Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hosts file keeps changing [CLOSED]

Started by infinitydragon , May 15 2005 07:22 AM

  • This topic is locked This topic is locked

#1
infinitydragon
Posted 15 May 2005 - 07:22 AM

infinitydragon

    Member

  • Member
  • PipPip
  • 18 posts
Hello,

After 3 weeks of trying to get rid of all junk on my computer I still am getting popups in both IE and firefox to sites such as filedistributor.com, etc. ISearch has pinned itself in my search bar in firefox and has 9 registry entries that won't go away and whats worse is that my hosts file will not stay normal, instead it keeps changing to include the following list of sites :

127.0.0.1 www.igetnet.com
127.0.0.1 code.ignphrases.com
127.0.0.1 clear-search.com
127.0.0.1 r1.clrsch.com
127.0.0.1 sds.clrsch.com
127.0.0.1 status.clrsch.com
127.0.0.1 www.clrsch.com
127.0.0.1 clr-sch.com
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 www.qoolaid.com
127.0.0.1 www.qoologic.com
127.0.0.1 www.CLKPrecision.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.isearch.com
127.0.0.1 isearch.com
127.0.0.1 www.idownload.com
127.0.0.1 idownload.com
127.0.0.1 www.mytotalsearch.com
127.0.0.1 mytotalsearch.com
127.0.0.1 www.lop.com
127.0.0.1 lop.com
127.0.0.1 www.page-not-found.net
127.0.0.1 page-not-found.net
127.0.0.1 www.isearchhere.com
127.0.0.1 isearchhere.com
127.0.0.1 xads.offeroptimizer.comm
127.0.0.1 search.offeroptimizer.com
127.0.0.1 ximages.offeroptimizer.com
127.0.0.1 xlime.offeroptimizer.com
127.0.0.1 xadsj-o.offeroptimizer.com
127.0.0.1 xadsj.offeroptimizer.com
127.0.0.1 www.offeroptimizer.com
127.0.0.1 as.adwave.com
127.0.0.1 sr.adwave.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com
127.0.0.1 adwave.com
127.0.0.1 adwave.com
127.0.0.1 adwave.com
127.0.0.1 www.websearch.com
127.0.0.1 websearch.com
127.0.0.1 adwave.com
127.0.0.1 adwave.com
127.0.0.1 adwave.com

Here are the 9 registry entries related to iSearch that keep returning that only SpySubtract will keep finding but the entries keep coming back :

SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT
SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\
SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\Class
SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\ClassGUID
SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\ConfigFlags
SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\DeviceDesc
SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\Legacy
SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\NextInstance
SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\Service

And finally, below is my HiJackThis log... Please help me... This would be my 3rd or 4th post after 3 weeks with not a single reply. I've searched the other posts and don't see anyone with my problems and I have managed to fix most of my issues except for these remaining here. Thank you very much in advance for your assistance...

Logfile of HijackThis v1.99.1
Scan saved at 9:21:42 AM, on 5/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\asuskbservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\anvshell.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jason Prance\My Documents\HijackThis\HijackThis.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094274699265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresp...t/TLIEFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

Advertisements

#2
insipid
Posted 15 May 2005 - 07:31 PM

insipid

    Visiting Staff

  • Member
  • PipPipPip
  • 313 posts
Hi infinitydragon, sorry for the delay. I'm looking your log over and will respond shortly.
  • 0

#3
insipid
Posted 15 May 2005 - 09:11 PM

insipid

    Visiting Staff

  • Member
  • PipPipPip
  • 313 posts
infinitydragon, let's get a closer look at what's going on.

Please download SilentRunners from here:
http://www.silentrun...ent Runners.vbs
Save it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile for me to see.

Please download the free MWAV antivirus tool from here:
ftp://ftp.microworldsystems.com/download/tools/mwav.exe
Save it to the desktop and run it. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window..
  • 0

#4
infinitydragon
Posted 15 May 2005 - 09:38 PM

infinitydragon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ok, here ya go!

Silent Runner findings :

"Silent Runners.vbs", revision 36, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"ASUS SmartDoctor" = "C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start" ["ASUSTeK Inc."]
"Steam" = (no data)
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"PtiuPbmd" = "Rundll32.exe ptipbm.dll,SetWriteBack" [MS]
"Ptipbmf" = "rundll32.exe ptipbmf.dll,SetWriteCacheMode" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"anvshell" = "anvshell.exe" ["AsusTeK Computer Inc."]
"CTSysVol" = "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"]
"CTDVDDET" = "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" ["Creative Technology Ltd"]
"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"SBDrvDet" = "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r" ["Creative Technology Ltd"]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" ["HP"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"type32" = ""C:\Program Files\Microsoft IntelliType Pro\type32.exe"" [MS]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe" ["Google Inc."]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"GoToMyPC" = "C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon" ["Citrix Online"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"MimBoot" = "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe" ["Musicmatch, Inc."]
"dvd43" = "C:\Program Files\dvd43\dvd43_tray.exe" ["Captain Red"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
"VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" ["McAfee, Inc."]
"VirusScan Online" = ""c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" ["McAfee, Inc."]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"MCUpdateExe" = "C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" ["McAfee, Inc"]
"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{8f7261d0-d2b9-11d2-9909-00605205b24c}" = "CuteFTP Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\GlobalSCAPE\CuteFTP\CuteShell.dll" [empty string]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FDAA650B-82C7-4B14-AC1F-738DA40464E3}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\duspex.dll" [file not found]
"{B1C9E07D-4B92-4EEB-8F40-4CA47C4E9F5E}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\jtpl400.dll" [null data]
"{048DB7F8-0509-4524-A3CE-70E7EFECCD4D}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [file not found]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}" = "SpySubtract Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\interMute\SpySubtract\sshook.dll" ["InterMute, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{FA010552-4A27-4cb1-A1BB-3E2D697F1639}" = "SpySubtract Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\interMute\SpySubtract\sshook.dll" ["InterMute, Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


Enabled Wallpaper and Active Desktop:
-------------------------------------

Active Desktop is disabled.

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Firefox Wallpaper.bmp"


Startup items in "Jason Prance" & "All Users" startup folders:
--------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"SpySubtract" -> shortcut to: "C:\Program Files\interMute\SpySubtract\SpySub.exe -autostart" ["InterMute, Inc."]


Enabled Scheduled Tasks:
------------------------

"McAfee.com Update Check (JASON-Jason Prance)" -> launches: "C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe /Schedule" ["McAfee, Inc"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BA52B914-B692-46C4-B683-905236F6F655}"
-> {CLSID}\(Default) = "McAfee VirusScan"
-> {CLSID}\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{B13B4423-2647-4CFC-A4B3-C7D56CB83487}\
"ButtonText" = "Share in Hello"
"MenuText" = "Share in H&ello"
"CLSIDExtension" = "{B13B4423-2647-4cfc-A4B3-C7D56CB83487}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Hello\PicasaCapture.dll" ["Picasa, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ASUSKeyboardService, ASUSKeyboardService, "C:\WINDOWS\asuskbservice.exe" ["ASUSTeK COMPUTER INC."]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"]
iPod Service, iPodService, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee Corporation"]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["Network Associates, Inc."]
McAfee.com VirusScan Online Realtime Engine, MCVSRte, "c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" ["McAfee, Inc"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------






And mwav findings :

Sun May 15 23:24:04 2005 => **********************************************************
Sun May 15 23:24:04 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Sun May 15 23:24:04 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Sun May 15 23:24:04 2005 => **********************************************************
Sun May 15 23:24:04 2005 => Version 6.1.8 (C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\mwavscan.com)
Sun May 15 23:24:04 2005 => Log File: C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\MWAV.LOG
Sun May 15 23:24:04 2005 => MWAV Registered: FALSE.
Sun May 15 23:24:04 2005 => MWAV Mode: Only Scan files.
Sun May 15 23:24:04 2005 => Latest Date of files inside MWAV: 12 May 2005 09:21:18.
Sun May 15 23:24:06 2005 => AV Library Loaded...
Sun May 15 23:24:06 2005 => MWAV doing self scanning...
Sun May 15 23:24:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\kavss.exe
Sun May 15 23:24:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Getvlist.exe
Sun May 15 23:24:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\kavss.dll
Sun May 15 23:24:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\kavssdi.dll
Sun May 15 23:24:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\kavssi.dll
Sun May 15 23:24:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\kavvlg.dll
Sun May 15 23:24:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\msvlclnt.dll
Sun May 15 23:24:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\ipc.dll
Sun May 15 23:24:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\main.avi
Sun May 15 23:24:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\virus.avi
Sun May 15 23:24:06 2005 => MWAV files are clean.
Sun May 15 23:24:10 2005 => Virus Database Date: 2005/05/12
Sun May 15 23:24:10 2005 => Virus Database Count: 129400

Sun May 15 23:24:50 2005 => **********************************************************
Sun May 15 23:24:50 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Sun May 15 23:24:50 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Sun May 15 23:24:50 2005 =>
Sun May 15 23:24:50 2005 => Support: [email protected]
Sun May 15 23:24:50 2005 => Web: http://www.mwti.net
Sun May 15 23:24:50 2005 => **********************************************************
Sun May 15 23:24:50 2005 => Version 6.1.8 (C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\mwavscan.com)
Sun May 15 23:24:50 2005 => Log File: C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\MWAV.LOG
Sun May 15 23:24:50 2005 => User Account: Jason Prance
Sun May 15 23:24:50 2005 => Windows Root Folder: C:\WINDOWS
Sun May 15 23:24:50 2005 => Windows Sys32 Folder: C:\WINDOWS\system32
Sun May 15 23:24:50 2005 => OS: Windows NT
Sun May 15 23:24:50 2005 => Latest Date of files inside MWAV: 12 May 2005 09:21:18.

Sun May 15 23:24:51 2005 => Options Selected by User:
Sun May 15 23:24:51 2005 => Memory Check: Enabled
Sun May 15 23:24:51 2005 => Registry Check: Enabled
Sun May 15 23:24:51 2005 => StartUp Folder Check: Enabled
Sun May 15 23:24:51 2005 => System Folder Check: Enabled
Sun May 15 23:24:51 2005 => System Area Check: Disabled
Sun May 15 23:24:51 2005 => Services Check: Enabled
Sun May 15 23:24:51 2005 => Drive Check Option Disabled
Sun May 15 23:24:51 2005 => Folder Check: Disabled

Sun May 15 23:24:51 2005 => ***** Scanning Memory Files *****
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\System32\smss.exe
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\ntdll.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\kernel32.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\RPCRT4.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\AUTHZ.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\msvcrt.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\CRYPT32.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\USER32.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\GDI32.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\MSASN1.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\NDdeApi.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\PROFMAP.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\NETAPI32.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\USERENV.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\PSAPI.DLL
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\REGAPI.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\Secur32.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\SETUPAPI.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\VERSION.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\WINSTA.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\WINTRUST.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\IMAGEHLP.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\WS2_32.dll
Sun May 15 23:24:51 2005 => Scanning File C:\WINDOWS\system32\WS2HELP.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\MSGINA.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\SHLWAPI.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\COMCTL32.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\ODBC32.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\comdlg32.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\odbcint.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\SHSVCS.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\sfc.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\sfc_os.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\ole32.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\Apphelp.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\WINSCARD.DLL
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\WTSAPI32.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\sxs.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\uxtheme.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\WINMM.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\rsaenh.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\SAMLIB.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\wldap32.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\mpr.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\MPRAPI.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\ACTIVEDS.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\adsldpc.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\ATL.DLL
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\OLEAUT32.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\rtutils.dll
Sun May 15 23:24:52 2005 => Scanning File C:\WINDOWS\system32\xpsp2res.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\NTMARTA.DLL
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\wdmaud.drv
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\msacm32.drv
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\MSACM32.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\midimap.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\CLBCATQ.DLL
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\COMRes.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemprox.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemcomn.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemsvc.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\System32\wbem\fastprox.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\MSVCP60.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\NTDSAPI.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\DNSAPI.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\services.exe
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\SCESRV.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\NCObjAPI.DLL
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\ShimEng.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\AppPatch\AcGenral.DLL
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\eventlog.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\LSASRV.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\SAMSRV.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\cryptdll.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\msprivs.dll
Sun May 15 23:24:53 2005 => Scanning File C:\WINDOWS\system32\kerberos.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\msv1_0.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\iphlpapi.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\netlogon.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\w32time.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\schannel.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\wdigest.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\scecli.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\ipsecsvc.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\oakley.DLL
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\WINIPSEC.DLL
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\mswsock.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\hnetcfg.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\pstorsvc.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\psbase.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\dssenh.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sun May 15 23:24:54 2005 => Scanning File c:\windows\system32\rpcss.dll
Sun May 15 23:24:54 2005 => Scanning File c:\windows\system32\termsrv.dll
Sun May 15 23:24:54 2005 => Scanning File c:\windows\system32\ICAAPI.dll
Sun May 15 23:24:54 2005 => Scanning File c:\windows\system32\mstlsapi.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\rdpwsx.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\WINSPOOL.DRV
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\msi.dll
Sun May 15 23:24:54 2005 => Scanning File c:\windows\system32\dhcpcsvc.dll
Sun May 15 23:24:54 2005 => Scanning File c:\windows\system32\wzcsvc.dll
Sun May 15 23:24:54 2005 => Scanning File c:\windows\system32\WMI.dll
Sun May 15 23:24:54 2005 => Scanning File c:\windows\system32\ESENT.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\System32\rastls.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\CRYPTUI.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\system32\WININET.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\System32\RASAPI32.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\System32\rasman.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\System32\TAPI32.dll
Sun May 15 23:24:54 2005 => Scanning File C:\WINDOWS\System32\raschap.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\schedsvc.dll
Sun May 15 23:24:55 2005 => Scanning File C:\WINDOWS\System32\MSIDLE.DLL
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\audiosrv.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\wkssvc.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\cryptsvc.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\certcli.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\dmserver.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\ersvc.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\es.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\pchealth\helpctr\binaries\pchsvc.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\srvsvc.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\netman.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\netshell.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\credui.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\WZCSAPI.DLL
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\seclogon.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\sens.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\srsvc.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\POWRPROF.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\trkwks.dll
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\wbem\wmisvc.dll
Sun May 15 23:24:55 2005 => Scanning File C:\WINDOWS\system32\VSSAPI.DLL
Sun May 15 23:24:55 2005 => Scanning File c:\windows\system32\wscsvc.dll
Sun May 15 23:24:55 2005 => Scanning File C:\WINDOWS\System32\Wbem\wbemcore.dll
Sun May 15 23:24:55 2005 => Scanning File C:\WINDOWS\System32\Wbem\esscli.dll
Sun May 15 23:24:55 2005 => Scanning File C:\WINDOWS\system32\comsvcs.dll
Sun May 15 23:24:55 2005 => Scanning File C:\WINDOWS\system32\MTXCLU.DLL
Sun May 15 23:24:55 2005 => Scanning File C:\WINDOWS\system32\WSOCK32.dll
Sun May 15 23:24:55 2005 => Scanning File C:\WINDOWS\system32\colbact.DLL
Sun May 15 23:24:55 2005 => Scanning File C:\WINDOWS\System32\CLUSAPI.DLL
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\RESUTILS.DLL
Sun May 15 23:24:56 2005 => Scanning File c:\windows\system32\wuauserv.dll
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\system32\wuaueng.dll
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\ADVPACK.dll
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\SHFOLDER.dll
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\WINHTTP.dll
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\Cabinet.dll
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\mspatcha.dll
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiutils.dll
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\wbem\repdrvfs.dll
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiprvsd.dll
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemess.dll
Sun May 15 23:24:56 2005 => Scanning File c:\windows\system32\ipnathlp.dll
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\wbem\ncprov.dll
Sun May 15 23:24:56 2005 => Scanning File c:\windows\system32\browser.dll
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\rasadhlp.dll
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\netcfgx.dll
Sun May 15 23:24:56 2005 => Scanning File c:\windows\system32\tapisrv.dll
Sun May 15 23:24:56 2005 => Scanning File c:\windows\system32\rasmans.dll
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\rastapi.dll
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\unimdm.tsp
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\uniplat.dll
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\kmddsp.tsp
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\ndptsp.tsp
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\ipconf.tsp
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\h323.tsp
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\hidphone.tsp
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\HID.DLL
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\rasppp.dll
Sun May 15 23:24:56 2005 => Scanning File C:\WINDOWS\System32\ntlsapi.dll
Sun May 15 23:24:57 2005 => Scanning File C:\WINDOWS\System32\upnp.dll
Sun May 15 23:24:57 2005 => Scanning File C:\WINDOWS\System32\SSDPAPI.dll
Sun May 15 23:24:57 2005 => Scanning File C:\WINDOWS\System32\RASDLG.dll
Sun May 15 23:24:57 2005 => Scanning File C:\WINDOWS\System32\NETRAP.dll
Sun May 15 23:24:57 2005 => Scanning File C:\WINDOWS\system32\msxml3.dll
Sun May 15 23:24:57 2005 => Scanning File C:\WINDOWS\System32\winrnr.dll
Sun May 15 23:24:57 2005 => Scanning File C:\WINDOWS\System32\cryptnet.dll
Sun May 15 23:24:57 2005 => Scanning File C:\WINDOWS\System32\SensApi.dll
Sun May 15 23:24:57 2005 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Sun May 15 23:24:57 2005 => Scanning File C:\WINDOWS\system32\SPOOLSS.DLL
Sun May 15 23:24:57 2005 => Scanning File C:\WINDOWS\system32\localspl.dll
Sun May 15 23:24:57 2005 => Scanning File C:\WINDOWS\system32\cnbjmon.dll
Sun May 15 23:24:57 2005 => Scanning File C:\WINDOWS\system32\gotomon.dll
Sun May 15 23:25:01 2005 => File C:\WINDOWS\system32\gotomon.dll tagged as not-a-virus:RiskWare.RemoteAdmin.GotomyPC.a. No Action Taken.

Sun May 15 23:25:01 2005 => Scanning File C:\WINDOWS\system32\hpzlnt07.dll
Sun May 15 23:25:01 2005 => Scanning File C:\WINDOWS\system32\pjlmon.dll
Sun May 15 23:25:01 2005 => Scanning File C:\WINDOWS\system32\tcpmon.dll
Sun May 15 23:25:01 2005 => Scanning File C:\WINDOWS\system32\usbmon.dll
Sun May 15 23:25:01 2005 => Scanning File C:\WINDOWS\system32\win32spl.dll
Sun May 15 23:25:01 2005 => Scanning File C:\WINDOWS\system32\inetpp.dll
Sun May 15 23:25:01 2005 => Scanning File C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzntp07.dll
Sun May 15 23:25:01 2005 => Scanning File C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku07.dll
Sun May 15 23:25:01 2005 => Scanning File C:\WINDOWS\system32\mscms.dll
Sun May 15 23:25:01 2005 => Scanning File C:\WINDOWS\asuskbservice.exe
Sun May 15 23:25:01 2005 => Scanning File C:\WINDOWS\system32\CTsvcCDA.exe
Sun May 15 23:25:01 2005 => Scanning File c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Sun May 15 23:25:01 2005 => Scanning File c:\PROGRA~1\mcafee.com\vso\vsoupd.dll
Sun May 15 23:25:01 2005 => Scanning File c:\PROGRA~1\mcafee.com\vso\NtClient.dll
Sun May 15 23:25:01 2005 => Scanning File c:\PROGRA~1\mcafee.com\vso\MCSCAN32.DLL
Sun May 15 23:25:02 2005 => Scanning File c:\PROGRA~1\mcafee.com\agent\mcagntps.dll
Sun May 15 23:25:02 2005 => Scanning File C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
Sun May 15 23:25:02 2005 => Scanning File C:\PROGRA~1\McAfee.com\PERSON~1\Localized.DLL
Sun May 15 23:25:02 2005 => Scanning File C:\WINDOWS\system32\MPFAPI.dll
Sun May 15 23:25:02 2005 => Scanning File C:\WINDOWS\system32\nvsvc32.exe
Sun May 15 23:25:02 2005 => Scanning File c:\windows\system32\wiaservc.dll
Sun May 15 23:25:02 2005 => Scanning File c:\windows\system32\CFGMGR32.dll
Sun May 15 23:25:02 2005 => Scanning File C:\WINDOWS\system32\ov519usd.dll
Sun May 15 23:25:02 2005 => Scanning File C:\WINDOWS\System32\actxprxy.dll
Sun May 15 23:25:02 2005 => Scanning File C:\WINDOWS\System32\sti.dll
Sun May 15 23:25:02 2005 => Scanning File C:\WINDOWS\system32\MsPMSPSv.exe
Sun May 15 23:25:02 2005 => Scanning File c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Sun May 15 23:25:02 2005 => Scanning File c:\PROGRA~1\mcafee.com\vso\Res00\McShield.DLL
Sun May 15 23:25:02 2005 => Scanning File c:\PROGRA~1\mcafee.com\vso\naiann.dll
Sun May 15 23:25:02 2005 => Scanning File c:\PROGRA~1\mcafee.com\vso\scanserv.dll
Sun May 15 23:25:02 2005 => Scanning File C:\WINDOWS\Explorer.EXE
Sun May 15 23:25:02 2005 => Scanning File C:\WINDOWS\system32\BROWSEUI.dll
Sun May 15 23:25:02 2005 => Scanning File C:\WINDOWS\system32\SHDOCVW.dll
Sun May 15 23:25:02 2005 => Scanning File C:\WINDOWS\System32\cscui.dll
Sun May 15 23:25:02 2005 => Scanning File C:\WINDOWS\System32\CSCDLL.dll
Sun May 15 23:25:02 2005 => Scanning File C:\WINDOWS\System32\themeui.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\System32\MSIMG32.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\system32\jtpl400.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\system32\oledlg.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\system32\urlmon.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\system32\LINKINFO.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\system32\MSCTF.dll
Sun May 15 23:25:03 2005 => Scanning File c:\progra~1\mcafee.com\vso\McVSSkt.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\System32\stobject.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\System32\BatMeter.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\system32\ctagent.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\system32\mslbui.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\System32\drprov.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\System32\ntlanman.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\System32\NETUI0.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\System32\NETUI1.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\System32\davclnt.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\system32\browselc.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\system32\DUSER.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\system32\shdoclc.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\system32\MLANG.dll
Sun May 15 23:25:03 2005 => Scanning File C:\WINDOWS\system32\nvcpl.dll
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\system32\OLEACC.dll
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\system32\nvshell.dll
Sun May 15 23:25:04 2005 => Scanning File C:\PROGRA~1\COMMON~1\Adobe\Shell\PSICON.DLL
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\System32\mydocs.dll
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\System32\zipfldr.dll
Sun May 15 23:25:04 2005 => Scanning File C:\PROGRA~1\WinRAR\rarext.dll
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\system32\printui.dll
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\system32\msdmo.dll
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\system32\perfos.dll
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\System32\l3codeca.acm
Sun May 15 23:25:04 2005 => Scanning File c:\PROGRA~1\INTERM~1\SPYSUB~1\sshook.dll
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\system32\DDRAW.dll
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\system32\DCIMAN32.dll
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\system32\D3DIM700.DLL
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\system32\wmvcore.dll
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\system32\WMASF.DLL
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\system32\wmpshell.dll
Sun May 15 23:25:04 2005 => Scanning File c:\progra~1\mcafee.com\vso\mcvsshl.dll
Sun May 15 23:25:04 2005 => Scanning File c:\progra~1\mcafee.com\vso\ShlRes.dll
Sun May 15 23:25:04 2005 => Scanning File C:\PROGRA~1\GlobalSCAPE\CuteFTP\CuteShell.dll
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\system32\nudenb32.dll
Sun May 15 23:25:04 2005 => File C:\WINDOWS\system32\nudenb32.dll infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.

Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\anvshell.exe
Sun May 15 23:25:04 2005 => Scanning File C:\WINDOWS\system32\ANVIOCTL.DLL
Sun May 15 23:25:05 2005 => Scanning File C:\WINDOWS\EIO.DLL
Sun May 15 23:25:05 2005 => Scanning File C:\PROGRA~1\Creative\SBAUDI~1\SURROU~1\CTSysVol.exe
Sun May 15 23:25:05 2005 => Scanning File C:\WINDOWS\system32\MFC42.DLL
Sun May 15 23:25:05 2005 => Scanning File C:\PROGRA~1\Creative\SBAUDI~1\SURROU~1\CTSysVol.crl
Sun May 15 23:25:05 2005 => Scanning File C:\PROGRA~1\Creative\SHARED~1\CTTheme.dll
Sun May 15 23:25:05 2005 => Scanning File C:\PROGRA~1\Creative\SHARED~1\CtrlSrc.dll
Sun May 15 23:25:05 2005 => Scanning File C:\PROGRA~1\Creative\SHARED~1\CTIniF.dll
Sun May 15 23:25:05 2005 => Scanning File C:\PROGRA~1\Creative\SHARED~1\GDICtrl.skc
Sun May 15 23:25:05 2005 => Scanning File C:\PROGRA~1\Creative\SHARED~1\RtxCtrl.skc
Sun May 15 23:25:05 2005 => Scanning File C:\PROGRA~1\Creative\SHARED~1\mxlib.dll
Sun May 15 23:25:05 2005 => Scanning File C:\WINDOWS\CTDCRES.DLL
Sun May 15 23:25:05 2005 => Scanning File C:\PROGRA~1\Creative\SBAUDI~1\DVDAudio\CTDVDDET.EXE
Sun May 15 23:25:05 2005 => Scanning File C:\PROGRA~1\Creative\SHARED~1\CTAudNav.DLL
Sun May 15 23:25:05 2005 => Scanning File C:\WINDOWS\system32\CTHELPER.EXE
Sun May 15 23:25:05 2005 => Scanning File C:\WINDOWS\SYSTEM32\CTDCIFCE.DLL
Sun May 15 23:25:05 2005 => Scanning File C:\WINDOWS\SYSTEM32\CTDC0001.DLL
Sun May 15 23:25:05 2005 => Scanning File C:\WINDOWS\SYSTEM32\ctosuser.dll
Sun May 15 23:25:05 2005 => Scanning File C:\WINDOWS\SYSTEM32\CTDPROXY.DLL
Sun May 15 23:25:05 2005 => Scanning File C:\WINDOWS\SYSTEM32\PIAPROXY.DLL
Sun May 15 23:25:06 2005 => Scanning File C:\WINDOWS\system32\ctspkhlp.dll
Sun May 15 23:25:06 2005 => Scanning File C:\WINDOWS\system32\DSOUND.dll
Sun May 15 23:25:06 2005 => Scanning File C:\WINDOWS\system32\KsUser.dll
Sun May 15 23:25:06 2005 => Scanning File C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
Sun May 15 23:25:06 2005 => Scanning File C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZR3207.DLL
Sun May 15 23:25:06 2005 => Scanning File C:\PROGRA~1\QUICKT~1\qttask.exe
Sun May 15 23:25:06 2005 => Scanning File C:\PROGRA~1\MI558C~1\type32.exe
Sun May 15 23:25:06 2005 => Scanning File C:\PROGRA~1\MI558C~1\type32.dll
Sun May 15 23:25:06 2005 => Scanning File C:\PROGRA~1\MI558C~1\dpgmkb.dll
Sun May 15 23:25:06 2005 => Scanning File C:\PROGRA~1\MI558C~1\dpgcmd.dll
Sun May 15 23:25:06 2005 => Scanning File C:\PROGRA~1\MI558C~1\srres.dll
Sun May 15 23:25:06 2005 => Scanning File C:\PROGRA~1\MI558C~1\ITRes.dll
Sun May 15 23:25:06 2005 => Scanning File C:\PROGRA~1\Google\GMAILN~1\G001-1~1.0\gnotify.exe
Sun May 15 23:25:06 2005 => Scanning File C:\WINDOWS\system32\riched20.dll
Sun May 15 23:25:06 2005 => Scanning File C:\WINDOWS\system32\pstorec.dll
Sun May 15 23:25:06 2005 => Scanning File C:\WINDOWS\system32\NvMcTray.dll
Sun May 15 23:25:07 2005 => Scanning File C:\PROGRA~1\EXPERT~1\GoToMyPC\g2svc.exe
Sun May 15 23:25:07 2005 => Scanning File C:\PROGRA~1\Java\JRE15~2.0_0\bin\jusched.exe
Sun May 15 23:25:07 2005 => Scanning File C:\PROGRA~1\iTunes\ITUNES~1.EXE
Sun May 15 23:25:07 2005 => Scanning File C:\PROGRA~1\iTunes\ITUNES~3.RES\ENBEFF~1.LPR\ITUNES~1.DLL
Sun May 15 23:25:07 2005 => Scanning File C:\PROGRA~1\iTunes\ITUNES~3.RES\ITUNES~1.DLL
Sun May 15 23:25:07 2005 => Scanning File C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Sun May 15 23:25:07 2005 => Scanning File C:\PROGRA~1\McAfee.com\VSO\VsCfgW32.dll
Sun May 15 23:25:07 2005 => Scanning File c:\PROGRA~1\mcafee.com\agent\submgr\5_1_0_~1\mcsubmgr.dll
Sun May 15 23:25:07 2005 => Scanning File C:\PROGRA~1\mcafee.com\vso\ashldres.dll
Sun May 15 23:25:07 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
Sun May 15 23:25:07 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\CoreDll.dll
Sun May 15 23:25:07 2005 => Scanning File C:\WINDOWS\system32\MSVCP71.dll
Sun May 15 23:25:07 2005 => Scanning File C:\WINDOWS\system32\MSVCR71.dll
Sun May 15 23:25:07 2005 => Scanning File C:\WINDOWS\system32\MFC71U.DLL
Sun May 15 23:25:07 2005 => Scanning File C:\WINDOWS\system32\MFC71ENU.DLL
Sun May 15 23:25:07 2005 => Scanning File C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Sun May 15 23:25:07 2005 => Scanning File C:\PROGRA~1\mcafee.com\agent\SCRes.dll
Sun May 15 23:25:07 2005 => Scanning File c:\progra~1\mcafee.com\vso\mcvsescn.exe
Sun May 15 23:25:08 2005 => Scanning File c:\progra~1\mcafee.com\vso\EmScnRes.dll
Sun May 15 23:25:08 2005 => Scanning File c:\PROGRA~1\mcafee.com\agent\McUILib.DLL
Sun May 15 23:25:08 2005 => Scanning File C:\WINDOWS\system32\riched32.dll
Sun May 15 23:25:08 2005 => Scanning File c:\progra~1\mcafee.com\vso\McVsWorm.dll
Sun May 15 23:25:08 2005 => Scanning File c:\progra~1\mcafee.com\vso\WormRes.dll
Sun May 15 23:25:08 2005 => Scanning File C:\PROGRA~1\iPod\bin\IPODSE~1.EXE
Sun May 15 23:25:08 2005 => Scanning File C:\PROGRA~1\iPod\bin\IPODSE~1.RES\ENBEFF~1.LPR\IPODSE~1.DLL
Sun May 15 23:25:08 2005 => Scanning File C:\PROGRA~1\iPod\bin\IPODSE~1.RES\IPODSE~1.DLL
Sun May 15 23:25:08 2005 => Scanning File C:\WINDOWS\system32\IMM32.dll
Sun May 15 23:25:08 2005 => Scanning File C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
Sun May 15 23:25:08 2005 => Scanning File C:\PROGRA~1\MSNMES~1\MsnMsgr.Exe
Sun May 15 23:25:08 2005 => Scanning File C:\PROGRA~1\MSNMES~1\MSGSLANG.DLL
Sun May 15 23:25:08 2005 => Scanning File C:\PROGRA~1\MSNMES~1\custsat.dll
Sun May 15 23:25:08 2005 => Scanning File C:\WINDOWS\System32\devenum.dll
Sun May 15 23:25:08 2005 => Scanning File C:\WINDOWS\system32\dpnhupnp.dll
Sun May 15 23:25:08 2005 => Scanning File C:\WINDOWS\System32\jscript.dll
Sun May 15 23:25:08 2005 => Scanning File C:\WINDOWS\System32\vbscript.dll
Sun May 15 23:25:08 2005 => Scanning File C:\WINDOWS\system32\macromed\flash\Flash.ocx
Sun May 15 23:25:08 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\mim.exe
Sun May 15 23:25:08 2005 => Scanning File C:\WINDOWS\system32\ATL71.DLL
Sun May 15 23:25:08 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\MIMSES~1.DLL
Sun May 15 23:25:09 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\mimDB.dll
Sun May 15 23:25:09 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\ATTRIB~1.DLL
Sun May 15 23:25:09 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\THREAD~2.DLL
Sun May 15 23:25:09 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\USAGEB~1.DLL
Sun May 15 23:25:09 2005 => Scanning File C:\WINDOWS\System32\msjetoledb40.dll
Sun May 15 23:25:09 2005 => Scanning File C:\WINDOWS\System32\msjet40.dll
Sun May 15 23:25:09 2005 => Scanning File C:\WINDOWS\System32\mswstr10.dll
Sun May 15 23:25:09 2005 => Scanning File C:\WINDOWS\System32\msjter40.dll
Sun May 15 23:25:09 2005 => Scanning File C:\WINDOWS\System32\MSJINT40.DLL
Sun May 15 23:25:09 2005 => Scanning File C:\PROGRA~1\COMMON~1\System\OLEDB~1\oledb32.dll
Sun May 15 23:25:09 2005 => Scanning File C:\WINDOWS\system32\MSDART.DLL
Sun May 15 23:25:09 2005 => Scanning File C:\PROGRA~1\COMMON~1\System\OLEDB~1\OLEDB32R.DLL
Sun May 15 23:25:09 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\DEVICE~2.DLL
Sun May 15 23:25:09 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\EventMgr.dll
Sun May 15 23:25:09 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\mimJobs.dll
Sun May 15 23:25:09 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\licmgr.dll
Sun May 15 23:25:09 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\mmgit.dll
Sun May 15 23:25:09 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\mmdrm.dll
Sun May 15 23:25:09 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\TRACKU~1.DLL
Sun May 15 23:25:09 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\OBJECT~1.DLL
Sun May 15 23:25:09 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\PORTAL~1.DLL
Sun May 15 23:25:09 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\Enforce.dll
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\Crypt.dll
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\MMReg.dll
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\SKINNE~1.DLL
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\STREAM~2.DLL
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\TOD_FA~1.DLL
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\CDDVD_~1.DLL
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\PO9693~1.DLL
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\LOCALD~2.DLL
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\STREAM~1.DLL
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\TOD_DO.dll
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\COMPON~1\stingray.dll
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\FILECA~1.DLL
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\METADA~2.DLL
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\WINMSG~1.DLL
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\FILETA~2.DLL
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\PORTAB~4.DLL
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\PORTAB~2.DLL
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\PORTAB~1.DLL
Sun May 15 23:25:10 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\BASICO~2.DLL
Sun May 15 23:25:11 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\GRAPHI~1.DLL
Sun May 15 23:25:11 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\COMPON~1\mxlobj.dll
Sun May 15 23:25:11 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\MMSAL32.dll
Sun May 15 23:25:11 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\mmlicmgr.dll
Sun May 15 23:25:11 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\CdDvd_DO.dll
Sun May 15 23:25:11 2005 => Scanning File C:\WINDOWS\System32\msjtes40.dll
Sun May 15 23:25:11 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\RBCDRE~1.DLL
Sun May 15 23:25:11 2005 => Scanning File C:\WINDOWS\system32\VBAJET32.DLL
Sun May 15 23:25:11 2005 => Scanning File C:\WINDOWS\system32\expsrv.dll
Sun May 15 23:25:11 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\COMPON~1\legacy.dll
Sun May 15 23:25:11 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\COMPON~1\INIPRO~1.DLL
Sun May 15 23:25:11 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\COMPON~1\mmc.dll
Sun May 15 23:25:11 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\COMPON~1\mmc3.dll
Sun May 15 23:25:11 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\LOCALD~1.DLL
Sun May 15 23:25:11 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\Plugins\PORTAB~2\WMDM\MDPlugin.dll
Sun May 15 23:25:11 2005 => Scanning File C:\WINDOWS\system32\MSWMDM.dll
Sun May 15 23:25:11 2005 => Scanning File C:\WINDOWS\system32\WMDMPS.dll
Sun May 15 23:25:11 2005 => Scanning File C:\WINDOWS\system32\MsPMSP.dll
Sun May 15 23:25:11 2005 => Scanning File C:\PROGRA~1\Ahead\WMPBurn\NEROBU~1.DLL
Sun May 15 23:25:12 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\WAVMP3~1.DLL
Sun May 15 23:25:12 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\DUMMYT~1.DLL
Sun May 15 23:25:12 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\WmaObj.dll
Sun May 15 23:25:12 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\PLAYLI~2.DLL
Sun May 15 23:25:12 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\PLAYLI~3.DLL
Sun May 15 23:25:12 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\PLAYLI~4.DLL
Sun May 15 23:25:12 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\MMInet.dll
Sun May 15 23:25:12 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\NETUTI~1.DLL
Sun May 15 23:25:12 2005 => Scanning File C:\PROGRA~1\MUSICM~1\MUSICM~1\MMHttp.dll
Sun May 15 23:25:12 2005 => Scanning File C:\PROGRA~1\ASUS\SMARTD~1\SMARTD~1.EXE
Sun May 15 23:25:12 2005 => Scanning File C:\PROGRA~1\ASUS\SMARTD~1\MSVCP60.dll
Sun May 15 23:25:12 2005 => Scanning File C:\PROGRA~1\ASUS\SMARTD~1\EIO.DLL
Sun May 15 23:25:12 2005 => Scanning File C:\PROGRA~1\ASUS\SMARTD~1\nvgpio.dll
Sun May 15 23:25:12 2005 => Scanning File C:\WINDOWS\System32\mshtml.dll
Sun May 15 23:25:12 2005 => Scanning File C:\WINDOWS\System32\msls31.dll
Sun May 15 23:25:12 2005 => Scanning File C:\WINDOWS\System32\msimtf.dll
Sun May 15 23:25:12 2005 => Scanning File C:\WINDOWS\System32\mshtmled.dll
Sun May 15 23:25:12 2005 => Scanning File C:\WINDOWS\system32\ctfmon.exe
Sun May 15 23:25:12 2005 => Scanning File C:\WINDOWS\system32\MSUTB.dll
Sun May 15 23:25:12 2005 => Scanning File C:\PROGRA~1\INTERM~1\SPYSUB~1\SpySub.exe
Sun May 15 23:25:12 2005 => Scanning File c:\PROGRA~1\INTERM~1\SPYSUB~1\en-us.dll
Sun May 15 23:25:13 2005 => Scanning File c:\PROGRA~1\INTERM~1\SPYSUB~1\ssengine.dll
Sun May 15 23:25:13 2005 => Scanning File C:\PROGRA~1\COMMON~1\System\ado\msado15.dll
Sun May 15 23:25:13 2005 => Scanning File C:\PROGRA~1\COMMON~1\System\ado\msadrh15.dll
Sun May 15 23:25:13 2005 => Scanning File c:\progra~1\mcafee.com\vso\mcvsftsn.exe
Sun May 15 23:25:13 2005 => Scanning File C:\PROGRA~1\MESSEN~1\msmsgs.exe
Sun May 15 23:25:13 2005 => Scanning File C:\WINDOWS\system32\XPOB2RES.DLL
Sun May 15 23:25:13 2005 => Scanning File C:\PROGRA~1\EXPERT~1\GoToMyPC\g2comm.exe
Sun May 15 23:25:13 2005 => Scanning File C:\WINDOWS\system32\pdh.dll
Sun May 15 23:25:13 2005 => Scanning File C:\WINDO
  • 0

#5
infinitydragon
Posted 15 May 2005 - 09:40 PM

infinitydragon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
continued from previous post :


[**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\clear[1].gif [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\comments_lock[1].gif [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\common[1].css
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\company_logo[1].gif [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\contacton[1].gif [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\copyright[1].gif [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\corner-bl[1].gif [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\counter[1].js
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\cowboy[1].gif [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\CPalertICON-24[1].png [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\crs_918[1].gif [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\CR[6G85{V@5{]!,P@MN3V0[1].jpg [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\css2[1].css
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\css_8[1].css
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\curve_left[1].gif [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\custom[1].css
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\c[1].gif [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\c_needhelp[1].jpg [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\dash_horizontal_1x3[1].gif [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\dcamera_btn0[1].jpg [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\desktop.ini [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\digitalb[1].css
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\donate[1].gif [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\dot[1].gif [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\download[1].htm
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\Dragonshard_100[1].jpg [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\ebInteractionTimeV55[1].swf [**]
Sun May 15 23:28:02 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\email[1].htm
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\Empty_Movie[1].swf [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\exp_plus[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\eyebrow-upper-right-corner[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\fedx[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\find[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\fluorescent[1].jpg [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\footerbbg[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\footerlogotop[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\footer_eft[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\forza_101404_spot[1].jpg [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\funnyfarmcomedyclub[1].htm
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\f_closed[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\f_hot[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\f_hot_no[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\g25lpLearnMore2[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\g25UKlpBody[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\g2logo[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\gds1[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\getseal[1].swf [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\GlobalStore[1].js
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\gmail[1] [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\gmail[2] [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\go-button-gateway[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\gs_logo[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\G``FLI+[B!5!45QR2{`V8K[1].jpg [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\halogena[1].jpg [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\halogens[1].htm
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\halo_bipin[1].jpg [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\hdr35[1].js
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\header-links_l[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\headerfooter[1].js
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\headerNonPFP[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\headerrght[1].gif [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\header[1].vbs
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\header[2].vbs
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\help[1].jpg [**]
Sun May 15 23:28:03 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\hivetab_icon[1].png [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\hoh darth[1].jpg [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\home[1].css
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\home_mid1[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\HoTMaiL[1].htm
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\hotutilities_150x47[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\hover[1].htc [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\hover[2].htc [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\hp1021[1].css
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\hpImage_woman4_364x194[1].jpg [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\h_2[1].jpg [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\h_link_line[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\h_logo[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\i.2650FC[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\i.F424A[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\i.F4693[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\i.p.cal.note[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\i.p.delete[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\i.p.error[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\i.p.folder.inbox[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\i.p.folder[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\i.p.importance.h[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\i.p.new[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\i.p.notjunk[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\i.p.writenew[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\icn_i_grey_12x12[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\icon-furlit[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\icon14[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\icon7[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\icon8[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\icon_15x15[1].png [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\icon_warning_48x481[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\image[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\IM_LAUNCH05_logivid_234x60_0405_Extra_OF[1].jpg [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\indexon[1].gif [**]
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\index[1].htm
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\index[2].htm
Sun May 15 23:28:04 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\index[4].htm
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\index[5].htm
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\index[6].htm
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\infobar[1].css
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\innerbottomleft[1].gif [**]
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\InstUtil[1].vbs
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\listen[1].gif [**]
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\load_plgn[1].htm
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\logo-on[1].gif [**]
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\logo[1].gif [**]
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\mac_apple[1].gif [**]
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\main3[1].swf [**]
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\menuicon[1].gif [**]
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\menuitem_us_em_1_test[1].xml
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\menuitem_us_em_2_test[1].xml
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\menuitem_us_em_3_test[1].xml
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\menuitem_us_em_4_test[1].xml
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\menuitem_us_em_5_test[1].xml
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\menuitem_us_mb_1_test[1].xml
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\menuitem_us_mb_2_test[1].xml
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\menuitem_us_pe_2_test[1].xml
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\menuitem_us_pe_3_test[1].xml
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\menuitem_us_pe_4_test[1].xml
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\menuitem_us_wk_5_test[1].xml
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\menuitem_us_wk_6_test[1].xml
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\menuitem_us_wk_7_test[1].xml
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\menuitem_us_wk_8_test[1].xml
Sun May 15 23:28:05 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\menu_sbmail[1].swf [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\merch02_lfh[1].jpg [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\merch_fresh[1].jpg [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\mm_menu[1].js
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\mode_threaded[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\moreinfo[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\mp3[1].jpg [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\msft94[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\msnbclogo[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\my_account[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\n2CoreCSS-n2v1-900[1].css
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\naild_logo[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\navbg[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\nav_contact2[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\nav_contact[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\nav_friends[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\nib_channel[1].css
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\none[1].htm
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\nospam[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\no_image_100X100[1].jpg [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\N~T_E8+VFX2U04]X`57T`F[1].jpg [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\od-logo-143[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\oraclemag234x60anim[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\orange-arrow[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\pageTitle_right_10x20[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\parasite-data[1].js
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\payment[1].css
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\paypal_logo[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\pbar[1].vbs
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\pcAnswersLogoQuote[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\pcdocanim_170x200[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\pc_vanguard_042705_spot[1].jpg [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\personality_255x223[1].jpg [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\post-16142-1108808285_thumb[1].jpg [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\prevnextbkg[1].gif [**]
Sun May 15 23:28:06 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\products[1].htm
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\promo-botcap2[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\p_offline[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\ql_cornerOpen_21x18[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\quot-bot-bg[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\quot-lr-bg[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\quot-top-right-10[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\quoting-right[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\redir[1].htm
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\refresh[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\regleftnavBL[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\regleftnavTL[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\repoffline[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\rightnow[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\right_both[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\right_con1[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\sample_settings[1].js
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\sbcookiesnform_big[1].js
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\sbemail129[1].swf [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\schneller[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\sdc_buyit_button[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\search[1].htm
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\search[2].htm
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\search[3].htm
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\search_application[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\shopbag[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\small-blue-electronics-icon[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\smarticon[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\smile[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\smile[2].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\spcollapse_smalllogo[1].gif [**]
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\spdbupdate[1].php
Sun May 15 23:28:07 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\splash_5[1].jpg [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\splash_atlanta_lnk_2[1].jpg [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\splintercellchaos_spot[1].jpg [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\sppush[1].php
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\sppush[2].php
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\sppush[3].php
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\springwood_hthumb[1].jpg [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\spyware2[1].gif [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\standard[1].css
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\subbox_left[1].gif [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\subhead_bg[1].gif [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\subnav-secondary-bg[1].gif [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\surrender[1].gif [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\system_btn0[1].jpg [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\tab.bg.dln[1].gif [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\tab.separator.on.r[1].gif [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\tables[1].css
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\tabs-line[1].gif [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\tabs-middle-off-onleft[1].gif [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\telephone[1].gif [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\tile_cat[1].gif [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\topnav_things_off[1].gif [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\top_profile[1].gif [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\top_search[1].gif [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\TZ98__Einstiein[1].jpg [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\us.mcafee[1].htm
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\us.mcafee[2].htm
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\us[1].htm
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\valert[1].ui [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\validateEmail[1].js
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\vbulletin_md5[1].js
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\vertical_solution_PP[1].gif [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\view[1].gif [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\view_cart[1].jpg [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\voice_bkg_line[1].gif [**]
Sun May 15 23:28:08 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\wacko[1].gif [**]
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\warning[1].gif [**]
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\warrior_header_2[1].gif [**]
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\wine-com-logo[1].gif [**]
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\wintask32x32[1].gif [**]
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\wtbox[1].gif [**]
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\wttest[1].gif [**]
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\xenon[1].jpg [**]
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPQRSTUV\x[1].js
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR10.tmp
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR11.tmp
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR15.tmp
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR17.tmp
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR18.tmp
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR1D.tmp
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR21.tmp
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR22.tmp
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR23.tmp
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR25.tmp
Sun May 15 23:28:09 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR26.tmp
Sun May 15 23:28:10 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR27.tmp
Sun May 15 23:28:10 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR28.tmp
Sun May 15 23:28:10 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR29.tmp
Sun May 15 23:28:10 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR2A.tmp
Sun May 15 23:28:10 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR2B.tmp
Sun May 15 23:28:10 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR2C.tmp
Sun May 15 23:28:10 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR2D.tmp
Sun May 15 23:28:10 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR2E.tmp
Sun May 15 23:28:10 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR2F.tmp
Sun May 15 23:28:10 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR30.tmp
Sun May 15 23:28:10 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR31.tmp
Sun May 15 23:28:10 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR32.tmp
Sun May 15 23:28:10 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR33.tmp
Sun May 15 23:28:11 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR34.tmp
Sun May 15 23:28:11 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR35.tmp
Sun May 15 23:28:11 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR36.tmp
Sun May 15 23:28:11 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR37.tmp
Sun May 15 23:28:11 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR38.tmp
Sun May 15 23:28:11 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR39.tmp
Sun May 15 23:28:11 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR3A.tmp
Sun May 15 23:28:11 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR3B.tmp
Sun May 15 23:28:11 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR3C.tmp
Sun May 15 23:28:11 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR3D.tmp
Sun May 15 23:28:11 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR3F.tmp
Sun May 15 23:28:11 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR4.tmp
Sun May 15 23:28:11 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR40.tmp
Sun May 15 23:28:11 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR41.tmp
Sun May 15 23:28:11 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR42.tmp
Sun May 15 23:28:12 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR44.tmp
Sun May 15 23:28:12 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR45.tmp
Sun May 15 23:28:12 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR46.tmp
Sun May 15 23:28:12 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR47.tmp
Sun May 15 23:28:12 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR48.tmp
Sun May 15 23:28:12 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR49.tmp
Sun May 15 23:28:12 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR4B.tmp
Sun May 15 23:28:12 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR4E.tmp
Sun May 15 23:28:12 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR4F.tmp
Sun May 15 23:28:12 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR5.tmp
Sun May 15 23:28:12 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR50.tmp
Sun May 15 23:28:12 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR52.tmp
Sun May 15 23:28:12 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR53.tmp
Sun May 15 23:28:12 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR54.tmp
Sun May 15 23:28:12 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR55.tmp
Sun May 15 23:28:12 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR57.tmp
Sun May 15 23:28:12 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR58.tmp
Sun May 15 23:28:13 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR59.tmp
Sun May 15 23:28:13 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR5A.tmp
Sun May 15 23:28:13 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR5B.tmp
Sun May 15 23:28:13 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR5C.tmp
Sun May 15 23:28:13 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR5E.tmp
Sun May 15 23:28:13 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR5F.tmp
Sun May 15 23:28:13 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR60.tmp
Sun May 15 23:28:13 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR64.tmp
Sun May 15 23:28:13 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR66.tmp
Sun May 15 23:28:13 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR68.tmp
Sun May 15 23:28:13 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR6B.tmp
Sun May 15 23:28:13 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR6C.tmp
Sun May 15 23:28:13 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR6D.tmp
Sun May 15 23:28:13 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR7.tmp
Sun May 15 23:28:14 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR70.tmp
Sun May 15 23:28:14 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR71.tmp
Sun May 15 23:28:14 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR74.tmp
Sun May 15 23:28:14 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR75.tmp
Sun May 15 23:28:14 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR7B.tmp
Sun May 15 23:28:14 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR7D.tmp
Sun May 15 23:28:14 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR8.tmp
Sun May 15 23:28:14 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR80.tmp
Sun May 15 23:28:14 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR84.tmp
Sun May 15 23:28:14 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR85.tmp
Sun May 15 23:28:14 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR89.tmp
Sun May 15 23:28:14 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR8D.tmp
Sun May 15 23:28:14 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR9.tmp
Sun May 15 23:28:14 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR95.tmp
Sun May 15 23:28:14 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFR99.tmp
Sun May 15 23:28:15 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRA.tmp
Sun May 15 23:28:15 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRA1.tmp
Sun May 15 23:28:15 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRA2.tmp
Sun May 15 23:28:15 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRAB.tmp
Sun May 15 23:28:15 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRAC.tmp
Sun May 15 23:28:15 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRAD.tmp
Sun May 15 23:28:15 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRB.tmp
Sun May 15 23:28:15 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRB0.tmp
Sun May 15 23:28:15 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRB4.tmp
Sun May 15 23:28:15 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRB5.tmp
Sun May 15 23:28:15 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRB8.tmp
Sun May 15 23:28:15 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRBA.tmp
Sun May 15 23:28:15 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRC.tmp
Sun May 15 23:28:15 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRC3.tmp
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRC4.tmp
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRC8.tmp
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRCC.tmp
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRD.tmp
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRD0.tmp
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\TFRD4.tmp
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\tmp-1.xpi [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\tmp-2.xpi [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\tmp.xpi [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\travelocity.bmp [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj001.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj002.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj003.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj004.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj005.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj006.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj007.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj008.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj009.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj010.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj011.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj012.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj013.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj014.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj015.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj016.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj017.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj018.avc [**]
Sun May 15 23:28:16 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj019.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj020.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj021.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj022.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj023.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj024.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj025.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\troj026.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\UninstallStrings.ini [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp000.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp001.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp002.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp003.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp004.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp005.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp006.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp007.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp008.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp009.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp010.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp011.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp012.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp013.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp014.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp015.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp016.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp017.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp018.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp019.avc [**]
Sun May 15 23:28:17 2005 => Scanning File C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\unp020.avc [**]
Sun May 1
  • 0

#6
infinitydragon
Posted 15 May 2005 - 09:42 PM

infinitydragon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
insipid... whoops... sorry man, just saw your little addition to our chat, I went ahead and sent the whole log, but I imagine what you need is in the first portion, let me know thanks!!

- Jason
  • 0

#7
insipid
Posted 16 May 2005 - 10:10 PM

insipid

    Visiting Staff

  • Member
  • PipPipPip
  • 313 posts
infinitydragon, I apologize for the delay, I researching your log this morning when I realized I was late for work :tazz:.

First off, those Hosts entries you posted are good. They're all malicious sites being redirected to 127.0.0.1, which is 'Home', your local computer. I'm not certain what's doing that, maybe SpySubtract. In any case, if it worries you overmuch, let me know I'll look over your Hosts file and give some recommendations.

There are a couple things in your Silent Runners log I'd like to check.

Please double-click on My Computer and locate the file "C:\WINDOWS\system32\duspex.dll". Right-click on it and choose "Properties", then click on the "Version" tab at the top. Click on "Comments", "Company", "File Version", and "Internal Name" and please post whatever the text in the box immediately to the right says for each.

Repeat the process for C:\WINDOWS\system32\jtpl400.dll.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Run a full scan with Ewido, and clean any infected files found, and save the log from the scan.

Reboot and post a new HijackThis log, the Ewido scan results, and the information from the two files you checked out.
  • 0

#8
infinitydragon
Posted 18 May 2005 - 09:46 PM

infinitydragon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Insipid,

Ok, I don't have a duspex.dll file, but I did have a jtpl400.dll which only have a general tab and not the others you mentioned. Ewido found that dll when doing a memory scan however, it could not clean it. Here is the log from Ewido for the memory scan :

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:30:10 PM, 5/18/2005
+ Report-Checksum: B32B259A

+ Date of database: 5/19/2005
+ Version of scan engine: v3.0

+ Duration: 1 min
+ Scanned Files: 49
+ Speed: 0.59 Files/Second
+ Infected files: 2
+ Removed files: 1
+ Files put in quarantine: 1
+ Files that could not be opened: 0
+ Files that could not be cleaned: 1

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
Memory

+ Scan result:
C:\WINDOWS\system32\jtpl400.dll / PID: 1232 -> Spyware.Look2Me.ab -> Error during cleaning
C:\WINDOWS\system32\nudenb32.dll / PID: 1784 -> Spyware.Look2Me.ab -> Cleaned with backup


::Report End

--------------------------------------------------------------

After that I ran a full scan from Ewido which took forever and found a few more things which all cleaned well... or so I thought. Moments after I cleaned those files, I start getting icons on my desktop referring to "Remove Spyware" and "Get $400 blackjack" blah blah blah. Then some other process caused SpySubtract to get set off. I got so ticked, I forgot to save the Full scan log as well as remember the process that started giving me problems. It started with a "B" like Bundle Software etc.

Seems like everytime I try to take this sucker down, it fights back!! What can I do now?
  • 0

#9
insipid
Posted 19 May 2005 - 07:43 AM

insipid

    Visiting Staff

  • Member
  • PipPipPip
  • 313 posts
infinitydragon, I know how frustrating this can be. Hang in there, we'll get you fixed up.

These two entries are bugging me:

O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

They are installed with Promise RAID Controllers, but some sources classify them as malware. Do you have a RAID array? Don't fix those lines yet, just let me know.


Please disable Spysubtract before following these instructions, it may interfere with our fix.


Rescan with HijackThis and place a checkmark next to the following entry:

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab


Now, close all windows including your browser and then click "Fix Checked" in Hijackthis.

Please delete this file using Windows Explorer(if present):

C:\WINDOWS\system32\jtpl400.dll

Reboot, and post a new HJT log. If that bad process sets Spysubtract off, please write it down for me. Also, tell me if you have trouble deleting that file.
  • 0

#10
infinitydragon
Posted 19 May 2005 - 07:01 PM

infinitydragon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
insipid,

Thanks for the help. I'm in it to win it as long as you are here to help me through this. Ok, so I wasn't able to remove that DLL you wanted me to manually remove. I don't have a good feeling about it. Since the last thing you had me to, I now how a popup error kind of window when I first boot the computer. (see attached screenshot) That and a bunch more icons on my desktop. After running Adware professional, spybot, spysubtract and more on my computer I'm certain we'll have to manually take something out to keep it from coming back?

Anyways, I do have a RAID array, I saw where those were suspect, but I think they are fine. If all else fails we can attack those RAID entries. Below is my HJT log, I did successfully remove that cab registry entry you mentioned. What next. :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 8:56:41 PM, on 5/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\asuskbservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\anvshell.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\VBouncer\BundleOuter.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\GLB1.tmp
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Jason Prance\My Documents\HijackThis\HijackThis.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [tsvcin] C:\Documents and Settings\Jason Prance\n20050308.EXE
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094274699265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresp...t/TLIEFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Attached Files


  • 0

Advertisements

#11
insipid
Posted 20 May 2005 - 09:26 AM

insipid

    Visiting Staff

  • Member
  • PipPipPip
  • 313 posts
infinitydragon, for some reason I can't open that sceenshot you provided. Can you describe it for me?

Well, let's kill that file:
  • Start Hijackthis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the button labeled Delete a file on reboot...
  • A new window will open asking you to select the file that you would like to delete on reboot. Navigate to C:\WINDOWS\system32\jtpl400.dll and click on it once, and then click on the Open button.
  • You will now be asked if you would like to reboot your computer to delete the file. Click on the Yes button.
I also think we should leave your RAID array alone. Let me know if deleting that file helps.
  • 0

#12
infinitydragon
Posted 21 May 2005 - 12:53 PM

infinitydragon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
hi insipid. Doing that process did not delete that file... Its still there after I rebooted. That file I sent is a microsoft word doc, however I can describe. It's a tiny window that with a title of "install" that says "could not communicate to the network server, error 25" with two options "abort" "retry". I'm also now getting a g2comm.exe application error right before I shut down windows... that's also new since we started along with more and more weird icons on my desktop and the usual popups I get.

Ugh...

- Jason
  • 0

#13
insipid
Posted 21 May 2005 - 07:34 PM

insipid

    Visiting Staff

  • Member
  • PipPipPip
  • 313 posts
Let's go about this a little differently.

Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
  • 0

#14
infinitydragon
Posted 22 May 2005 - 06:52 AM

infinitydragon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here you go, insipid.



L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{248E3650-9D3E-0CB8-642D-FE6D049705A9}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{A2569D1F-4E06-43EC-9825-0088B471BE47}"="IntelliType Pro Wireless Control Panel Property Page"
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}"="IntelliType Pro Scrolling Control Panel Property Page"
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}"="IntelliType Pro Key Settings Control Panel Property Page"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{8f7261d0-d2b9-11d2-9909-00605205b24c}"="CuteFTP Shell Extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"="CopyToCD shell extension"
"{B1C9E07D-4B92-4EEB-8F40-4CA47C4E9F5E}"=""
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"="SpySubtract Shell Extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B1C9E07D-4B92-4EEB-8F40-4CA47C4E9F5E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B1C9E07D-4B92-4EEB-8F40-4CA47C4E9F5E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B1C9E07D-4B92-4EEB-8F40-4CA47C4E9F5E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B1C9E07D-4B92-4EEB-8F40-4CA47C4E9F5E}\InprocServer32]
@="C:\\WINDOWS\\system32\\jtpl400.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
authz.dll Wed Mar 2 2005 2:09:30p A.... 56,832 55.50 K
browseui.dll Thu Mar 10 2005 4:02:34a A.... 1,016,832 993.00 K
cdfview.dll Thu Mar 10 2005 4:02:34a A.... 151,040 147.50 K
ctseqchk.dll Sat May 21 2005 9:42:28p ..S.R 234,272 228.78 K
gearaspi.dll Mon Mar 7 2005 11:52:48a A.... 79,432 77.57 K
iepeers.dll Thu Mar 10 2005 4:02:34a A.... 250,880 245.00 K
inseng.dll Thu Mar 10 2005 4:02:34a A.... 96,256 94.00 K
jtpl400.dll Tue May 10 2005 5:14:16p ..S.R 234,272 228.78 K
mcinsctl.dll Mon Mar 7 2005 3:05:30p A.... 341,568 333.56 K
mshtml.dll Thu Mar 10 2005 4:02:34a A.... 3,010,560 2.87 M
msi.dll Wed May 4 2005 2:45:32p A.... 2,890,240 2.75 M
msihnd.dll Mon Mar 21 2005 3:00:22p A.... 271,360 265.00 K
msimsg.dll Mon Mar 21 2005 3:00:22p A.... 884,736 864.00 K
msisip.dll Mon Mar 21 2005 3:00:22p A.... 15,360 15.00 K
msrating.dll Thu Mar 10 2005 4:02:34a A.... 146,432 143.00 K
rhipxmib.dll Sat May 21 2005 9:26:04p ..S.R 234,272 228.78 K
shdocvw.dll Thu Mar 10 2005 4:02:34a A.... 1,483,264 1.41 M
shell32.dll Mon Feb 28 2005 7:11:18p A.... 8,450,048 8.06 M
shlwapi.dll Thu Mar 10 2005 4:02:34a A.... 473,600 462.50 K
spmsg.dll Wed May 4 2005 2:45:26p ..... 13,536 13.22 K
sporder.dll Tue Apr 26 2005 7:13:24p A.... 8,464 8.27 K
urlmon.dll Thu Mar 10 2005 4:02:36a A.... 607,744 593.50 K
user32.dll Wed Mar 2 2005 2:09:30p A.... 577,024 563.50 K
wininet.dll Thu Mar 10 2005 4:02:36a A.... 656,896 641.50 K
winsrv.dll Wed Mar 2 2005 2:09:30p A.... 291,328 284.50 K

25 items found: 25 files (3 H/S), 0 directories.
Total of file sizes: 22,476,248 bytes 21.43 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Wed May 18 2005 11:27:46p ..S.R 234,272 228.78 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 234,272 bytes 228.78 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is C891-F8AB

Directory of C:\WINDOWS\System32

05/21/2005 09:42 PM 234,272 ctseqchk.dll
05/21/2005 09:26 PM 234,272 rhipxmib.dll
05/19/2005 03:00 AM <DIR> dllcache
05/18/2005 11:27 PM 234,272 guard.tmp
05/10/2005 05:14 PM 234,272 jtpl400.dll
04/06/2005 09:58 PM 12,208 KGyGaAvL.sys
09/04/2004 12:32 PM <DIR> Microsoft
5 File(s) 949,296 bytes
2 Dir(s) 58,764,730,368 bytes free
  • 0

#15
infinitydragon
Posted 22 May 2005 - 01:37 PM

infinitydragon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
insipid,

I've just done a bit more of the usual running and re-running of all my adware/spyware cleaners and to me all I can see is that 9 registry entries in particular won't go away. SpySubtract is the only one that finds them and when I delete them, they come back immediately. These registry entries are :

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\Service


Also that DLL file you want me to remove will not go away even when I go into safe mode to delete it.

Hope this helps. - Jason
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP