Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

winlogon.exe application error


  • Please log in to reply

#1
Black Bandit

Black Bandit

    Member

  • Member
  • PipPip
  • 10 posts
Hello,

I had posted a help request on the Windows XP forum. And I really appreciate the insight I got but I cannot get rid of this error message? I believe I had a SpySheriff adware/malware and got rid of it with this being the only continued problem with the exception if if goes away I cannot Cntrl/Alt/Delete or Shutdown and will give me the Blue Screen with a General Protection Fault error if I try to get rid of it by x or Ok or Cancel. I have posted my HiJack This file. I would greatly greatly appreciate any help

I really want to thank you guys for having this forum..

Thanks in advance...



Logfile of HijackThis v1.99.1
Scan saved at 3:31:29 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\deskbar-0.5.95.0\ggviewer.exe
C:\HiJackTHIS\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbf.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.1.0.69.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125950965734
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O21 - SSODL: QUaNDIvxbfdW - {00000E52-AAAA-A4F8-C634-6344499609FB} - C:\WINDOWS\system32\fzst.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe


Thanks,

Christopher
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi Black Bandit and Welcome to GeekstoGo!


Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directory as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply along with a fresh HijackThis log.

  • 0

#3
Black Bandit

Black Bandit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello,

Here is my Spy Sweeper Session Summary File:

11:32 AM: | Start of Session, Monday, January 16, 2006 |
11:32 AM: Spy Sweeper started
11:32 AM: Sweep initiated using definitions version 601
11:32 AM: Found Trojan Horse: trojan-backdoor-satellite
11:32 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\msupdate\ || dllname (ID = 1098651)
11:32 AM: msupdate32.dll (ID = 1098651)
11:32 AM: Starting Memory Sweep
11:33 AM: Detected running threat: C:\WINDOWS\system32\msupdate32.dll (ID = 217525)
11:34 AM: Memory Sweep Complete, Elapsed Time: 00:01:50
11:34 AM: Starting Registry Sweep
11:34 AM: Found Trojan Horse: trojan-downloader-silly
11:34 AM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {203b1c4d9-bc71-8916-38ad-9dea5d213614} (ID = 867140)
11:34 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\msupdate\ (4 subtraces) (ID = 1018400)
11:34 AM: Found Trojan Horse: trojan_downloader_harnig
11:34 AM: HKLM\software\microsoft\windows\currentversion\run\ || systemloader (ID = 1062668)
11:34 AM: Found Trojan Horse: trojan-downloader-2pursuit
11:34 AM: HKCR\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\ (5 subtraces) (ID = 1094393)
11:34 AM: HKLM\software\classes\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\ (5 subtraces) (ID = 1094538)
11:34 AM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {31ee3286-d785-4e3f-95fc-51d00fdabc01} (ID = 1094560)
11:34 AM: HKCR\clsid\{eee7178c-bbc3-4153-9dde-cd0e9ab1b5b6}\ (5 subtraces) (ID = 1098652)
11:34 AM: HKLM\software\classes\clsid\{eee7178c-bbc3-4153-9dde-cd0e9ab1b5b6}\ (5 subtraces) (ID = 1098686)
11:34 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{eee7178c-bbc3-4153-9dde-cd0e9ab1b5b6}\ (ID = 1098692)
11:34 AM: Found Adware: coolwebsearch (cws)
11:34 AM: HKLM\software\microsoft\windows\currentversion\run\ || systemloader (ID = 1098797)
11:34 AM: Found Adware: spywareno! components
11:34 AM: HKU\WRSS_Profile_S-1-5-21-1202660629-73586283-725345543-500\software\sno2\ (ID = 782236)
11:34 AM: HKU\S-1-5-21-1202660629-73586283-725345543-1004\software\microsoft\internet explorer\sites\ (14 subtraces) (ID = 109822)
11:34 AM: HKU\S-1-5-21-1202660629-73586283-725345543-1004\software\classes\clsid\{203b1c4d9-bc71-8916-38ad-9dea5d213614}\ (3 subtraces) (ID = 144755)
11:34 AM: HKU\S-1-5-21-1202660629-73586283-725345543-1004\software\microsoft\moviemaker\recordsettings\captureset\ (1 subtraces) (ID = 1021450)
11:34 AM: HKU\S-1-5-18\software\microsoft\moviemaker\recordsettings\captureset\ (1 subtraces) (ID = 1021450)
11:34 AM: Registry Sweep Complete, Elapsed Time:00:00:21
11:34 AM: Starting Cookie Sweep
11:34 AM: Found Spy Cookie: goclick cookie
11:34 AM: christopher [email protected][1].txt (ID = 2733)
11:34 AM: Found Spy Cookie: pcstats.com cookie
11:34 AM: christopher [email protected][2].txt (ID = 3126)
11:34 AM: Found Spy Cookie: enhance cookie
11:34 AM: christopher [email protected][1].txt (ID = 2614)
11:34 AM: Found Spy Cookie: reliablestats cookie
11:34 AM: christopher [email protected][1].txt (ID = 3254)
11:34 AM: Found Spy Cookie: 66.230.183 cookie
11:34 AM: christopher [email protected][1].txt (ID = 1993)
11:34 AM: Found Spy Cookie: mygeek cookie
11:34 AM: christopher [email protected][2].txt (ID = 3041)
11:34 AM: Found Spy Cookie: 2o7.net cookie
11:34 AM: christopher [email protected][1].txt (ID = 1958)
11:34 AM: christopher [email protected][1].txt (ID = 1958)
11:34 AM: Found Spy Cookie: atlas dmt cookie
11:34 AM: christopher [email protected][2].txt (ID = 2253)
11:34 AM: Found Spy Cookie: go.com cookie
11:34 AM: christopher [email protected][2].txt (ID = 2728)
11:34 AM: Found Spy Cookie: fastclick cookie
11:34 AM: christopher [email protected][2].txt (ID = 2651)
11:34 AM: Found Spy Cookie: coremetrics cookie
11:34 AM: christopher [email protected][1].txt (ID = 2472)
11:34 AM: Found Spy Cookie: overture cookie
11:34 AM: christopher [email protected][1].txt (ID = 3106)
11:34 AM: Found Spy Cookie: apmebf cookie
11:34 AM: christopher [email protected][2].txt (ID = 2229)
11:34 AM: Found Spy Cookie: qksrv cookie
11:34 AM: christopher [email protected][1].txt (ID = 3213)
11:34 AM: Found Spy Cookie: xiti cookie
11:34 AM: christopher [email protected][1].txt (ID = 3717)
11:34 AM: Found Spy Cookie: linksynergy cookie
11:34 AM: christopher [email protected][2].txt (ID = 2926)
11:34 AM: Found Spy Cookie: ads.adsag cookie
11:34 AM: christopher [email protected][1].txt (ID = 2108)
11:34 AM: christopher [email protected][2].txt (ID = 1957)
11:34 AM: Found Spy Cookie: nextag cookie
11:34 AM: christopher [email protected][2].txt (ID = 5014)
11:34 AM: Found Spy Cookie: paycounter cookie
11:34 AM: christopher [email protected][2].txt (ID = 3115)
11:34 AM: Found Spy Cookie: tribalfusion cookie
11:34 AM: christopher [email protected][2].txt (ID = 3589)
11:34 AM: Found Spy Cookie: clickzs cookie
11:34 AM: christopher [email protected][1].txt (ID = 2413)
11:34 AM: Found Spy Cookie: sextracker cookie
11:34 AM: christopher [email protected][1].txt (ID = 3362)
11:34 AM: christopher [email protected][1].txt (ID = 3362)
11:34 AM: christopher [email protected][2].txt (ID = 2413)
11:34 AM: christopher [email protected][2].txt (ID = 3361)
11:34 AM: Found Spy Cookie: dealtime cookie
11:34 AM: christopher [email protected][2].txt (ID = 2506)
11:34 AM: christopher [email protected][1].txt (ID = 3106)
11:34 AM: Found Spy Cookie: customer cookie
11:34 AM: christopher [email protected][1].txt (ID = 2481)
11:34 AM: Found Spy Cookie: findwhat cookie
11:34 AM: christopher [email protected][1].txt (ID = 2674)
11:34 AM: Found Spy Cookie: hotlog cookie
11:34 AM: christopher [email protected][1].txt (ID = 2801)
11:34 AM: Found Spy Cookie: statcounter cookie
11:34 AM: christopher [email protected][1].txt (ID = 3447)
11:34 AM: christopher [email protected][2].txt (ID = 3105)
11:34 AM: christopher [email protected][1].txt (ID = 3106)
11:34 AM: Found Spy Cookie: ask cookie
11:34 AM: christopher [email protected][1].txt (ID = 2245)
11:34 AM: Found Spy Cookie: addynamix cookie
11:34 AM: christopher [email protected][2].txt (ID = 2062)
11:34 AM: Found Spy Cookie: revenue.net cookie
11:34 AM: christopher [email protected][2].txt (ID = 3257)
11:34 AM: Found Spy Cookie: clickbank cookie
11:34 AM: christopher [email protected][1].txt (ID = 2398)
11:34 AM: Found Spy Cookie: techtarget cookie
11:34 AM: christopher [email protected][1].txt (ID = 3500)
11:34 AM: Found Spy Cookie: questionmarket cookie
11:34 AM: christopher [email protected][1].txt (ID = 3217)
11:34 AM: Found Spy Cookie: serving-sys cookie
11:34 AM: christopher [email protected][2].txt (ID = 3343)
11:34 AM: Found Spy Cookie: ru4 cookie
11:34 AM: christopher [email protected][2].txt (ID = 3269)
11:34 AM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
11:34 AM: Found Spy Cookie: webtrendslive cookie
11:34 AM: christopher [email protected][1].txt (ID = 3667)
11:34 AM: Found Spy Cookie: realmedia cookie
11:34 AM: christopher [email protected][1].txt (ID = 3235)
11:34 AM: Found Spy Cookie: advertising cookie
11:34 AM: christopher [email protected][2].txt (ID = 2175)
11:34 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
11:34 AM: Starting File Sweep
11:36 AM: Warning: Failed to read file "c:\windows\system32\fzst.dll". The process cannot access the file because another process has locked a portion of the file
11:36 AM: bre32.dll (ID = 199801)
11:36 AM: Found Trojan Horse: trojan looksy
11:36 AM: sachostp.exe (ID = 217338)
11:36 AM: msupdate32.dll (ID = 217525)
11:36 AM: sachostw.exe (ID = 217340)
11:36 AM: sachostc.exe (ID = 217337)
11:36 AM: sachosts.exe (ID = 217339)
11:36 AM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
11:36 AM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
11:36 AM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
11:36 AM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
11:36 AM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
11:36 AM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
11:36 AM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
11:36 AM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
11:36 AM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
11:36 AM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
11:39 AM: Found Trojan Horse: trojan-backdoor-core.psyche-evolution.com
11:39 AM: svwhost.dll (ID = 217328)
11:43 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2522d7d4-17d7-4670-aa0f-76ee0d4c9124.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs77aff6a9-d7c9-4595-a928-49bc83b08d12.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs39b7fe50-1322-471b-a503-e456d84d1e2c.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscd8829ec-aa4d-4c29-bd94-8bc3139f71b5.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9592073c-db59-4783-b8dd-eeab8011f52f.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs867cbed0-fb7f-4b25-be35-c426e771f856.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs71fdc0d5-9232-40a2-8e5d-f6e314aab2b3.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs85fa8c0e-9bd4-44aa-a8bb-3c86451e1a7c.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs457ebb6e-6eb5-4b9a-9fd9-2567bbe696fe.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbcf92b16-48f9-420c-9ea1-a45bf49f65b7.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd77f224b-794b-4114-a0c8-43cd5f380e18.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4b99c988-9366-4b17-9e24-49e705c3654a.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs73809fe0-bbe7-47ed-8023-40049b73146d.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs657e402b-79c3-4f56-bbb5-d87509b2f2b1.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8a913a5d-d5d4-42e1-9667-a940fd964e93.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd2eda353-841a-4463-9b28-da5f128a2a16.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsae61fcd1-9491-4c00-8122-00b18a3c1137.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8cccd567-6027-4035-a827-5dbdc8432cba.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6a55be82-f8be-4610-bea1-d5362fca9503.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfcb2b39e-ccd5-48e3-8dbe-b6d2a11fe6e8.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs53d849eb-2ec1-4ef9-8f85-70b8d50337a8.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs26586406-283a-45c4-8098-726124b5d065.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5a6bb7f7-cd1d-43d0-918a-8d5e8ff482d4.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs14c52604-6a42-4a0c-bab3-9fce28747308.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs457a1bfa-3a95-4727-a81d-82dd537225b9.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs13261147-0b9e-4f06-a321-db5d52a6c433.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8f97c86d-1bbe-4f6f-91fe-950e81f4c2df.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs37540cde-92b6-4384-b92a-a0f81e999e39.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc25ec298-113a-4a9c-998f-dba427a11e70.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4d8c1e2b-1a8f-403d-aa2d-21944836440d.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd22f3368-34bf-4c7d-bd63-8e7bd5e79b45.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3242df3d-1fc7-4f18-bf49-da9e0d14e2c2.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs935f9baa-2504-4d95-b40a-8b935b079470.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8f836d0c-3db5-47b5-9ed9-0240dfa14101.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd8164cfe-c26f-4a97-b3af-e1c8bb0c7d79.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs59173d10-131a-4f24-a14c-2c48047b88e5.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscde9c21d-82ac-4ad7-98cb-4dd4daea2c32.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse3c8ed02-f1c2-4919-9b0d-723bd609b806.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs15c8383a-bfa9-4657-a38c-aa8ec32612d3.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7866c3a8-eb35-4759-abb0-2b7b814b21f4.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7dc5c54f-c3bc-4682-a6c0-0dba1d0a1eef.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsad55555c-4be8-4280-b976-8c8fe36de6f4.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscac2e5b2-2a12-4258-a3d6-98f2d437b141.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs68452184-a70d-4386-9d99-66b12d301986.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4df5a5a1-6290-489b-9b13-c624e6414b87.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs41182620-7f57-4799-a2f3-b7b5763691ca.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd83b6fb9-3038-4882-a103-3a5601ba6844.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3dbd2f71-9f99-4528-b705-f8f807bb396d.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa0f85a12-617e-4a6b-8c41-cfb5204e6407.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs27e1b841-e442-49c8-aae6-764500c157ab.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs717ed41e-f888-4581-bd49-7c7ab7bdd1b3.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs13b1ccc9-5186-4456-86c8-d70dbc8c208e.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6e2e5e8b-94fd-4470-b6da-5d3051b2c476.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs44477593-259f-4fed-a43b-4e43201b9da9.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6aad21be-d20a-45cd-a874-2b71ed2ce4d0.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2c25694c-39a0-48af-a9c3-21c4028a339e.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6857280d-31dc-4c9e-93ba-14b565380c2e.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5d0a939a-4db5-4824-995f-bbf4051b4318.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5670a4b9-d057-43a1-a13b-0f48b8db123b.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc242ec52-cc16-4990-ba12-fa3dfc1dd745.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa8221bd9-3e9f-4a8d-ad8b-bccce178f8c1.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs17be53ab-98c0-4d09-8906-69520349faed.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs34003c1b-2a44-46f3-9409-febeb6143b5c.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb7595f2e-419a-4715-8876-e35c4df173a8.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5f10b059-a627-422f-8f4c-1ab94511e58c.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs771c4f30-c9c6-4949-8ff4-aa00506309d8.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs22ae1cd1-2f48-472e-97e2-ab01a16cfe3d.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs57347690-59b2-4cfa-8fac-32afe2f4d96f.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf1808009-88fc-4821-a2f5-406de0430eab.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1b279105-8d0b-4ab6-bdb9-625adc9ebbb6.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf976016a-1710-45bc-bb28-9c1732c95b99.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa4bf1445-2118-47d7-966b-32839a6ac626.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf249c3bd-33e7-4ae9-9197-9f67ae7f1733.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5a4d38d1-9749-44a8-8c44-601e5b74b00f.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsce5f7422-b667-4c27-86b8-71f15aea52a5.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs560996af-d9b4-4cf2-a392-7b364efedd1b.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs67c3047c-7f57-41c6-8839-8f95967e10fb.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbc347537-36a6-4a06-90ce-5e6bb8247cc5.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaa248a38-9b8d-44ce-95ce-b2dc9e5458a7.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3e0a411b-7970-4691-a4e2-8d53173f61d8.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3ba6aa3b-de4a-442b-87ad-c0b6e1f11bf1.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb07159bf-6f64-448f-b07b-92dce5e35ffb.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscbd04476-098f-4ae7-b6b7-b75eaf574b41.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsac50db39-1d9b-4465-9ab4-1fb02006a36d.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3934086d-1971-4ed7-8de6-bc91a344e6d5.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4ee48437-b0b1-4661-9061-399777de145c.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf1844084-5294-404f-b622-4db91a180bda.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd467cc45-b134-4921-a0ea-28f5de468b98.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc6e156f6-a821-4b06-8ab8-18b7230d07a4.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6307eda5-b425-4167-a2c9-1002208d39a6.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs401bea86-7cb4-490c-8124-03f7f3b2477b.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdbe3d261-e440-40f3-8961-7d6cd0bb723b.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs10e08386-21f1-456b-9823-58e71ee995ca.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd6af4e72-c379-494f-94f8-073fa8fd87da.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs50975610-2bc1-466f-ab91-c609267052fe.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf867e0bc-b241-4d92-8a5c-77022c44d211.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0479b86d-2aa1-40c9-9ffa-0c22ad64ace4.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs274753ea-54f6-42ff-80d9-53db7f135d3a.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa2c3bea9-0858-4b27-bbe7-dbabc21f1cc7.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1b9aaf6f-9c86-4f87-b6b3-235c7503b490.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdd3a8c4b-a356-45d9-9d77-8d497bc66251.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs74a9c953-082a-43bf-b9af-ea94ef515e84.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9bacdff0-51c7-4bf1-8cd4-be64059c533c.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs38c3a781-de83-4c60-8fbe-9f4ab2676bff.tmp". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\christopher ritter\ntuser.dat". The process cannot access the file because it is being used by another process
11:43 AM: Warning: Failed to open file "c:\documents and settings\christopher ritter\ntuser.dat.log". The process cannot access the file because it is being used by another process
11:44 AM: Warning: Failed to open file "c:\documents and settings\christopher ritter\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
11:44 AM: Warning: Failed to open file "c:\documents and settings\christopher ritter\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
11:44 AM: Found Adware: netpal
11:44 AM: big fish games.url (ID = 70885)
11:44 AM: flyordie games.url (ID = 70890)
11:44 AM: Warning: Failed to open file "c:\documents and settings\christopher ritter\application data\securom\userdata\???????????p???????? ". The system cannot find the file specified
11:44 AM: Warning: Failed to open file "c:\documents and settings\christopher ritter\application data\securom\userdata\???????????p??????????? ". The system cannot find the file specified
11:44 AM: Found Adware: winhound
11:44 AM: c:\documents and settings\christopher ritter\application data\winhound.com (11 subtraces) (ID = -2147462035)
11:46 AM: Warning: Failed to open file "c:\program files\common files\symantec shared\ccpd-lc\symlcrst.dll". The process cannot access the file because it is being used by another process
11:53 AM: svwhost.dll (ID = 217328)
11:56 AM: Found Adware: gozilla
11:56 AM: gozilla.exe (ID = 61925)
11:56 AM: gozilla.exe (ID = 61925)
12:06 PM: gamehouse games.url (ID = 70891)
12:06 PM: big fish games.url (ID = 70885)
12:06 PM: flyordie games.url (ID = 70890)
12:15 PM: Warning: Unhandled Archive Type
12:15 PM: Warning: Unhandled Archive Type
12:23 PM: Warning: Unhandled Archive Type
12:23 PM: Warning: Unhandled Archive Type
12:48 PM: Warning: Invalid file - not a PKZip file
12:48 PM: Warning: Invalid file - not a PKZip file
12:48 PM: Warning: Invalid file - not a PKZip file
12:48 PM: Warning: Invalid file - not a PKZip file
12:48 PM: Warning: Invalid file - not a PKZip file
12:48 PM: Warning: Invalid file - not a PKZip file
12:48 PM: Warning: Invalid file - not a PKZip file
12:48 PM: Warning: Invalid file - not a PKZip file
12:48 PM: Warning: Invalid file - not a PKZip file
12:48 PM: Warning: Invalid file - not a PKZip file
12:54 PM: File Sweep Complete, Elapsed Time: 01:19:35
12:54 PM: Full Sweep has completed. Elapsed time 01:21:50
12:54 PM: Traces Found: 134
12:56 PM: Removal process initiated
12:56 PM: Quarantining All Traces: trojan looksy
12:56 PM: Quarantining All Traces: trojan-backdoor-satellite
12:56 PM: trojan-backdoor-satellite is in use. It will be removed on reboot.
12:56 PM: msupdate32.dll is in use. It will be removed on reboot.
12:56 PM: C:\WINDOWS\system32\msupdate32.dll is in use. It will be removed on reboot.
12:56 PM: Quarantining All Traces: coolwebsearch (cws)
12:56 PM: Quarantining All Traces: trojan_downloader_harnig
12:56 PM: Quarantining All Traces: trojan-backdoor-core.psyche-evolution.com
12:56 PM: Quarantining All Traces: trojan-downloader-2pursuit
12:56 PM: Quarantining All Traces: trojan-downloader-silly
12:56 PM: Quarantining All Traces: gozilla
12:57 PM: Quarantining All Traces: netpal
12:57 PM: Quarantining All Traces: spywareno! components
12:57 PM: Quarantining All Traces: winhound
12:57 PM: Quarantining All Traces: 2o7.net cookie
12:57 PM: Quarantining All Traces: 66.230.183 cookie
12:57 PM: Quarantining All Traces: addynamix cookie
12:57 PM: Quarantining All Traces: ads.adsag cookie
12:57 PM: Quarantining All Traces: advertising cookie
12:57 PM: Quarantining All Traces: apmebf cookie
12:57 PM: Quarantining All Traces: ask cookie
12:57 PM: Quarantining All Traces: atlas dmt cookie
12:57 PM: Quarantining All Traces: clickbank cookie
12:57 PM: Quarantining All Traces: clickzs cookie
12:57 PM: Quarantining All Traces: coremetrics cookie
12:57 PM: Quarantining All Traces: customer cookie
12:57 PM: Quarantining All Traces: dealtime cookie
12:57 PM: Quarantining All Traces: enhance cookie
12:57 PM: Quarantining All Traces: fastclick cookie
12:57 PM: Quarantining All Traces: findwhat cookie
12:57 PM: Quarantining All Traces: go.com cookie
12:57 PM: Quarantining All Traces: goclick cookie
12:57 PM: Quarantining All Traces: hotlog cookie
12:57 PM: Quarantining All Traces: linksynergy cookie
12:57 PM: Quarantining All Traces: mygeek cookie
12:57 PM: Quarantining All Traces: nextag cookie
12:57 PM: Quarantining All Traces: overture cookie
12:57 PM: Quarantining All Traces: paycounter cookie
12:57 PM: Quarantining All Traces: pcstats.com cookie
12:57 PM: Quarantining All Traces: qksrv cookie
12:57 PM: Quarantining All Traces: questionmarket cookie
12:57 PM: Quarantining All Traces: realmedia cookie
12:57 PM: Quarantining All Traces: reliablestats cookie
12:57 PM: Quarantining All Traces: revenue.net cookie
12:57 PM: Quarantining All Traces: ru4 cookie
12:57 PM: Quarantining All Traces: serving-sys cookie
12:57 PM: Quarantining All Traces: sextracker cookie
12:57 PM: Quarantining All Traces: statcounter cookie
12:57 PM: Quarantining All Traces: techtarget cookie
12:57 PM: Quarantining All Traces: tribalfusion cookie
12:57 PM: Quarantining All Traces: webtrendslive cookie
12:57 PM: Quarantining All Traces: xiti cookie
12:57 PM: Preparing to restart your computer. Please wait...
12:57 PM: Removal process completed. Elapsed time 00:00:56
1:18 PM: Program Version 4.5.8 (Build 683) Using Spyware Definitions 601
1:18 PM: | End of Session, Monday, January 16, 2006

Here is my new HiJackThis File summary:


Logfile of HijackThis v1.99.1
Scan saved at 1:42:41 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Google\deskbar-0.5.95.0\ggviewer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HiJackTHIS\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.1.0.69.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125950965734
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: QUaNDIvxbfdW - {00000E52-AAAA-A4F8-C634-6344499609FB} - C:\WINDOWS\system32\fzst.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe


I appreicate all of your help!!!!!

Christopher

Let me know what you think......?


|
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\fzst.dll

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Select Delete on Reboot and Unregister .dll before Deleting
  • then Click on the All Files button.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O21 - SSODL: QUaNDIvxbfdW - {00000E52-AAAA-A4F8-C634-6344499609FB} - C:\WINDOWS\system32\fzst.dll

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button



Still in Safe Mode-> From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates

Post back with a fresh HijackThis log and the reports from WinPFind and Panda
  • 0

#5
Black Bandit

Black Bandit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Cretemonster,

Here is the information you requested. I really appreciate your help. My computer since Spysweeper has been without the winlogon.exe application error message and without problems. I cannot thank you enough. Below is the information you requested. I have included the WinPFind and Hijack This log and will in another email include the Panda log file (Panda is still finishing, it seems to have picked out some spyware and hacking tools on the initial scan, is this a program I should buy for the 6-month download?)

Here is the information:

HiJack This log File:

Logfile of HijackThis v1.99.1
Scan saved at 11:41:21 AM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Google\deskbar-0.5.95.0\ggviewer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HiJackTHIS\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.1.0.69.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125950965734
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe



Here is the WinPFind log File:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Items found in C:\WINDOWS\hosts


Checking %System% folder...
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
PECompact2 12/7/2005 1:38:52 PM 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 12/7/2005 1:38:52 PM 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
PEC2 8/23/2001 12:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
winsync 8/23/2001 12:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Umonitor 1/15/2001 10:03:54 PM 331776 C:\WINDOWS\SYSTEM32\ipebase12.dll
aspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
FSG! 12/29/2005 9:21:20 PM 17784 C:\WINDOWS\SYSTEM32\split1.exe

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/8/2006 11:42:08 PM H 54156 C:\WINDOWS\QTFont.qfn
1/17/2006 6:54:20 AM S 2048 C:\WINDOWS\bootstat.dat
1/17/2006 6:51:56 AM H 1294336 C:\WINDOWS\system32\config\system.LOG
1/17/2006 6:51:56 AM H 151552 C:\WINDOWS\system32\config\software.LOG
1/17/2006 6:51:56 AM H 16384 C:\WINDOWS\system32\config\default.LOG
1/17/2006 6:58:58 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
1/17/2006 6:54:22 AM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
12/22/2005 7:34:24 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
1/11/2006 5:33:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
1/11/2006 5:33:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GLQBKPA3\desktop.ini
1/11/2006 5:58:48 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GDMVG5MR\desktop.ini
1/11/2006 5:58:58 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KH6ZSHAV\desktop.ini
1/11/2006 8:13:40 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GHQNO5MB\desktop.ini
12/1/2005 7:12:48 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
11/30/2005 11:17:10 PM S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/22/2005 7:32:54 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
12/22/2005 7:32:54 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\1a096ae1-c4c9-47fb-be95-84e82e623f44
12/12/2005 10:23:48 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
12/12/2005 10:23:48 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f0a26b30-540f-4392-b169-31a886604dd1
1/17/2006 6:51:52 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
InstallShield Software Corporation7/27/2004 4:50:48 PM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
6/13/2003 4:45:26 PM 118784 C:\WINDOWS\SYSTEM32\skvctcp.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
8/2/2005 4:35:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Intersil Americas Inc. 10/3/2002 6:42:00 PM 296021 C:\WINDOWS\SYSTEM32\islp2cfg.cpl
Sun Microsystems, Inc. 3/4/2005 3:36:44 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Iomega Corporation 9/24/2002 4:44:10 PM 151552 C:\WINDOWS\SYSTEM32\ADPanel.cpl
Creative Technology Ltd. 5/28/2001 1:47:00 PM 32768 C:\WINDOWS\SYSTEM32\AudioHQU.cpl
7/29/2004 12:56:00 PM 221184 C:\WINDOWS\SYSTEM32\cttune.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
3/16/2005 1:57:08 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
10/9/2005 11:37:18 PM 1623 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
3/16/2005 12:49:22 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
10/22/2005 12:48:08 PM 3155 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
11/11/2005 7:41:32 PM 2917 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
3/16/2005 1:57:08 PM HS 84 C:\Documents and Settings\Christopher Ritter\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
3/16/2005 12:49:22 PM HS 62 C:\Documents and Settings\Christopher Ritter\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TagRename_ContextMenu
{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} = C:\PROGRA~1\TAGREN~1\TRshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Trojan Remover
{52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TagRename_ContextMenu
{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} = C:\PROGRA~1\TAGREN~1\TRshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Trojan Remover
{52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{81F4066B-F330-4872-8094-3E9FBCCEC8C1} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ADUserMon C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
Iomega Drive Icons C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
Deskup C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
RoxioDragToDisc "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
SM1BG C:\WINDOWS\SM1BG.EXE
CTHelper CTHELPER.EXE
CTSysVol C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
CTDVDDET C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
UpdReg C:\WINDOWS\UpdReg.EXE
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
Profiler C:\Program Files\Saitek\Software\Profiler.exe
SaiSmart C:\Program Files\Saitek\Software\SaiSmart.exe
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
ISUSPM Startup C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
MaxtorOneTouch C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
MXOBG C:\WINDOWS\MXOALDR.EXE
Logitech Hardware Abstraction Layer KHALMNPR.EXE
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Windows Media Connect 2 "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoActiveDesktopChanges 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallPaper 0
NoAddingComponents 0
NoComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoCloseDragDropBands 0
NoMovingBands 0
NoHTMLWallPaper 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
NoSaveSettings 0
ClassicShell 0
NoThemesTab 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
NoDispAppearancePage 0
NoColorChoice 0
NoSizeChoice 0
NoDispBackgroundPage 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/17/2006 7:07:57 AM


I will post back the Panda Scan file Log soon!!

Thanks for your help!!!!!


Christopher
  • 0

#6
Black Bandit

Black Bandit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Oh, I never got the below error message either. Just to let you know.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.



Christopher
  • 0

#7
Black Bandit

Black Bandit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Cretemonster,

Here is my Panda Scan log File,

Incident Status Location

Adware:adware/adsmart Not disinfected C:\WINDOWS\system32\vx.tll
Virus:Trj/Moli.DJ Disinfected C:\WINDOWS\system32\sachostm.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Christopher Ritter\Desktop\WINDOWS XP Cleaner Programs\smitRem.exe[Process.exe]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Christopher Ritter\Cookies\christopher [email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Christopher Ritter\Cookies\christopher [email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Christopher Ritter\Cookies\christopher [email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Christopher Ritter\Cookies\christopher [email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Christopher Ritter\Cookies\christopher [email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Christopher Ritter\Cookies\christopher [email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Christopher Ritter\Cookies\christopher [email protected][1].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Christopher Ritter\Cookies\christopher [email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Christopher Ritter\Cookies\christopher [email protected][1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Christopher Ritter\Cookies\christopher [email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Christopher Ritter\Cookies\christopher [email protected][2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Christopher Ritter\Cookies\christopher [email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Christopher Ritter\Cookies\christopher [email protected][2].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Christopher Ritter\Cookies\christopher [email protected][1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Christopher Ritter\Cookies\christopher [email protected][2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Christopher Ritter\Cookies\christopher [email protected][1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Christopher Ritter\Cookies\christopher [email protected][2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Christopher Ritter\Application Data\Mozilla\Firefox\Profiles\y22vcruq.default\cookies.txt[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Christopher Ritter\Application Data\Mozilla\Firefox\Profiles\y22vcruq.default\cookies.txt[S138714]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Christopher Ritter\Application Data\Mozilla\Firefox\Profiles\y22vcruq.default\cookies.txt[dcszp7e1v10000omp5r9bmtnv_1o4g]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Christopher Ritter\Application Data\Mozilla\Firefox\Profiles\y22vcruq.default\cookies.txt[]
Virus:Trj/Agent.AGR Disinfected C:\!KillBox\fzst.dll




Thanks,

Christopher
  • 0

#8
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Use Pocket Killbox,just as before and Delete these files

C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\sachostm.exe
C:\WINDOWS\SYSTEM32\split1.exe



Do you know what this is?---> C:\Documents and Settings\Christopher Ritter\Desktop\WINDOWS XP Cleaner


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Open Internet Explorer,
Select Tools,
Select Internet Options
Select Delete Cookies and Delete Files(Check the box for Delete all offline content)

Go to Start,
Select All Programs
Select Accessories
Select System Tools
Select and Run Disk Cleanup(Make sure that all boxes are checked for cleaning)


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
Black Bandit

Black Bandit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Cretemonster:

Here is my Kasperskey Log File:

KASPERSKY ON-LINE SCANNER REPORT
Thursday, January 19, 2006 06:48:37
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/01/2006
Kaspersky Anti-Virus database records: 171754
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Y:\
Z:\

Scan Statistics:
Total number of scanned objects: 372866
Number of viruses found: 49
Number of infected objects: 168
Number of suspicious objects: 0
Duration of the scan process: 9710 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Christopher Ritter\Desktop\EyetideInstallerF.exe/WISE0010.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\Documents and Settings\Christopher Ritter\Desktop\EyetideInstallerF.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\Program Files\Common Files\Microsoft Shared\Web Folders\_ibm00003.exe Infected: Trojan-PSW.Win32.Agent.bu
C:\Program Files\Norton AntiVirus\Quarantine\7EB87E0F.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\7EB87E0F.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\7EB87E0F.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\7EB87E0F.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\7EB87E0F.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\5C397F5D.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\5C397F5D.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\5C397F5D.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\5C397F5D.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\5C397F5D.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\7EB87E0F.tmp Infected: Trojan.Java.ClassLoader.z
C:\Program Files\Norton AntiVirus\Quarantine\5C397F5D.tmp Infected: Trojan.Java.ClassLoader.ak
C:\Program Files\Norton AntiVirus\Quarantine\2676634C.tmp Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\2B5858BA.tmp Infected: Trojan.Java.ClassLoader.z
C:\Program Files\Norton AntiVirus\Quarantine\7C771846.tmp Infected: Trojan.Java.ClassLoader.ak
C:\Program Files\Norton AntiVirus\Quarantine\4FB26910.tmp Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\7D840032.tmp Infected: Trojan.Java.ClassLoader.z
C:\Program Files\Norton AntiVirus\Quarantine\52FB3959.tmp Infected: Trojan.Java.ClassLoader.ak
C:\Program Files\Norton AntiVirus\Quarantine\5C8158F0.tmp Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\35AC0995.exe Infected: not-virus:BadJoke.Win16.Stupid.a
C:\Program Files\Norton AntiVirus\Quarantine\28BC4BD1.exe Infected: not-virus:BadJoke.Win16.Stupid.a
C:\Program Files\Norton AntiVirus\Quarantine\1E8B1121.exe Infected: Trojan-Downloader.Win32.CWS.u
C:\Program Files\Norton AntiVirus\Quarantine\2F83339E.exe Infected: Trojan-Dropper.Win32.Agent.aax
C:\Program Files\Norton AntiVirus\Quarantine\04794999.exe Infected: Backdoor.Win32.Agent.px
C:\Program Files\Norton AntiVirus\Quarantine\25925847.exe Infected: not-virus:Hoax.Win32.Renos.aj
C:\Program Files\Norton AntiVirus\Quarantine\52373C6E.exe Infected: Trojan-Downloader.Win32.Tibs.p
C:\Program Files\Norton AntiVirus\Quarantine\0B24769E.exe Infected: not-virus:Hoax.Win32.Renos.aj
C:\Program Files\Norton AntiVirus\Quarantine\23F07131.dll Infected: Trojan-Downloader.Win32.Small.ajp
C:\Program Files\Norton AntiVirus\Quarantine\23F07131.exe Infected: Trojan-Downloader.Win32.Small.vu
C:\Program Files\Norton AntiVirus\Quarantine\7D44047B.exe Infected: Trojan.Win32.Inject.i
C:\Program Files\Norton AntiVirus\Quarantine\7D44047B.dll Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\17B221E8.dll Infected: Trojan.Win32.Small.ev
C:\Program Files\Norton AntiVirus\Quarantine\3C69736A.dll Infected: Virus.Win32.Nsag.b
C:\Program Files\Norton AntiVirus\Quarantine\23FA6F26.exe Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\4E9C1E79.exe Infected: Trojan-Dropper.Win32.Small.wp
C:\Program Files\Norton AntiVirus\Quarantine\23FA6F26.dll Infected: Trojan-Downloader.Win32.Agent.zi
C:\Program Files\Norton AntiVirus\Quarantine\10914FEC.exe Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\60E3511C.exe Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\268845A9.exe Infected: Trojan-Downloader.Win32.CWS.u
C:\Program Files\Norton AntiVirus\Quarantine\15043FEA.exe Infected: Trojan-Downloader.Win32.Small.bxc
C:\Program Files\Norton AntiVirus\Quarantine\56C76435.exe Infected: Trojan-Dropper.Win32.Agent.abu
C:\Program Files\Norton AntiVirus\Quarantine\23FD1922.exe Infected: Trojan-Downloader.Win32.Tibs.s
C:\Program Files\Norton AntiVirus\Quarantine\14647C79.exe Infected: Trojan-Downloader.Win32.Small.bho
C:\Program Files\Norton AntiVirus\Quarantine\23FD1922.dll Infected: Trojan-Downloader.Win32.Agent.pi
C:\Program Files\Norton AntiVirus\Quarantine\14647C79.dll Infected: not-a-virus:AdWare.Win32.Zbar.h
C:\Program Files\Norton AntiVirus\Quarantine\07305C8A.bak Infected: Email-Worm.Win32.Delf.i
C:\Program Files\Norton AntiVirus\Quarantine\07330686.tmp Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\05144606.tmp Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\76CD4D51.tmp Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\042D1195.tmp Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\6FD82C4C.tmp Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\71247435.tmp Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\75A61315.tmp Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\50732689.tmp Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\4C232C76.tmp Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\7E0B3FD2.tmp Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\6C5A10DC.tmp Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\65F31C05.tmp Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\223B7D0B.tmp Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\07330686.wmf Infected: Trojan-Downloader.Win32.Agent.acd
C:\Program Files\Norton AntiVirus\Quarantine\073D047B.php Infected: Trojan-Downloader.Win32.Tibs.bc
C:\Program Files\Norton AntiVirus\Quarantine\074D566A.raw Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\074D566A.gam Infected: Trojan-Dropper.Win32.Small.wp
C:\Program Files\Norton AntiVirus\Quarantine\07510066.bak Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\07510066.gam Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\791E1400.gam Infected: Trojan-PSW.Win32.Agent.bu
C:\Program Files\Norton AntiVirus\Quarantine\07542A62.gam Infected: Trojan-Downloader.Win32.Small.cah
C:\Program Files\Norton AntiVirus\Quarantine\3EE671FF.gam Infected: Trojan-Downloader.Win32.CWS.u
C:\Program Files\Norton AntiVirus\Quarantine\0757545F.gam Infected: Trojan-Downloader.Win32.Small.cds
C:\Program Files\Norton AntiVirus\Quarantine\04AE4FFF.gam Infected: Trojan-Downloader.Win32.Small.bxc
C:\Program Files\Norton AntiVirus\Quarantine\3202760B.gam Infected: Trojan-Dropper.Win32.Agent.abu
C:\Program Files\Norton AntiVirus\Quarantine\09EA13CC.gam Infected: Trojan-Downloader.Win32.Tibs.s
C:\Program Files\Norton AntiVirus\Quarantine\07290891.exe Infected: Email-Worm.Win32.Locksky.m
C:\Program Files\Norton AntiVirus\Quarantine\072D328D.qtd Infected: Trojan-Downloader.Win32.Small.bho
C:\Program Files\Norton AntiVirus\Quarantine\072D328D.exe Infected: Trojan-Dropper.Win32.Small.abx
C:\Program Files\Norton AntiVirus\Quarantine\79840A08.exe Infected: Trojan-Dropper.Win32.Small.abx
C:\Program Files\Norton AntiVirus\Quarantine\26382EA3.exe Infected: Trojan-Dropper.Win32.Small.abx
C:\Program Files\Norton AntiVirus\Quarantine\6BDC2873.exe Infected: Trojan-Dropper.Win32.Small.abx
C:\Program Files\Norton AntiVirus\Quarantine\79840A08.qtd Infected: Trojan-Downloader.Win32.Small.cdc
C:\Program Files\Norton AntiVirus\Quarantine\26382EA3.qtd Infected: Trojan-Downloader.Win32.Tibs.p
C:\Program Files\Norton AntiVirus\Quarantine\6BDC2873.qtd Infected: Trojan-Downloader.Win32.Small.atl
C:\Program Files\Norton AntiVirus\Quarantine\07305C8A.exe Infected: Email-Worm.Win32.Delf.i
C:\Program Files\Norton AntiVirus\Quarantine\3F4C6807.exe Infected: Trojan-Clicker.Win32.Delf.eb
C:\Program Files\Norton AntiVirus\Quarantine\3F4C6807.dll Infected: Trojan-Downloader.Win32.Small.ajp
C:\Program Files\Norton AntiVirus\Quarantine\07373083.dll Infected: Trojan-Downloader.Win32.Delf.aeo
C:\Program Files\Norton AntiVirus\Quarantine\4ADC2405.dll Infected: Trojan-Downloader.Win32.Delf.aeo
C:\Program Files\Norton AntiVirus\Quarantine\1F185CA7.dll Infected: Trojan-Downloader.Win32.Delf.aeo
C:\Program Files\Norton AntiVirus\Quarantine\10550625.dll Infected: Trojan-Downloader.Win32.Delf.aeo
C:\Program Files\Norton AntiVirus\Quarantine\30581448.dll Infected: Trojan-Downloader.Win32.Delf.aeo
C:\Program Files\Norton AntiVirus\Quarantine\70907461.dll Infected: Trojan-Downloader.Win32.Delf.aeo
C:\Program Files\Norton AntiVirus\Quarantine\4C2153B7.dll Infected: Trojan-Downloader.Win32.Delf.aeo
C:\Program Files\Norton AntiVirus\Quarantine\073A5A7F.dll Infected: Trojan-Downloader.Win32.Delf.aeo
C:\Program Files\Norton AntiVirus\Quarantine\10A40205.dll Infected: Trojan-Downloader.Win32.Delf.aeo
C:\Program Files\Norton AntiVirus\Quarantine\47626BFE.dll Infected: Trojan-Downloader.Win32.Delf.aeo
C:\Program Files\Norton AntiVirus\Quarantine\1C7E7AB6.dll Infected: Trojan-Downloader.Win32.Delf.aeo
C:\Program Files\Norton AntiVirus\Quarantine\70D87C44.dll Infected: Trojan-Downloader.Win32.Delf.aeo
C:\Program Files\Norton AntiVirus\Quarantine\073A5A7F.exe Infected: Trojan-Downloader.Win32.Tibs.bc
C:\Program Files\Norton AntiVirus\Quarantine\073D047B.dll Infected: Trojan-PSW.Win32.Agent.bu
C:\Program Files\Norton AntiVirus\Quarantine\566D6004.dll Infected: Trojan-Spy.Win32.Small.dg
C:\Program Files\Norton AntiVirus\Quarantine\073D047B.exe Infected: Trojan.Win32.Zapchast.ad
C:\Program Files\Norton AntiVirus\Quarantine\566D6004.exe Infected: Trojan-Downloader.Win32.Small.vu
C:\Program Files\Norton AntiVirus\Quarantine\07402E78.exe Infected: Trojan-Downloader.Win32.Tibs.bc
C:\Program Files\Norton AntiVirus\Quarantine\1C353E03.exe Infected: Trojan-Dropper.Win32.Small.abx
C:\Program Files\Norton AntiVirus\Quarantine\07445874.exe Infected: Trojan-Dropper.Win32.Small.abx
C:\Program Files\Norton AntiVirus\Quarantine\61FD1C03.exe Infected: Trojan.Win32.Inject.i
C:\Program Files\Norton AntiVirus\Quarantine\07445874.dll Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\61FD1C03.dll Infected: Trojan.Win32.Small.ev
C:\Program Files\Norton AntiVirus\Quarantine\40421A02.dll Infected: Virus.Win32.Nsag.b
C:\Program Files\Norton AntiVirus\Quarantine\074D566A.exe Infected: Trojan-Dropper.Win32.Small.wp
C:\Program Files\Norton AntiVirus\Quarantine\33553601.exe Infected: Trojan-Dropper.Win32.Agent.aax
C:\Program Files\Norton AntiVirus\Quarantine\39224806.exe Infected: Trojan-Dropper.Win32.Agent.aax
C:\Program Files\Norton AntiVirus\Quarantine\6570361A.exe Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\07510066.exe Infected: Trojan-Downloader.Win32.CWS.u
C:\Program Files\Norton AntiVirus\Quarantine\791E1400.exe Infected: Trojan-Dropper.Win32.Agent.aax
C:\Program Files\Norton AntiVirus\Quarantine\07510066.dll Infected: Trojan-Downloader.Win32.Agent.zi
C:\Program Files\Norton AntiVirus\Quarantine\616C575D.exe Infected: Trojan-Dropper.Win32.Agent.aax
C:\Program Files\Norton AntiVirus\Quarantine\71992AAB.exe Infected: Backdoor.Win32.Agent.px
C:\Program Files\Norton AntiVirus\Quarantine\34555427.exe Infected: Backdoor.Win32.Agent.px
C:\Program Files\Norton AntiVirus\Quarantine\6BF175C1.exe Infected: Trojan.Win32.Small.ev
C:\Program Files\Norton AntiVirus\Quarantine\07542A62.exe Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\3EE671FF.exe Infected: Trojan-PSW.Win32.Agent.bu
C:\Program Files\Norton AntiVirus\Quarantine\09B766B4.exe Infected: Trojan-Downloader.Win32.CWS.u
C:\Program Files\Norton AntiVirus\Quarantine\7DC11F3C.exe Infected: Trojan-Downloader.Win32.Small.cds
C:\Program Files\Norton AntiVirus\Quarantine\74D43C23.exe Infected: Trojan-Downloader.Win32.Small.bxc
C:\Program Files\Norton AntiVirus\Quarantine\6B5D75EE.exe Infected: Trojan-Dropper.Win32.Agent.abu
C:\Program Files\Norton AntiVirus\Quarantine\0757545F.exe Infected: Trojan-Downloader.Win32.Tibs.s
C:\Program Files\Norton AntiVirus\Quarantine\04AE4FFF.exe Infected: Trojan-Downloader.Win32.Small.bho
C:\Program Files\Norton AntiVirus\Quarantine\3202760B.exe Infected: Trojan-Downloader.Win32.Small.cdc
C:\Program Files\Norton AntiVirus\Quarantine\09EA13CC.exe Infected: Trojan-Downloader.Win32.Tibs.p
C:\Program Files\Norton AntiVirus\Quarantine\3554241F.exe Infected: Trojan-Downloader.Win32.Small.atl
C:\Program Files\Norton AntiVirus\Quarantine\075A7E5B.exe Infected: Trojan-Downloader.Win32.CWS.s
C:\Program Files\Norton AntiVirus\Quarantine\4A762DFE.exe Infected: Backdoor.Win32.Agent.px
C:\Program Files\Norton AntiVirus\Quarantine\5A4C0561.exe Infected: Backdoor.Win32.Agent.px
C:\Program Files\Norton AntiVirus\Quarantine\1612085D.exe Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\75D40C1B.exe Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\075A7E5B.dll Infected: Trojan-Downloader.Win32.Agent.pi
C:\Program Files\Norton AntiVirus\Quarantine\6A357646.exe Infected: Trojan-Downloader.Win32.Tibs.s
C:\Program Files\Norton AntiVirus\Quarantine\4A762DFE.dll Infected: not-a-virus:AdWare.Win32.Zbar.h
C:\Program Files\Norton AntiVirus\Quarantine\07B36BFA.exe Infected: Trojan.Win32.ExitWin.z
C:\Program Files\Norton AntiVirus\Quarantine\21643BB5.exe Infected: Trojan-Clicker.Win32.Delf.eb
C:\Program Files\Norton AntiVirus\Quarantine\32443722.exe Infected: Trojan.Win32.Inject.i
C:\Program Files\Norton AntiVirus\Quarantine\32443722.dll Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\3247611F.ddd Infected: Trojan-PSW.Win32.Agent.el
C:\Program Files\Norton AntiVirus\Quarantine\354017D9.exe Infected: Trojan-Clicker.Win32.Delf.eb
C:\Program Files\Norton AntiVirus\Quarantine\356465B2.exe Infected: Trojan.Win32.Dialer.ay
C:\Program Files\Norton AntiVirus\Quarantine\0D695251.exe Infected: not-virus:Hoax.Win32.Renos.aj
C:\Program Files\Norton AntiVirus\Quarantine\1D0C1FA0.exe Infected: Trojan-Clicker.Win32.Delf.eb
C:\Program Files\Norton AntiVirus\Quarantine\154A0089.exe Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\246C6B83.exe Infected: Trojan-Downloader.Win32.Small.vu
C:\Program Files\Norton AntiVirus\Quarantine\246F157F.dll Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\690618FB.dll Infected: Trojan.Win32.Small.ev
C:\Program Files\Norton AntiVirus\Quarantine\6D715739.dll Infected: Virus.Win32.Nsag.b
C:\Program Files\Norton AntiVirus\Quarantine\52D41471.exe Infected: Trojan-Clicker.Win32.Delf.eb
C:\Program Files\Norton AntiVirus\Quarantine\07F643AF.exe Infected: Trojan-Clicker.Win32.Delf.eb
C:\Program Files\Norton AntiVirus\Quarantine\7046543E.bak Infected: Trojan-Dropper.Win32.Agent.afj
C:\Program Files\Norton AntiVirus\Quarantine\70537C2F.dll Infected: Trojan-PSW.Win32.Agent.bu
C:\Program Files\Norton AntiVirus\Quarantine\09D15C38.dll Infected: Trojan-Spy.Win32.Small.dg
C:\!KillBox\split1.exe Infected: Trojan-PSW.Win32.Agent.el
D:\MAIN Computer Files\D DRIVE (E)\Windows XP Upgrades\AGSetup0608.exe/fsg-ag.exe Infected: not-a-virus:AdWare.Win32.Gator.1050
D:\MAIN Computer Files\D DRIVE (E)\Windows XP Upgrades\AGSetup0608.exe Infected: not-a-virus:AdWare.Win32.Gator.1050
D:\Sierra\Half-Life\hltv.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv
D:\Sierra\Counter-Strike\hltv.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv
E:\Program Downloads\Content Protect Software.EXE/CP_SETUP.exe/data0050 Infected: not-a-virus:Monitor.Win32.ContentWatch.a
E:\Program Downloads\Content Protect Software.EXE/CP_SETUP.exe Infected: not-a-virus:Monitor.Win32.ContentWatch.a
E:\Program Downloads\Content Protect Software.EXE Infected: not-a-virus:Monitor.Win32.ContentWatch.a

Scan process completed.


Thanks,

Christopher
  • 0

#10
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Killbox these for sure

C:\Documents and Settings\Christopher Ritter\Desktop\EyetideInstallerF.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\_ibm00003.exeD:\MAIN Computer Files\D DRIVE (E)\Windows XP Upgrades\AGSetup0608.exe


As for these


D:\Sierra\Half-Life\hltv.exe
D:\Sierra\Counter-Strike\hltv.exe
E:\Program Downloads\Content Protect Software.EXE



I wanted to double check with you and see what your thoughts were about the files above,have any idea how they made thier way to the PC?
  • 0

#11
Black Bandit

Black Bandit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Cretemonster,

I have deleted those and seem to have no problems currently. What is your opion now. Do you think we fixed most everything else. The two on-line scanner came up with multiple virus's and other files that seem to be possily quarintined by norton antivirus. Should I puchase either on-line scanner?

I cannot thank you enough. Do you or the web-page accept PayPal?

You have been great!!!


Christopher R.
  • 0

#12
Black Bandit

Black Bandit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Cretemonster,

What is your opion on the HalfLife files. I keep all of my gaming on my D: drive and it probably a file in that. As far as the content protect.exe it is a child proteciton package but I only have the downloaded product on this computer not installed. It is installed on a child computer in the basement.

Thanks,

Christopher R.
  • 0

#13
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I would delete the half life files but leave them in the recycle bin for the time being,you can empty the recycle bin once you have restarted and recieve no errors in any games.

Im sure they dont belong but I like to play it safe.


You can also empty Nortons Qurantine folder as well.


Pay Pal link in my signature below.
  • 0

#14
Black Bandit

Black Bandit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Cretemonster,

Just so I do it right. How do I delete the Norton Quarantine folder (if you know)? Do you think I should post another HijackThis log?

Just curious or do you think everything is Ok?

Christopher R.
  • 0

#15
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
To empty the Norton Quarantine folder-> Double Click the Notron Antivirus Icon in the taskbar to open.

Once opened-> Click Reports-> Beside Quarantined Items-> Click View Reports

Once the next window loads-> Highlight all entries and click Delete Items.

Now double click Backup Items-> Highlight all entries and click Delete Items.

Close out Norton Antivirus.


Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacools.../downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/...2002/hosts2.htm

Disable System Restore
http://service1.syma...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup

Go ahead and remove any of the tools downloaded that are of no use anymore

Post back and let me know how things are?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP