Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

csrss.exe infected problem


  • Please log in to reply

#1
Fredn

Fredn

    Member

  • Member
  • PipPip
  • 16 posts
Hello,

I recently discovered some infections. I managed to get rid of most of it, but there is still one problem.

When I look at the HJT log I see csrss.exe as an active process. This didn't used to be there, and I see from looking at other HJT logs here in the forum, csrss.exe is often in the infected log but not in the cleaned one.

When I run Ad-aware it seems to hang during the local registry scan, in Software\MS\Windows\Current Version\Shared DLLs. It stays there.

When I run SpyBot it seems to stop at a certain point, at the bottom it says running bot-check (499/41457:Baciami). After 15 minutes it hasn't changed.

I have Trend virus checker, and it shows nothing. I ran Panda and it shows nothing. Windows Defender shows nothing.

Sometimes the screen freezes, and/or the system freezes, and I can't use my task tray. It also seems to be slower.

Any help you can provide will be appreciated. Thanks.
Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:16:21 PM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\WINDOWS\System32\ccsrvc.exe
C:\Program Files\Eicon\Shiva VPN Client\icsrv.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\ET39E0.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\IMNNQ_XP\httpdl.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\IMNNQ_XP\imnsvdem.exe
C:\wdsc\system\evfctcpd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\wdsc\SYSTEM\EVFWLX40.EXE
C:\wdsc\SYSTEM\RXAPI.EXE
C:\Documents and Settings\fneeser\Desktop\jack.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://inet/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMNNQ] nqdetach.exe imnss.exe start server
O4 - HKLM\..\Run: [IMNNQ NetQ Web Server] nqdetach.exe httpdl.exe -r C:\IMNNQ_XP\httpd.cnf
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" /logon
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NsCplTray] iesetupdll.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CODE Editor initialization.lnk = C:\wdsc\codebrws.exe
O4 - Global Startup: Communications.lnk = C:\wdsc\system\evfctcpd.exe
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://trendserver/o...ll/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://trendserver/o...ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://trendserver/o...stall/setup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://trendserver/...html/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://trendserver/o.../RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1139412862172
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://pentonevents....ent/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = int.carswell.ca,carswell.ca,carswell.com,int.carswell.com,dmz.carswell.ca,dmz.carswell.com,dmz.carswell.biz,carswell.biz,erf.thomson.com,ha.westgroup.com
O20 - AppInit_DLLs: NVDESK32.DLL AMInit.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\System32\ccsrvc.exe
O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\System32\schdsrvc.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Shiva VPN Client (ICService) - Unknown owner - C:\Program Files\Eicon\Shiva VPN Client\icsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
  • 0

Advertisements


#2
Matt.F

Matt.F

    Visiting Staff

  • Visiting Consultant
  • 512 posts
Hello Fredn and welcome to GeeksToGo! Sorry for taking so long to get back to you, but we're extremely busy around here and all of us are volunteers. However, my name is Matt and I am here to assist you with your malware removal.

To begin with, I'd ask that during the clean-up process you follow my instructions very carefully and please do not take things upon yourself. Even though it may seem obvious that a file is malicious, that does not necessarily mean that it is.

With that said, I'm afraid your suspicions about csrss.exe are likely incorrect. While that can frequently be an infected file, it is almost always a legitimate file when found in the C:\Windows\System32 directory. Your system is heavily infected, however. Please give me some time to go over your log and prepare the first wave of clean-up.

Regards,
Matt
  • 0

#3
Matt.F

Matt.F

    Visiting Staff

  • Visiting Consultant
  • 512 posts
First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.

  • 0

#4
Fredn

Fredn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi Matt,

Thanks for taking my case and helping me.

I followed your instructions. After re-booting, Trend announced it found a trojan in windows\system32\dmajf.exe called Troj_Generic, and successfully deleted it. Windows came up but nothing would respond to my clicks, either on taskbar or desktop, although everything looked normal. I managed to get task manager and shutdown and reboot. This time when it came up, it froze completely, and I had to hard reboot. I went into safe mode and disabled Ewido from starting in case there was a conflict with anything else.

That didn't help, so I did another hard reboot. This time as it was coming up I opened task manager and saw svchost.exe was using 99% cpu. This stayed like that for the next 15 minutes, then I gave up.

Here is my log from Ewido. You'll notice it had a problem with a couple items.

Thanks again.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:59:23 PM 13/09/2006

+ Scan result:



HKLM\SOFTWARE\Classes\Media-Codec.Chl -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Media-Codec.Chl\CLSID -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C01FC4F-9B90-4A57-BEB1-3ACB4B86FA4F}\RP263\A0028903.exe -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\ieatgpc.dll -> Adware.WebEx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C01FC4F-9B90-4A57-BEB1-3ACB4B86FA4F}\RP260\A0028868.cmd -> Backdoor.Afcore.cq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C01FC4F-9B90-4A57-BEB1-3ACB4B86FA4F}\RP281\A0029208.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
[188] VM_00D60000 -> Downloader.Agent.uj : Error during cleaning.
[212] VM_00BF0000 -> Downloader.Agent.uj : Error during cleaning.
[892] VM_009D0000 -> Downloader.Agent.uj : Error during cleaning.
C:\WINDOWS\Temp\ASHeuristic\start[1]_exe.vir -> Downloader.Small.ctd : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\ASHeuristic\start_exe.vir -> Downloader.Small.ctd : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\ASHeuristic\kvn_exe.vir -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\techsupport2\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\fnees[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Bpath : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Counted : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Dbbsrv : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Gator : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Hypertracker : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Linkbuddies : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Pro-market : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Specificpop : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Specificpop : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Track-star : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][1].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\fneeser22\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C01FC4F-9B90-4A57-BEB1-3ACB4B86FA4F}\RP256\A0026711.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3C01FC4F-9B90-4A57-BEB1-3ACB4B86FA4F}\RP256\A0026712.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).


::Report end
  • 0

#5
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,942 posts
Hi Fredn,

Matt asked me to continue helping you since he doesn't have the necessary time at the moment.

Please do this for me:
  • Surf to: Sophos free tools: Anti-Rootkit
  • Click the "Download" button
  • Read the conditions and fill out your Details.
  • Click the Download Sophos Anti-Rootkit link.
  • Save the sarsfx.exe to location on your harddrive where you can find it later on.
Installing
  • Close as many applications as possible and execute sarsfx.exe by doubleclicking it.
  • Accept the EULA and install the software to the loaction of your choice.(Default is C:\SOPHTEMP)
Running for analysis
  • In that folder find and double-click sargui.exe
  • Select the areas that you want to scan for hidden objects (Running processes, Windows registry, Local hard drives)
  • Click Start > Run and copy this command into the window %TEMP%\sarscan.log and click OK to execute.
  • A textfile will open. Post the content of that file.
Regards,
  • 0

#6
Fredn

Fredn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi,

Thanks for your help. I ran the program, but I had to run in safe mode since nothing will respond in normal mode. Here is the log:

Sorry I'll have to post the log in my next message, it's too long.

Edited by Fredn, 21 September 2006 - 07:01 AM.

  • 0

#7
Fredn

Fredn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi,

Here is the first half of the log:



Sophos Anti-Rootkit Version 1.0 © 2006 Sophos Plc
Started logging on 20/09/2006 at 21:17:50 PM
Error: Could not initialize kernel driver memsweep.sys. Please restart and try again.
This service cannot be started in Safe Mode
Warning: Failed to flush drive \\.\C:. Registry scan may produce
invalid results.
The process cannot access the file because it is being used by another process.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD9B1AB8-530B-432E-A459-4C50C0844910}
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\onmsc
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\IBM\WebSphere Studio\runtimes\base_v5\installedApps\localhost\adminconsole.ear\adminconsole.war\secure\layouts\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\icons\full\ctool16\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\icons\full\etool16\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\icons\full\obj16\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\os\win32\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Java Source\com\ibm\as400ad\webfacing\runtime\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\ClientScript\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\ClientScript\usr\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\UIMHelp\QSYS\QPNLSRC\QHMH\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\WEB-INF\lib\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\runtime\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\runtime\conf\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\runtime\j2ee_12\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\runtime\j2ee_13\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\avenue\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\avenue\apparea\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\avenue\chrome\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\corporate1\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\corporate1\apparea\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\corporate1\chrome\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\fun\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\fun\apparea\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\fun\chrome\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\gradient\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\gradient\apparea\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\gradient\chrome\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage\apparea\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage\chrome\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage1\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage1\apparea\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage1\chrome\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools_5.0.0\lib\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools_5.0.0\runtime\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools_5.0.0\icons\full\ctool16\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools_5.0.0\doc\com\ibm\connector2\iseries\pgmcall\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools.iwcl_5.0.0\icons\full\ctool16\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools.iwcl_5.0.0\lib\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools.iwcl_5.0.0\runtime\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.debug.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.perspective.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.systems.core.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.debug400.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.debugf1.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.debugrpg.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.adm.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.cbl400.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.cl.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.codeclref.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.codedit.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.codedsn.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.commcon.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.olt.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.cpp.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.crtjva.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.getstart.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.ilec.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.ilecbl.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.ilerpg.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.javatools.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.prggen.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.rpg400.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.varpg.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\Register\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\WINDOWS\Installer\{F2A0AD68-4600-439B-BE3E-73D78836E7E1}\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\PatchMgmtAgent\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Carbon Copy\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\InventoryRuleAgent\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\0004\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\0405\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\0406\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\0407\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\040b\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\040C\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\0410\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\0411\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\0412\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\0414\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\0415\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\0419\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\041D\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\041F\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\7C04\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\0816\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\Languages\0C0A\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Microsoft AntiSpyware\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Adobe\Acrobat 7.0\Reader\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig705\ENU\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig705\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\VDKHome\ENU\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.

Sophos Anti-Rootkit Version 1.0 © 2006 Sophos Plc
Started logging on 20/09/2006 at 21:59:18 PM
Error: Could not initialize kernel driver memsweep.sys. Please restart and try again.
This service cannot be started in Safe Mode
Warning: Failed to flush drive \\.\C:. Registry scan may produce
invalid results.
The process cannot access the file because it is being used by another process.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD9B1AB8-530B-432E-A459-4C50C0844910}
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\onmsc
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.systems.core_5.0.0\icons\full\wizban\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.systems.core_5.0.0\runtime\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.toolbox_5.0.0\runtime\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.systems.universal_5.0.0\icons\full\obj16\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.systems.universal_5.0.0\runtime\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.systems.universal_5.0.0\serverruntime\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.varpg_5.0.0\runtime\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.varpg_5.0.0\icons\full\clcl16\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.wdsclient_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\icons\full\ctool16\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\icons\full\etool16\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\icons\full\eview16\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\icons\full\obj16\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\os\win32\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\config\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Java Source\com\ibm\as400ad\webfacing\runtime\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Java Source\conf\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\ClientScript\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\ClientScript\usr\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\images\IBM\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\styles\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\UIMHelp\QSYS\QPNLSRC\QHMH\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\WEB-INF\lib\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\runtime\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\runtime\conf\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\runtime\j2ee_12\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\runtime\j2ee_13\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\avenue\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\avenue\apparea\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\avenue\chrome\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\corporate1\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\corporate1\apparea\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\corporate1\chrome\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\fun\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\fun\apparea\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\fun\chrome\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\gradient\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\gradient\apparea\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\gradient\chrome\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage\apparea\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage\chrome\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage1\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage1\apparea\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage1\chrome\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools_5.0.0\lib\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools_5.0.0\runtime\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools_5.0.0\icons\full\ctool16\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools_5.0.0\doc\com\ibm\connector2\iseries\pgmcall\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools.iwcl_5.0.0\icons\full\ctool16\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools.iwcl_5.0.0\lib\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools.iwcl_5.0.0\runtime\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.debug.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.perspective.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.systems.core.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.debug400.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.debugf1.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.debugrpg.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.adm.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.cbl400.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.cl.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.codeclref.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.codedit.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.codedsn.doc_5.0.0\
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and rest

Edited by Fredn, 21 September 2006 - 07:06 AM.

  • 0

#8
Fredn

Fredn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here is the second half:

Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.varpg_5.0.0\icons\full\clcl16\folder.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.wdsclient_5.0.0\about.ini
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\jcpp.jar
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\icons\CreateProject.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\icons\full\ctool16\createwebfacingprj_wiz.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\icons\full\cview16\folderstyle.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\icons\full\dtool16\createwebfacingprj_wiz.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\icons\full\etool16\createwebfacingprj_wiz.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\icons\full\eview16\webfacing_persp.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\icons\full\obj16\clfolder.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\icons\full\wizban\convertmessagefile_wiz.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\os\win32\evfdjgo.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\config\conversion.rules
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Java Source\com\ibm\as400ad\webfacing\runtime\rtmessage.properties
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Java Source\conf\tracing.properties
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\logon.html
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\ClientScript\.cvsignore
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\ClientScript\usr\messages.js
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\images\IBM\BWWebFacing.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\styles\error.jsp
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\UIMHelp\UIMHelp.css
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\UIMHelp\QSYS\QPNLSRC\QHMH\ATTN.htm
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\ProjectTemplate\Web Content\WEB-INF\lib\StartTracing.bat
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\runtime\WFRun.jar
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\runtime\conf\tracing.properties
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\runtime\j2ee_12\WFRun.jar
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\runtime\j2ee_13\WFRun.jar
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\avenue\sample.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\avenue\apparea\CurrentSegment.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\avenue\chrome\PageBuilder.jsp
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\corporate1\sample.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\corporate1\apparea\CurrentSegment.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\corporate1\chrome\PageBuilder.jsp
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\fun\sample.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\fun\apparea\CurrentSegment.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\fun\chrome\PageBuilder.jsp
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\gradient\sample.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\gradient\apparea\CurrentSegment.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\gradient\chrome\PageBuilder.jsp
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage\sample.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage\apparea\CurrentSegment.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage\chrome\PageBuilder.jsp
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage1\sample.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage1\apparea\CurrentSegment.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\styles\sage1\chrome\PageBuilder.jsp
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools_5.0.0\plugin.xml
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools_5.0.0\lib\error.jsp
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools_5.0.0\runtime\AS400WebTools.jar
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools_5.0.0\icons\full\ctool16\cbx.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools_5.0.0\doc\allclasses-frame.html
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools_5.0.0\doc\com\ibm\connector2\iseries\pgmcall\ISeriesPgmCallConnection.html
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools.iwcl_5.0.0\plugin.xml
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools.iwcl_5.0.0\icons\full\ctool16\cbx.gif
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools.iwcl_5.0.0\lib\IWCLTagLib.tld
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools.iwcl_5.0.0\runtime\iwcl.jar
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\features\com.ibm.wdsclient_5.0.0\feature.properties
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.core_5.0.0\AS400SystemResources.properties
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.debug_5.0.0\AS400DebugResources.properties
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.iseries_prgm.doc_5.0.0\iprgm_nav.xml
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.debug.doc_5.0.0\about.html
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.perspective.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing.doc_5.0.0\cwf.xml
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.systems.core.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.systems.doc.isv_5.0.0\mriInstructions.html
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.javatools_5.0.0\BeanExampleMessages.properties
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.systems.logging_5.0.0\HelpContexts.xml
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.perspective_5.0.0\HelpContexts.xml
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.remotebuild_5.0.0\HelpContexts.xml
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.remotebuild.styles_5.0.0\HelpContexts.xml
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.systems.core_5.0.0\HelpContexts.xml
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.toolbox_5.0.0\plugin.properties
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.systems.universal_5.0.0\UniversalSystemResources.properties
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.varpg_5.0.0\plugin.properties
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.wdsclient_5.0.0\about.html
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webfacing_5.0.0\HelpContexts.xml
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools_5.0.0\HelpContexts.xml
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.webtools.iwcl_5.0.0\HelpContexts.xml
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.debug400.doc_5.0.0\about.html
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.debugf1.doc_5.0.0\about.html
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.debugrpg.doc_5.0.0\about.html
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.adm.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.cbl400.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.cl.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.codeclref.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.codedit.doc_5.0.0\code_java.xml
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.codedsn.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.commcon.doc_5.0.0\commcon_nav.xml
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.olt.doc_5.0.0\about.html
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.cpp.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.crtjva.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.getstart.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.ilec.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.ilecbl.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.ilerpg.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.javatools.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.prggen.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.rpg400.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\wdsc\iseries\eclipse\plugins\com.ibm.etools.iseries.varpg.doc_5.0.0\doc.zip
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\ieatgpc.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\vbar332.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\msxbse35.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\mstext35.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\msrepl35.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\msrd2x35.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\mspdox35.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\msltus35.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\msexcl35.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\IniToRegistry.exe
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HFWLib32.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HFWHrs32.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HFWCtl32.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HEATTools.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HEATQry.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HEATPsyc32.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\CommonRC.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\Heatasd.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HEATComm32.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HeatDB.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\GMSMAPIWRAPPER.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\GMDDE.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\GMUtils.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HeatIntegration.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\AssetCenterIntegration.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\GMIW.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HEATNTService.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HEATAPI.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HEATAPIL.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\GMSSSFI32.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HEATCTB32.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\Heatdms.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HEATDMSLANDesk.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HEATLogin.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\Heatpc.exe
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HEATRes.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\U2LHFW.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\Dmsutils.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HEATAPI.tlb
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HeatMail.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\HEATAttach.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\SSCE5232.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\Ssce.hlp
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\CallLog32.exe
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\Startr32.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\Alert32.exe
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\FLS32.exe
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\Flsdb32.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HEAT\Heatidx.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Data Dynamics\ActiveBar2\ACTBAR2.OCX
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\GRAPHS32.OCX
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\GRAPHPPR.HLP
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\GSDSvr.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\GSJPG32.DLL
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\Gspng32.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\GSPROP32.DLL
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\GSW32.EXE
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\GSWAG32.DLL
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\GSWDLL32.DLL
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\VideoSoft\VSPRINT7.ocx
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\VideoSoft\vsflex7L.ocx
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\SYSINFO.OCX
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\CMDLGD6.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\crviewer.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\CRDesignerCtrl.DLL
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\Roboex32.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\Rhgbtn32.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Seagate Software\Shared\crtslv.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Seagate Software\Shared\ExportModeller.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Crystal Decisions\2.0\Bin\crtslv.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Crystal Decisions\2.0\Bin\ExportModeller.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Crystal\crxf_pdf.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Crystal\crxf_rtf.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Crystal\crxf_rtf_res_fr.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Crystal\crxf_wordw.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Crystal\Crxlat32.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Crystal\u252000.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Crystal\u25dts.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Crystal\u2dapp.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Crystal\u2ddisk.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Crystal\u2dmapi.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Crystal\u2dnotes.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Crystal\u2dpost.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Crystal\u2dvim.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Crystal\u2fcr.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Crystal\u2fdif.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Crystal\u2fhtml.dll
Warning: Registry call timed out - it may be blocked by malware.
Please try again after a clean up and restart.
Hidden: regist
  • 0

#9
Fredn

Fredn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sorry, it looks ok in the preview but I guess it's too long. I'll try adding it as an attachment.

Attached File  sarscan.txt   278.95KB   390 downloads

The log shows it was run twice, because the first time it hung and I restarted.

Edited by Fredn, 21 September 2006 - 07:28 AM.

  • 0

#10
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,942 posts
OK. So basically it tells us to clean up first.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://www.bleepingc.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found):

O4 - HKLM\..\Run: [NsCplTray] iesetupdll.exe


Click FIX CHECKED. Close HijackThis.

Finally, please post the contents of the text file that opened earlier (you can find it at C:\fixwareout\report.txt ), along with a new HijackThis log into this topic.

Regards,
  • 0

Advertisements


#11
Fredn

Fredn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi,

I followed your instructions and got my desktop back! What I mean is, I can use it again, instead of having to use safe mode.

I ran fixwareout from safe mode, but it asked for bfu.zip, so I had to get that manually. After it ran, as it re-booted, the first thing Windows said it had a serious error, but I continued on. Then Trend popped up and said it found a trojan at windows\system32\cseon.exe, and successfully deleted it. It took a while to boot, and then Trend popped up again, saying it found 12 trojans in SystemVolume Information\_restore, and successfully deleted all of them. Not sure I believe this, because this seems to happen every other day.

Then I ran HJT and fixed that one reference you mentioned. Here are the 2 logs.

Thank you!

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A46C44C354C2-E76A-37E4-671E-F92FD4AD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3673AB5F731F-E1D9-3A64-43E6-EE207585{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}768A3E34BA6B-17A9-F6F4-1611-BD85DE18{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}43D1B960A7D8-C22B-C624-FBC4-EFE92BAE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}13818B688BED-61BA-BFC4-DA99-88BEE2F1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5BBA20534802-10DB-B824-08EB-307AA846{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DFE95532BD20-BB2B-DD64-EB07-EF4E3097{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4F01E067A6A1-E45A-5134-6526-0788D944{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9C4002BE0E33-8579-3CC4-A36E-1A704CA5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}06E05EB9D4CF-8398-7D44-E5EF-C0F77DBC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AA718A5D12A6-7399-60E4-1577-0411B38E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3EDC1587CB02-904B-A234-0DD4-51FA62D5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}165AFBF278B3-E209-A7F4-4397-611D597C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A53E458BFDE9-B129-ABB4-965A-C07DD198{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BFA9D0BD6D3E-B35B-4924-4A85-481A8204{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EC06B37A802E-1588-53B4-C1A0-24D5344F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CAB8F1F07784-4F7A-F5D4-CD05-F8D57849{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3290E4B6FCE4-FFE9-7F24-8235-3440543D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C86EA87D31C8-3B38-FBB4-5316-11C40E65{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2A7B7DECA8EF-31BA-2014-06B3-6A92C111{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4C78038196EE-FDF9-87B4-7AF5-BD2556EA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0829D42B777F-9799-3404-EDDA-B90BDE14{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8BBA8AEC0A99-49EA-4B64-59D6-7BD35E1E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}819E3EB713F7-B4F8-45B4-2B19-E42E9A24{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}675B4204FEB5-9B79-BC84-16AF-90DA73E1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}18C7634E98D7-BE89-8264-2FD5-494FAFF2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C44FD5D0AEB6-B8E9-FBA4-C515-A9AA985A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6D598CF2FD79-4B58-9954-9FA1-E2218966{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}17CE3FC81A74-F4E8-39B4-800F-B3763DDF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}43A86AA4AB64-FFE8-8CF4-E467-05F7E567{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}41C0D943241E-2698-A464-6366-17B30E01{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7BFBB40CBD53-9B09-2C14-8565-C3BC7600{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5BABC9C4E848-642B-8F34-14F7-6094C874{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}708945FD29F4-B518-D824-98E8-F6ABBEDF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FF65A1B13AE8-012A-4134-FB33-5809030C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BBE7D6451F1D-A839-5874-5E38-8DD1D57A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7F851DB6B3D2-04F9-F9D4-921A-C8292B74{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D11AFE1EBC6D-8DFA-D354-88BB-F296EE94{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}73F289CA04E5-1098-D814-719E-316174A5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3834791DBB4D-6549-0A24-21B8-1CA960D4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C8BCB682D385-1CCA-4EE4-D718-1DC1F924{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3A76C5AF57F8-54E9-C334-F96A-BD5C8DD4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EF02DB885838-8939-B884-DD99-E44EE012{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}28CE67AF4347-C4DB-F5F4-10D6-5B55CADB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F96A9E1A206D-76D8-8134-737D-E037B5E9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C2EE8D330DA2-C328-1364-FF77-DF60FB36{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F43ECA1ADB77-63F9-9344-A19F-72609B9B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}602D79F12E28-215A-3314-AF7E-C83B2516{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B70B3E22FEED-E81B-9D24-B6F4-0CD3AB10{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8D2C0AAB5536-C348-8B14-5196-656082D4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B83DD810CD3A-CDCB-D4A4-4BE3-26940F6C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}01DC71D84257-225B-50E4-6747-1EBEF7B0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9DCD3AEC3714-62BA-43C4-004F-7E9A86B0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}937CEB3D7AF5-7FAB-BC84-A3DA-040CFED7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1B9CFA2C3763-F0DA-1804-609F-F87311DB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\fjamd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSBOR.EXE 51,236 2006-08-26

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.


Logfile of HijackThis v1.99.1
Scan saved at 8:35:57 PM, on 9/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\WINDOWS\System32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Eicon\Shiva VPN Client\icsrv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\FMCC6F.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\WINDOWS\system32\wuauclt.exe
C:\IMNNQ_XP\httpdl.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\IMNNQ_XP\imnsvdem.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\wdsc\system\evfctcpd.exe
C:\wdsc\SYSTEM\EVFWLX40.EXE
C:\wdsc\SYSTEM\RXAPI.EXE
C:\Documents and Settings\fneeser\Desktop\jack.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://inet/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMNNQ] nqdetach.exe imnss.exe start server
O4 - HKLM\..\Run: [IMNNQ NetQ Web Server] nqdetach.exe httpdl.exe -r C:\IMNNQ_XP\httpd.cnf
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" /logon
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CODE Editor initialization.lnk = C:\wdsc\codebrws.exe
O4 - Global Startup: Communications.lnk = C:\wdsc\system\evfctcpd.exe
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://trendserver/o...ll/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://trendserver/o...ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://trendserver/o...stall/setup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://trendserver/...html/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://trendserver/o.../RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1139412862172
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://pentonevents....ent/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = int.carswell.ca,carswell.ca,carswell.com,int.carswell.com,dmz.carswell.ca,dmz.carswell.com,dmz.carswell.biz,carswell.biz,erf.thomson.com,ha.westgroup.com
O20 - AppInit_DLLs: NVDESK32.DLL AMInit.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\System32\ccsrvc.exe
O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\System32\schdsrvc.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Shiva VPN Client (ICService) - Unknown owner - C:\Program Files\Eicon\Shiva VPN Client\icsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,942 posts
Good work. :whistling:

Some manual cleaning left to do.

First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.
  • Click Start » Run » type: Notepad » OK
  • Copy (Ctrl+C) and paste (Ctrl+V) the following text below (inside the box) to Notepad.

    REGEDIT4
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif]
    
    
  • Make sure there are no spaces before REGEDIT4
  • Click File at the top and then choose Save As.
  • Change Save As Type to All Files.
  • Name it FixME.reg and save it on your desktop.
  • Its icon should look like this : Posted Image
  • Double click FixME.reg. It will ask you if you want to merge it to the registry, click Yes.
Then reboot and let me know how the computer is behaving.

Regards,
  • 0

#13
Fredn

Fredn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi,

Everything seems to have gone ok. The computer seems to be running ok now.

I have a couple questions, if you don't have time I understand.

Why did we add those entries into the registry? Were they not bad entries?

Did I have LookToMe? From reading your description about being unable to use the taskbar or start button, I'm wondering if that was the cause?

Also in my first post I mentioned csrss.exe, which I noticed in my HJT log. This is gone now. What was causing csrss to appear in that log?

Do I need to do anything else? What about the Sophos anti rootkit, should I try it again?

If I use the Ewido memory resident program at the same time as Spybot memory resident program at the same time as Trend memory resident, will they conflict? Are they checking the same things?

If they conflict, which should I drop?

Thanks a lot for your help.

Edited by Fredn, 22 September 2006 - 02:00 PM.

  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,942 posts

Hi,

Everything seems to have gone ok. The computer seems to be running ok now.

I have a couple questions, if you don't have time I understand.


Good to hear and no it's not a problem. An educated user is less likely to come back with problems.

Why did we add those entries into the registry? Were they not bad entries?


Yes they were, but the "-" signs are there to remove the entries.
Why Windows still calls it adding them you'll have to ask MicroSoft. :blink:

Did I have LookToMe? From reading your description about being unable to use the taskbar or start button, I'm wondering if that was the cause?


Not while I was working with you. Your problem was a variant of WareOut

Also in my first post I mentioned csrss.exe, which I noticed in my HJT log. This is gone now. What was causing csrss to appear in that log?


Although the malware may have caused the process to run, it is a legitimate program.
You may spot it in the future again, but that is no reason for alarm as long as it is the real Windows file:
http://www.neuber.co.../csrss.exe.html

Do I need to do anything else? What about the Sophos anti rootkit, should I try it again?

I don't think you'll need it, but you can give it a try if you like. No problem for me to have a look at the log.

If I use the Ewido memory resident program at the same time as Spybot memory resident program at the same time as Trend memory resident, will they conflict? Are they checking the same things?

If they conflict, which should I drop?

Trend is different from the other two and will not conflict with either as far as I know.
Ewido and Spybot do overlap. Unless you bought Ewido, the resident protection will disappear after the free trial is over, so you might as well turn it off now and just keep it as a scanner.

Thanks a lot for your help.

You're very welcome. :whistling:

Regards,
  • 0

#15
Fredn

Fredn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi,

I ran the anti rootkit again, here is the log:

Why does it say "failed to flush C"? The only thing I had open was Windows explorer.

I also ran Ewido again, and it came up clean, which surprised me because last time it had difficulty deleting some files,, but I guess we deleted them with the BFU??

Thanks again for all your help and insights. You guys do a great job. It seems like a very interesting and rewarding endeavor!!


Sophos Anti-Rootkit Version 1.0 © 2006 Sophos Plc
Started logging on 9/23/2006 at 10:43:52 AM
Warning: Failed to flush drive \\.\C:. Registry scan may produce
invalid results.
The process cannot access the file because it is being used by another process.
Hidden: registry item \HKEY_USERS\S-1-5-21-1085031214-1229272821-839522115-41760
Hidden: registry item \HKEY_USERS\S-1-5-21-1085031214-1229272821-839522115-41760_Classes
Stopped logging on 9/23/2006 at 10:56:23 AM
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP