Problem : 1) Can't install anything as the system thinks there is an install in process. Tells me to complete the first install.
2) Windows will NOT shutdown. Gets to the Windows shutting down screen and freezes. Let it sit over night without any change. Was able to shutdown in safe mode. Tried system restore. Went throguh the entire process only to be told that it was unsuccessful.
Appreciate any help or assistance that can be provided to clean up these problems.
Copied below are the log files from
-- HijackThis
-- Ad-Aware
-- StartupList
-- SystemClean
Sorry about the long listing, but not sure which you might need ......
Logfile of HijackThis v1.99.1
Scan saved at 9:01:27 AM, on 7/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\BugHunt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.formature...d=272&keywords=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\AIM Phone\n2paim.exe
O9 - Extra 'Tools' menuitem: AIM Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\AIM Phone\n2paim.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
Ad-Aware SE Build 1.05
Logfile Created on:Sunday, July 24, 2005 4:25:31 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R54 14.07.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):12 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R54 14.07.2005
Internal build : 63
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 496849 Bytes
Total size : 1499538 Bytes
Signature data size : 1467043 Bytes
Reference data size : 31983 Bytes
Signatures total : 41785
Fingerprints total : 962
Fingerprints size : 33758 Bytes
Target categories : 15
Target families : 715
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:41 %
Total physical memory:523808 kb
Available physical memory:210700 kb
Total page file size:2064356 kb
Available on page file:1775124 kb
Total virtual memory:2097024 kb
Available virtual memory:2047364 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
7-24-2005 4:25:31 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 552
ThreadCreationTime : 7-24-2005 9:11:00 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe
ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows
ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off
MaxRequestTh
ProcessID : 604
ThreadCreationTime : 7-24-2005 9:11:02 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 628
ThreadCreationTime : 7-24-2005 9:11:03 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 672
ThreadCreationTime : 7-24-2005 9:11:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 684
ThreadCreationTime : 7-24-2005 9:11:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 836
ThreadCreationTime : 7-24-2005 9:11:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 916
ThreadCreationTime : 7-24-2005 9:11:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1020
ThreadCreationTime : 7-24-2005 9:11:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k
LocalService
ProcessID : 1228
ThreadCreationTime : 7-24-2005 9:11:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1376
ThreadCreationTime : 7-24-2005 9:11:08 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1512
ThreadCreationTime : 7-24-2005 9:11:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [kbd.exe]
ModuleName : C:\HP\KBD\KBD.EXE
Command Line : "C:\HP\KBD\KBD.EXE"
ProcessID : 1776
ThreadCreationTime : 7-24-2005 9:11:12 PM
BasePriority : High
#:13 [hpsysdrv.exe]
ModuleName : C:\windows\system\hpsysdrv.exe
Command Line : "c:\windows\system\hpsysdrv.exe"
ProcessID : 1796
ThreadCreationTime : 7-24-2005 9:11:12 PM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe
#:14 [shstat.exe]
ModuleName : C:\Program Files\Network
Associates\VirusScan\SHSTAT.EXE
Command Line : "C:\Program Files\Network
Associates\VirusScan\SHSTAT.EXE" /STANDALONE
ProcessID : 1824
ThreadCreationTime : 7-24-2005 9:11:12 PM
BasePriority : Normal
#:15 [updaterui.exe]
ModuleName : C:\Program Files\Network Associates\Common
Framework\UpdaterUI.exe
Command Line : "C:\Program Files\Network Associates\Common
Framework\UpdaterUI.exe" /StartedFromRunKey
ProcessID : 1836
ThreadCreationTime : 7-24-2005 9:11:12 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2003 Networks Associates
Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe
#:16 [ipclient.exe]
ModuleName : C:\Program Files\Visual Networks\Visual IP
InSight\SBC\IPClient.exe
Command Line : "C:\Program Files\Visual Networks\Visual IP
InSight\SBC\IPClient.exe" -l
ProcessID : 1848
ThreadCreationTime : 7-24-2005 9:11:12 PM
BasePriority : Normal
FileVersion : 5.8.0.13
ProductVersion : 5.8.0.13
ProductName : Visual IP InSight
CompanyName : Visual Networks
FileDescription : IP Session Statistics
InternalName : IPCLIENT
LegalCopyright : Copyright © 2003 Visual Networks Technologies,
Inc.
OriginalFilename : ipclient32.exe
#:17 [ipmon32.exe]
ModuleName : C:\Program Files\Visual Networks\Visual IP
InSight\SBC\IPMon32.exe
Command Line : "C:\Program Files\Visual Networks\Visual IP
InSight\SBC\IPMon32.exe"
ProcessID : 1868
ThreadCreationTime : 7-24-2005 9:11:12 PM
BasePriority : Normal
FileVersion : 5.8.0.13
ProductVersion : 5.8.0.13
ProductName : Visual IP InSight
CompanyName : Visual Networks
FileDescription : IP Monitor
InternalName : IPMON32
LegalCopyright : Copyright © 2003 Visual Networks Technologies,
Inc.
OriginalFilename : ipmon32.exe
#:18 [motivesb.exe]
ModuleName : C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
Command Line : "C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe"
ProcessID : 1876
ThreadCreationTime : 7-24-2005 9:11:12 PM
BasePriority : Normal
FileVersion : 5.6.7.asst_classic.smartbridge.20031210_035000
ProductVersion : 5.6.7.asst_classic.smartbridge
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : SBC Self Support Tool Alerts
InternalName : version
LegalCopyright : Copyright 1998-2003
OriginalFilename : version
#:19 [ybrwicon.exe]
ModuleName : C:\Program Files\Yahoo!\browser\ybrwicon.exe
Command Line : "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
ProcessID : 1884
ThreadCreationTime : 7-24-2005 9:11:12 PM
BasePriority : Normal
FileVersion : 2003, 7, 11, 1
ProductVersion : 1, 0, 0, 1
ProductName : Yahoo!, Inc. YBrwIcon
CompanyName : Yahoo!, Inc.
FileDescription : YBrwIcon
InternalName : YBrwIcon
LegalCopyright : Copyright © 2003
OriginalFilename : YBrwIcon.exe
#:20 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\RUNDLL32.EXE
Command Line : "C:\WINDOWS\system32\RUNDLL32.EXE"
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
ProcessID : 1892
ThreadCreationTime : 7-24-2005 9:11:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:21 [zlclient.exe]
ModuleName : C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
Command Line : n/a
ProcessID : 1924
ThreadCreationTime : 7-24-2005 9:11:12 PM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe
#:22 [ycommon.exe]
ModuleName : C:\PROGRA~1\Yahoo!\browser\ycommon.exe
Command Line : C:\PROGRA~1\Yahoo!\browser\ycommon.exe
-Embedding
ProcessID : 2036
ThreadCreationTime : 7-24-2005 9:11:13 PM
BasePriority : Normal
FileVersion : 2003, 9, 3, 1
ProductVersion : 1, 0, 0, 1
ProductName : YCommon Exe Module
CompanyName : Yahoo!, Inc.
FileDescription : YCommon Exe Module
InternalName : YCommonExe
LegalCopyright : Copyright 2003 Yahoo! Inc.
OriginalFilename : YCommon.EXE
#:23 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
ProcessID : 172
ThreadCreationTime : 7-24-2005 9:11:13 PM
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation.
All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered
trademarks of Microsoft Corporation. SpyNet is a trademark of Microsoft
Corporation.
OriginalFilename : gcasServ.exe
#:24 [weather.exe]
ModuleName : C:\Program Files\AWS\WeatherBug\Weather.exe
Command Line : "C:\Program Files\AWS\WeatherBug\Weather.exe"
1
ProcessID : 224
ThreadCreationTime : 7-24-2005 9:11:13 PM
BasePriority : Normal
FileVersion : 6, 4, 0, 8
ProductVersion : 6, 4, 0, 8
ProductName : WeatherBug
CompanyName : AWS Convergence Technologies, Inc.
FileDescription : WeatherBug
InternalName : Desktop Weather
LegalCopyright : Copyright © 2001-2004
LegalTrademarks : WeatherBug
OriginalFilename : Weather.exe
Comments : World Largest Weather Network
#:25 [osa.exe]
ModuleName : C:\Program Files\Microsoft
Office\Office\OSA.EXE
Command Line : "C:\Program Files\Microsoft
Office\Office\OSA.EXE" -b
ProcessID : 440
ThreadCreationTime : 7-24-2005 9:11:14 PM
BasePriority : Normal
#:26 [isafe.exe]
ModuleName : C:\WINDOWS\system32\ZoneLabs\isafe.exe
Command Line : C:\WINDOWS\system32\ZoneLabs\isafe.exe
ProcessID : 868
ThreadCreationTime : 7-24-2005 9:11:17 PM
BasePriority : Normal
FileVersion : Version 10.65.0.7
ProductVersion : Version 10.65.0.7
ProductName : ISafe
CompanyName : Computer Associates International, Inc.
FileDescription : ISafe Service
InternalName : ISafe
LegalCopyright : © 2003 Computer Associates International, Inc.
LegalTrademarks : Vet is a trademark of Computer Associates
International, Inc.
OriginalFilename : ISafe.exe
Comments : ISafe
#:27 [frameworkservice.exe]
ModuleName : C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe
Command Line : "C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe" /ServiceStart
ProcessID : 1008
ThreadCreationTime : 7-24-2005 9:11:17 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2003 Networks Associates
Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe
#:28 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft
AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft
AntiSpyware\gcasDtServ.exe"
ProcessID : 1176
ThreadCreationTime : 7-24-2005 9:11:19 PM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation.
All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered
trademarks of Microsoft Corporation. SpyNet is a trademark of Microsoft
Corporation.
OriginalFilename : gcasDtServ.exe
#:29 [mcshield.exe]
ModuleName : C:\Program Files\Network
Associates\VirusScan\mcshield.exe
Command Line : "C:\Program Files\Network
Associates\VirusScan\mcshield.exe"
ProcessID : 1252
ThreadCreationTime : 7-24-2005 9:11:20 PM
BasePriority : High
#:30 [vstskmgr.exe]
ModuleName : C:\Program Files\Network
Associates\VirusScan\vstskmgr.exe
Command Line : "C:\Program Files\Network
Associates\VirusScan\vstskmgr.exe"
ProcessID : 1300
ThreadCreationTime : 7-24-2005 9:11:21 PM
BasePriority : Normal
#:31 [naprdmgr.exe]
ModuleName : C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
Command Line : C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
-Embedding
ProcessID : 1368
ThreadCreationTime : 7-24-2005 9:11:22 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : NAI Product Manager
InternalName : Product Manager
LegalCopyright : Copyright© 2000-2003 Networks Associates
Technology, Inc. All Rights Reserved.
OriginalFilename : naPrdMgr.exe
#:32 [nvsvc32.exe]
ModuleName : C:\WINDOWS\system32\nvsvc32.exe
Command Line : C:\WINDOWS\system32\nvsvc32.exe
ProcessID : 1416
ThreadCreationTime : 7-24-2005 9:11:22 PM
BasePriority : Normal
FileVersion : 6.14.10.7189
ProductVersion : 6.14.10.7189
ProductName : NVIDIA Driver Helper Service, Version 71.89
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 71.89
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:33 [vsmon.exe]
ModuleName : C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Command Line : n/a
ProcessID : 1120
ThreadCreationTime : 7-24-2005 9:11:24 PM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe
#:34 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 3668
ThreadCreationTime : 7-24-2005 9:11:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:35 [mantispm.exe]
ModuleName :
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
Command Line :
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
ProcessID : 3964
ThreadCreationTime : 7-24-2005 9:12:03 PM
BasePriority : Normal
FileVersion : 4, 2, 1, 2891
ProductVersion : 4, 2, 1, 2891
FileDescription : Spam Filter
InternalName : mantispm.exe
LegalCopyright : © 2002-2004
OriginalFilename : mantispm.exe
#:36 [msiexec.exe]
ModuleName : C:\WINDOWS\system32\msiexec.exe
Command Line : C:\WINDOWS\system32\msiexec.exe /V
ProcessID : 2584
ThreadCreationTime : 7-24-2005 9:12:18 PM
BasePriority : Normal
#:37 [iexplore.exe]
ModuleName : C:\Program Files\Internet
Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet
Explorer\iexplore.exe"
ProcessID : 2868
ThreadCreationTime : 7-24-2005 9:16:33 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:38 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE
Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE
Personal\Ad-Aware.exe"
ProcessID : 3884
ThreadCreationTime : 7-24-2005 9:19:05 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
MRU List Object Recognized!
Location: :
software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft
direct3d
MRU List Object Recognized!
Location: :
software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft
direct X
MRU List Object Recognized!
Location: :
software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft
directdraw
MRU List Object Recognized!
Location: :
S-1-5-21-1538417202-414440772-572454927-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft
internet explorer
MRU List Object Recognized!
Location: :
S-1-5-21-1538417202-414440772-572454927-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft
management console
MRU List Object Recognized!
Location: :
S-1-5-21-1538417202-414440772-572454927-1003\software\microsoft\office\8.0\common\open find\microsoft
word\settings\save as\file name mru
Description : list of recent documents saved by microsoft
word
MRU List Object Recognized!
Location: :
S-1-5-21-1538417202-414440772-572454927-1003\software\microsoft\office\8.0\excel\recent file list
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: :
S-1-5-21-1538417202-414440772-572454927-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: :
S-1-5-21-1538417202-414440772-572454927-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according
to file extension
MRU List Object Recognized!
Location: :
S-1-5-21-1538417202-414440772-572454927-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: :
S-1-5-21-1538417202-414440772-572454927-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: :
S-1-5-21-1538417202-414440772-572454927-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 12
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
4:53:14 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:27:42.938
Objects scanned:263910
Objects identified:0
Objects ignored:0
New critical objects:0
StartupList report, 7/24/2005, 8:59:35 AM
StartupList version: 1.52
Started from : C:\BugHunt\StartupList.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\BugHunt\StartupList.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
Microsoft Find Fast.lnk = C:\Program Files\Microsoft
Office\Office\FINDFAST.EXE
Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = c:\windows\system32\userinit.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
USB = C:\WINDOWS\system32\usb.exe
S3TRAY2 = S3tray2.exe
Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
PS2 = C:\WINDOWS\system32\ps2.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
KBD = C:\HP\KBD\KBD.EXE
IgfxTray = C:\WINDOWS\System32\igfxtray.exe
hpsysdrv = c:\windows\system\hpsysdrv.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
ShStatEXE = "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE"
/STANDALONE
McAfeeUpdaterUI = "C:\Program Files\Network Associates\Common
Framework\UpdaterUI.exe" /StartedFromRunKey
IPInSightLAN 02 = "C:\Program Files\Visual Networks\Visual IP
InSight\SBC\IPClient.exe" -l
IPInSightMonitor 02 = "C:\Program Files\Visual Networks\Visual IP
InSight\SBC\IPMon32.exe"
Motive SmartBridge = C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
YBrowser = C:\Program Files\Yahoo!\browser\ybrwicon.exe
NvMediaCenter = RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Zone Labs Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
TempRemove = "C:\Program Files\Crystal Ball\CB
Predictor\terminator.exe"
nwiz = nwiz.exe /install
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Weather = C:\Program Files\AWS\WeatherBug\Weather.exe 1
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\sspipes.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll -
{53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\MSN
Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
(no name) - C:\Program Files\MSN Apps\MSN
Toolbar\01.02.3000.1001\en-us\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
(no name) - c:\Program Files\Microsoft Money\System\mnyviewer.dll -
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
--------------------------------------------------
Enumerating Task Scheduler jobs:
1-Click Maintenance.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE =
http://download.macr...ash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
Protocol #1: imslsp.dll (file MISSING)
Protocol #2: imslsp.dll (file MISSING)
Protocol #3: imslsp.dll (file MISSING)
Protocol #4: C:\WINDOWS\system32\ZoneLabs\vetredir.dll
Protocol #5: C:\WINDOWS\system32\ZoneLabs\vetredir.dll
Protocol #6: C:\WINDOWS\system32\ZoneLabs\vetredir.dll
Protocol #26: C:\WINDOWS\system32\ZoneLabs\vetredir.dll
Protocol #27: imslsp.dll (file MISSING)
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 6,996 bytes
Report generated in 0.156 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of
platform
/history - to list version history only
/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/
2005-03-08, 21:17:07, Auto-clean mode specified.
2005-03-08, 21:17:07, Running scanner "C:\BugHunt\TSC.BIN"...
2005-03-08, 21:17:37, Scanner "C:\BugHunt\TSC.BIN" has finished running.
2005-03-08, 21:17:37, TSC Log:
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\$shtdwn$.req": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\spmsg.dll": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\spuninst.exe": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\sp2gdr\browseui.dll": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\sp2gdr\mshtml.dll": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\sp2gdr\shdocvw.dll": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\sp2gdr\urlmon.dll": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\sp2gdr\wininet.dll": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\sp2qfe\browseui.dll": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\sp2qfe\mshtml.dll": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\sp2qfe\shdocvw.dll": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\sp2qfe\urlmon.dll": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\sp2qfe\wininet.dll": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\update\branches.inf": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\update\eula.txt": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\update\KB834707.CAT": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\update\spcustom.dll": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\update\update.exe": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\update\update.ver": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\update\updatebr.inf": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\update\update_SP2GDR.inf": Access is denied.
2005-03-08, 21:17:38, Could not set file for reading on "C:\1846ac5a7991fc959b\update\update_SP2QFE.inf": Access is denied.
2005-03-08, 21:17:51, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp": Access is denied.
2005-03-08, 21:18:34, An error occurred while scanning file "C:\Documents and Settings\LocalService\NTUSER.DAT": Access is denied.
2005-03-08, 21:18:34, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat.LOG": Access is denied.
2005-03-08, 21:18:34, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-03-08, 21:18:34, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-03-08, 21:18:34, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2005-03-08, 21:18:34, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2005-03-08, 21:18:34, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-03-08, 21:18:34, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-03-08, 21:18:34, An error occurred while scanning file "C:\Documents and Settings\Owner\ntuser.dat": Access is denied.
2005-03-08, 21:18:34, An error occurred while scanning file "C:\Documents and Settings\Owner\ntuser.dat.LOG": Access is denied.
2005-03-08, 21:20:00, An error occurred while scanning file "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-03-08, 21:20:00, An error occurred while scanning file "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-03-08, 21:20:02, An error occurred while scanning file "C:\Documents and Settings\Owner\Local Settings\Temp\JETB7A3.tmp": Access is denied.
2005-03-08, 22:56:29, Could not set file for reading on "C:\WINDOWS\Prefetch\BUGOFF.EXE-37E513B3.pf": Access is denied.
2005-03-08, 22:56:29, Could not set file for reading on "C:\WINDOWS\Prefetch\CLEANUP.EXE-1671E52D.pf": Access is denied.
2005-03-08, 22:56:29, Could not set file for reading on "C:\WINDOWS\Prefetch\CLEANUP312.EXE-14E97D27.pf": Access is denied.
2005-03-08, 22:56:29, Could not set file for reading on "C:\WINDOWS\Prefetch\CNMSM4B.EXE-367413E3.pf": Access is denied.
2005-03-08, 22:56:29, Could not set file for reading on "C:\WINDOWS\Prefetch\CWSHREDDER.EXE-0DF67055.pf": Access is denied.
2005-03-08, 22:56:29, Could not set file for reading on "C:\WINDOWS\Prefetch\CWSINSTALL.EXE-0F4AE135.pf": Access is denied.
2005-03-08, 22:56:29, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38