subtraces) (ID = 104873)
11:20 PM: Found Adware: cws_analyzeie
11:20 PM: HKCR\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116873)
11:20 PM: HKLM\software\classes\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116895)
11:20 PM: Found Adware: delfin
11:20 PM: HKLM\software\laltin\ (2 subtraces) (ID = 124857)
11:20 PM: HKLM\software\vidctrl\ (3 subtraces) (ID = 124897)
11:20 PM: Found Adware: networkessentials
11:20 PM: HKLM\software\novo\ (23 subtraces) (ID = 136175)
11:20 PM: HKLM\software\np\ (2 subtraces) (ID = 136176)
11:20 PM: Found Adware: regsync
11:20 PM: HKCR\typelib\{00dc9ff2-ea77-49c7-8def-722fd81cab59}\ (9 subtraces) (ID = 139345)
11:20 PM: HKLM\software\classes\typelib\{00dc9ff2-ea77-49c7-8def-722fd81cab59}\ (9 subtraces) (ID = 139349)
11:20 PM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\regsync.exe\ (1 subtraces) (ID = 139354)
11:20 PM: Found Adware: elitemediagroup-mediamotor
11:20 PM: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (18 subtraces) (ID = 140131)
11:20 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
11:20 PM: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (18 subtraces) (ID = 140223)
11:20 PM: Found Adware: visfx
11:20 PM: HKLM\system\currentcontrolset\services\windows overlay components\ (12 subtraces) (ID = 712954)
11:20 PM: Found Adware: directrevenue-abetterinternet
11:20 PM: HKLM\software\microsoft\windows\currentversion\uninstall\bsto-1\ (7 subtraces) (ID = 746835)
11:20 PM: Found Adware: clkoptimizer
11:20 PM: HKLM\software\qstat\ (5 subtraces) (ID = 769771)
11:20 PM: Found Adware: ezula ilookup
11:20 PM: HKLM\software\microsoft\webext\ (29 subtraces) (ID = 828947)
11:20 PM: Found Adware: maxifiles
11:20 PM: HKCR\typelib\{fff24f28-3ae2-46cd-aebe-2f625133a1ca}\ (9 subtraces) (ID = 829253)
11:20 PM: HKLM\software\classes\typelib\{fff24f28-3ae2-46cd-aebe-2f625133a1ca}\ (9 subtraces) (ID = 829282)
11:20 PM: HKLM\software\qstat\ || brr (ID = 877670)
11:20 PM: Found Adware: mediamotor - popuppers
11:20 PM: HKCR\iemonitor.cbrowsers\ (3 subtraces) (ID = 960700)
11:20 PM: HKCR\iemonitor.ieevents\ (3 subtraces) (ID = 960704)
11:20 PM: HKCR\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960733)
11:20 PM: HKCR\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960748)
11:20 PM: HKLM\software\classes\iemonitor.cbrowsers\ (3 subtraces) (ID = 960762)
11:20 PM: HKLM\software\classes\iemonitor.ieevents\ (3 subtraces) (ID = 960766)
11:20 PM: HKLM\software\classes\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960795)
11:20 PM: HKLM\software\classes\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960810)
11:20 PM: Found Adware: command
11:20 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
11:20 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
11:20 PM: HKU\WRSS_Profile_S-1-5-21-1957994488-1708537768-854245398-500\software\aurora\ (18 subtraces) (ID = 360174)
11:20 PM: Found Adware: adcom
11:20 PM: HKU\WRSS_Profile_S-1-5-21-1957994488-1708537768-854245398-500\software\adcom\ (2 subtraces) (ID = 861431)
11:20 PM: Found Adware: cas
11:20 PM: HKU\WRSS_Profile_S-1-5-21-1957994488-1708537768-854245398-500\software\cas2\ (ID = 862278)
11:20 PM: Found Adware: ist software
11:20 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1006\software\ist\ (1 subtraces) (ID = 129108)
11:20 PM: Found Trojan Horse: trojan-downloader-pacisoft
11:20 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1006\software\psof1\ (2 subtraces) (ID = 136530)
11:20 PM: Found Adware: drsnsrch hijacker
11:20 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1006\software\dsrch\ (4 subtraces) (ID = 509156)
11:20 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1006\software\adcom\ (4 subtraces) (ID = 861431)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\mvu\ (5 subtraces) (ID = 124884)
11:21 PM: Found Adware: hotbar
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\hotbar\ (37 subtraces) (ID = 127565)
11:21 PM: Found Adware: drsnsrch.com hijack
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\ist\ (1 subtraces) (ID = 129108)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\updater\ (1 subtraces) (ID = 136178)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\psof1\ (29 subtraces) (ID = 136530)
11:21 PM: Found Adware: surfsidekick
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\surfsidekick3\ (2 subtraces) (ID = 143412)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\dsrch\ (11 subtraces) (ID = 509156)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\cas2\ (8 subtraces) (ID = 862278)
11:21 PM: HKU\S-1-5-21-1957994488-1708537768-854245398-1004\software\director\ || baseurl (ID = 980277)
11:21 PM: Found Adware: cws_analyzeie default.home hijacker
11:21 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || start page (ID = 116863)
11:21 PM: Registry Sweep Complete, Elapsed Time:00:00:59
11:21 PM: Starting Cookie Sweep
11:21 PM: Found Spy Cookie: a cookie
11:21 PM: billy@a[2].txt (ID = 2027)
11:21 PM: Found Spy Cookie: btgrab cookie
11:21 PM: billy@btg.btgrab[2].txt (ID = 2333)
11:21 PM: Found Spy Cookie: cliks cookie
11:21 PM: billy@cliks[2].txt (ID = 2414)
11:21 PM: Found Spy Cookie: offeroptimizer cookie
11:21 PM: billy@offeroptimizer[2].txt (ID = 3087)
11:21 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:21 PM: Starting File Sweep
11:21 PM: Found Trojan Horse: 2nd-thought
11:21 PM: c:\program files\common files\slmss (2 subtraces) (ID = -2147481537)
11:21 PM: c:\windows\system32\nsvsvc (1 subtraces) (ID = -2147481119)
11:21 PM: c:\documents and settings\all users\application data\nsv (17 subtraces) (ID = -2147481136)
11:21 PM: c:\windows\system32\vidctrl (ID = -2147481117)
11:21 PM: c:\documents and settings\all users\application data\vidctrl (2 subtraces) (ID = -2147477475)
11:21 PM: c:\windows\cfgmgr52 (108 subtraces) (ID = -2147479590)
11:22 PM: system32.dll (ID = 156271)
11:22 PM: Found Adware: dealhelper
11:22 PM: rbbeoju3.xml (ID = 57652)
11:26 PM: rbbeoju.xml (ID = 57649)
11:27 PM: rbbeoju1.xml (ID = 57650)
11:27 PM: rbbeojk.xml (ID = 57646)
11:27 PM: rbbeojk2.xml (ID = 57648)
11:27 PM: Found Adware: begin2search
11:27 PM: vhe233a1.ico (ID = 51074)
11:27 PM: rbbeoju2.xml (ID = 57651)
11:28 PM: cwebpage.dll (ID = 69301)
11:29 PM: rbbeojk1.xml (ID = 57647)
11:31 PM: wmv2007.dbd (ID = 57693)
11:32 PM: x.bmp (ID = 69314)
11:34 PM: wmv1215.dbd (ID = 57687)
11:34 PM: wmv1920.dbd (ID = 57692)
11:34 PM: 538.dfn (ID = 133429)
11:34 PM: Found Adware: imgiant
11:34 PM: imgga.exe (ID = 198238)
11:35 PM: wmv0412.ddx (ID = 57682)
11:35 PM: wmv0904.ddx (ID = 57691)
11:35 PM: Found Adware: weirdontheweb
11:35 PM: weirdontheweb.url (ID = 87896)
11:35 PM: wmv0106.ddx (ID = 57679)
11:35 PM: rbbeojdk.xml (ID = 57645)
11:35 PM: wmv1909.ddx (ID = 57691)
11:35 PM: wmv0504.ddx (ID = 57682)
11:35 PM: wmv1125.ddx (ID = 57685)
11:35 PM: wmv0315.ddx (ID = 57682)
11:35 PM: wmv1204.ddx (ID = 57682)
11:35 PM: wmv0204.ddx (ID = 57682)
11:35 PM: Found Adware: ieplugin
11:35 PM: backup-20051202-162422-810.inf (ID = 63343)
11:40 PM: Found Adware: tibs dialer
11:40 PM: xxx.lnk (ID = 79520)
11:40 PM: xxx.lnk (ID = 79520)
12:01 AM: Found System Monitor: potentially rootkit-masked files
12:01 AM: dxtuni32.exe (ID = 0)
12:01 AM: atmmndis9.sys (ID = 0)
12:02 AM: Warning: Unhandled Archive Type
12:02 AM: Warning: Unhandled Archive Type
12:02 AM: Warning: Invalid Stream
12:04 AM: File Sweep Complete, Elapsed Time: 00:43:09
12:04 AM: Full Sweep has completed. Elapsed time 00:49:31
12:04 AM: Traces Found: 926
11:00 AM: Removal process initiated
11:00 AM: Quarantining All Traces: 2nd-thought
11:00 AM: Quarantining All Traces: clkoptimizer
11:00 AM: Quarantining All Traces: cws_analyzeie
11:00 AM: Quarantining All Traces: directrevenue-abetterinternet
11:00 AM: Quarantining All Traces: potentially rootkit-masked files
11:00 AM: potentially rootkit-masked files is in use. It will be removed on reboot.
11:00 AM: dxtuni32.exe is in use. It will be removed on reboot.
11:00 AM: atmmndis9.sys is in use. It will be removed on reboot.
11:00 AM: Quarantining All Traces: visfx
11:00 AM: Quarantining All Traces: apropos
11:00 AM: Quarantining All Traces: begin2search
11:00 AM: Quarantining All Traces: cas
11:00 AM: Quarantining All Traces: delfin
11:00 AM: Quarantining All Traces: hotbar
11:00 AM: Quarantining All Traces: maxifiles
11:00 AM: Quarantining All Traces: surfsidekick
11:00 AM: Quarantining All Traces: tibs dialer
11:00 AM: Quarantining All Traces: trojan-downloader-pacisoft
11:00 AM: Quarantining All Traces: adcom
11:00 AM: Quarantining All Traces: bookedspace
11:00 AM: Quarantining All Traces: command
11:00 AM: Quarantining All Traces: cws_analyzeie default.home hijacker
11:00 AM: Quarantining All Traces: dealhelper
11:00 AM: Quarantining All Traces: drsnsrch hijacker
11:00 AM: Quarantining All Traces: drsnsrch.com hijack
11:00 AM: Quarantining All Traces: elitemediagroup-mediamotor
11:00 AM: Quarantining All Traces: ezula ilookup
11:00 AM: Quarantining All Traces: ieplugin
11:00 AM: Quarantining All Traces: imgiant
11:00 AM: Quarantining All Traces: ist software
11:00 AM: Quarantining All Traces: mediamotor - popuppers
11:00 AM: Quarantining All Traces: networkessentials
11:00 AM: Quarantining All Traces: regsync
11:00 AM: Quarantining All Traces: weirdontheweb
11:00 AM: Quarantining All Traces: a cookie
11:00 AM: Quarantining All Traces: btgrab cookie
11:00 AM: Quarantining All Traces: cliks cookie
11:00 AM: Quarantining All Traces: offeroptimizer cookie
11:01 AM: Removal process completed. Elapsed time 00:01:09
11:11 AM: Processing Startup Alerts
11:11 AM: Allowed Startup entry: Mozilla Quick Launch
11:11 AM: Allowed Startup entry: MSMSGS
********
10:21 PM: | Start of Session, Thursday, December 29, 2005 |
10:21 PM: Spy Sweeper started
10:21 PM: Sweep initiated using definitions version 593
10:21 PM: Starting Memory Sweep
10:26 PM: Memory Sweep Complete, Elapsed Time: 00:04:43
10:26 PM: Starting Registry Sweep
10:26 PM: Found Adware: apropos
10:26 PM: HKLM\software\aprps\ (2 subtraces) (ID = 103741)
10:26 PM: Found Adware: bookedspace
10:26 PM: HKLM\software\configuration manager\cfgmgr52\ (357 subtraces) (ID = 104873)
10:26 PM: Found Adware: cws_analyzeie
10:26 PM: HKCR\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116873)
10:26 PM: HKLM\software\classes\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116895)
10:26 PM: Found Adware: delfin
10:26 PM: HKLM\software\laltin\ (2 subtraces) (ID = 124857)
10:26 PM: HKLM\software\vidctrl\ (3 subtraces) (ID = 124897)
10:26 PM: Found Adware: networkessentials
10:26 PM: HKLM\software\novo\ (23 subtraces) (ID = 136175)
10:26 PM: HKLM\software\np\ (2 subtraces) (ID = 136176)
10:26 PM: Found Adware: regsync
10:26 PM: HKCR\typelib\{00dc9ff2-ea77-49c7-8def-722fd81cab59}\ (9 subtraces) (ID = 139345)
10:26 PM: HKLM\software\classes\typelib\{00dc9ff2-ea77-49c7-8def-722fd81cab59}\ (9 subtraces) (ID = 139349)
10:26 PM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\regsync.exe\ (1 subtraces) (ID = 139354)
10:26 PM: Found Adware: elitemediagroup-mediamotor
10:26 PM: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (18 subtraces) (ID = 140131)
10:26 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
10:26 PM: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (18 subtraces) (ID = 140223)
********
10:20 PM: | Start of Session, Thursday, December 29, 2005 |
10:20 PM: Spy Sweeper started
10:20 PM: Sweep initiated using definitions version 593
10:20 PM: Sweep Canceled
10:20 PM: Traces Found: 0
10:21 PM: | End of Session, Thursday, December 29, 2005 |
********
10:18 PM: | Start of Session, Thursday, December 29, 2005 |
10:18 PM: Spy Sweeper started
10:18 PM: Messenger service has been disabled.
10:19 PM: Your spyware definitions have been updated.
10:20 PM: | End of Session, Thursday, December 29, 2005 |

And here is the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:53:40 PM, on 12/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
C:\Documents and Settings\All Users\Desktop\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - Global Startup: RealSecure® Desktop Protector.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120002357368
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: XKPC - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Billy\LOCALS~1\Temp\XKPC.exe
O23 - Service: YISSTOWNUWGPN - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Billy\LOCALS~1\Temp\YISSTOWNUWGPN.exe

In the meantime, I am going to try to update some of the windows components while I can.

#15 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 31 December 2005 - 06:56 AM

Monza,

Where did these two entries come from, is this something you did??

O23 - Service: XKPC - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Billy\LOCALS~1\Temp\XKPC.exe
O23 - Service: YISSTOWNUWGPN - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Billy\LOCALS~1\Temp\YISSTOWNUWGPN.exe

Go ahead and send me the Rootkit revealer log, you can paste it into two theads if you have to.

Ken

Take your time, I will be offline until Monday

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Body Background

skin color theme