Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

links and shortcuts no longer working

Started by spireitesfan , Dec 19 2005 04:38 PM

  • Please log in to reply

#1
spireitesfan
Posted 19 December 2005 - 04:38 PM

spireitesfan

    Member

  • Member
  • PipPip
  • 29 posts
it started today. i was surfing the net and noticed a small box open, top left, which said it was a script and appeared to be running. I clicked stop but it wouldnt. then it disappeared. I closed IE and then noticed most of the items in my system tray had gone. I then re-booted and got a string of error massages saying items could not be found.. they were the applications in my start up.

I have norton av 2004 fully up to date. it did not spot or sto the script.

I have adaware se up to date. and adwatch running.. it saw nothing.

i also have microsoft anti spyeware,also up to date.. it did not stop the script but did detect an attempt to hijack start page on re-boot which i stopped.

i have re-installed norton av and run a full scan..... nothing found.

i have read all the web forums i can find. i have tried manual edit of the registry, win_xp-fix.reg, and the tip to fo to file typesand add .exe associated to applications. all failed to stop the problem.

by trial and error i have found that i can get all my applications running either via double click on a file.. eg a word doc starts word, or by finding the .exe file for the application, right click... run as. the only exception was norton which reported an error... hence the re-install.


everything now works excep the links & shortcuts on desktop, start up progs in start up or as driven by ms confis, and all links on the start menu...... all of these cause error saying no associated application... i keep going back to file typesand finding the association of .exe to applications has disappeared again.

i have tried everything... nothing finds the rogue if it is a virus, trojan etc... and no links work... but long hand i can stillget things to run, in some cases slowly... and all links have .lnk added to the file name

any more ideas would be welcome!
  • 0

Advertisements

#2
spireitesfan
Posted 25 December 2005 - 09:04 AM

spireitesfan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Logfile of HijackThis v1.99.1
Scan saved at 15:00:55, on 25/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo...showtopic=85768
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: ChatSpace Full Java Client 3.1.0.248 - http://chat-c2.wanad...va/cfs31248.cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://chat.pedster....va/cfs40320.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yah...nance/patch.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuke...erInstaller.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com...tiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
  • 0

#3
Metallica
Posted 28 December 2005 - 02:01 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hi spireitesfan,

I couldn't quite make out if this was the fix you tried:

http://www.kellys-ko...dits/exefix.reg

Please do try it first if you didn't already.
It may require a reboot to take full effect.

If that doesn't help, go to Start > Control Panel

Double-click on "User Accounts"

Go to "Create a New Account" type the new name for the account, then click the Next button. Choose "Computer Administrator", then click "create account". Now reboot your computer and log onto the new account you just created.

Let me know if you are having the same problems on the new account.

Regards,
  • 0

#4
spireitesfan
Posted 28 December 2005 - 03:34 PM

spireitesfan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
hi... thanks for your help.

I had already tried that fix. i tried it again.. no change.

I have set up a new user account and booted with it... still the same problem.

regards
  • 0

#5
spireitesfan
Posted 28 December 2005 - 04:00 PM

spireitesfan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
also... since i added the new account, even when signed in under the old one, i am now getting a repeated message from norton av that it cannot start the instant messenger monitoring service and cannot block viruses in downloaded files on messenger. this has not been happening until i just rebooted after trying the new user account!
  • 0

#6
spireitesfan
Posted 28 December 2005 - 04:10 PM

spireitesfan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
in case this latest "event" indicates something else is still happening I have done the following:

adware se plus scan, microsoft antispyware scan, norton av scan... all returned negative.

i have also done another this scan as follows:

Logfile of HijackThis v1.99.1
Scan saved at 22:08:02, on 28/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Windows user\Desktop\OUTLOOK.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo...showtopic=85768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: ChatSpace Full Java Client 3.1.0.248 - http://chat-c2.wanad...va/cfs31248.cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://chat.pedster....va/cfs40320.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yah...nance/patch.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuke...erInstaller.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com...tiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
  • 0

#7
Metallica
Posted 29 December 2005 - 12:11 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Your log doesn't show anything either.

Can you download and run Rootkitrevealer from:
http://www.sysintern...itRevealer.html

Run it and post the log it makes.

Regards,
  • 0

#8
spireitesfan
Posted 29 December 2005 - 05:23 PM

spireitesfan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
This is reallywierd, it is a week or more since this first happened.

I guess in that time i have done 40 or more re-boots. Then today, suddenly on re-boot the links and icons started working again, at least most of them did, but most of the items are missing from the system tray now and outlook has stopped working on outgoing mail!

It is as if whatever caused this is active rather than passive and things are changing all the time.

rightnow, icons & links ok. system tray almost empty. norton av not working on IM but ok otherwise. outlook not working on outgoing e-mails. internet a bit slow. everything else ok again.

however, on boot up although the icons on desktop are now working, it boots showing them as lnk's then 1 by 1 over about 40 seconds they change into icons.

i will run the rootrevealer as you askedandpost the outpu when completed
  • 0

#9
spireitesfan
Posted 29 December 2005 - 05:46 PM

spireitesfan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
C:\Documents and Settings\Windows user\Cookies\windows user@broadband[2].txt 29/12/2005 23:34 195 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Cookies\windows user@geekstogo[1].txt 29/12/2005 23:16 523 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Windows user\Cookies\windows user@geekstogo[2].txt 29/12/2005 23:39 523 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Cookies\windows [email protected][2].txt 29/12/2005 23:34 371 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Cookies\windows [email protected][2].txt 29/12/2005 23:28 161 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Desktop\RootkitRevealer.zip 29/12/2005 23:14 183.01 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Windows user\Desktop\RootkitRevealer.zip:Zone.Identifier 29/12/2005 23:14 26 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\2005-12-29T152749Z_01_NOOTR_RTRIDSP_1_OUKTP-UK-MIDEAST-BRITONS[1].jpg 29/12/2005 23:29 3.50 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\666[1].gif 29/12/2005 23:28 43 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\adBg[1].gif 29/12/2005 23:26 410 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\adBg[2].gif 29/12/2005 23:26 410 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\angry[1].gif 29/12/2005 23:16 465 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\arrow[1].gif 29/12/2005 23:26 56 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\arrow_white_2[1].gif 29/12/2005 23:26 55 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\b_a3[1].gif 29/12/2005 23:27 703 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\b_a6[1].gif 29/12/2005 23:27 750 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\b_b1[1].gif 29/12/2005 23:28 755 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\b_b2[1].gif 29/12/2005 23:27 726 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\b_bgR2[1].gif 29/12/2005 23:27 1.70 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\b_c2[1].gif 29/12/2005 23:28 972 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\basel[1].gif 29/12/2005 23:28 51 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\baser2[1].gif 29/12/2005 23:28 51 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\bGo_Tod[1].gif 29/12/2005 23:26 304 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\BouncingScroller[2].js 29/12/2005 23:26 1.47 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\bt_combo_int[1].gif 29/12/2005 23:26 642 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\CA9GY11B.htm 29/12/2005 23:26 20.87 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\CACHURGP.htm 29/12/2005 23:16 7.51 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\CAD8CRPD.swf 29/12/2005 23:26 27.79 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\CAGDWDG7.gif 29/12/2005 23:39 35 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\CAGXUR43.swf 29/12/2005 23:29 14.19 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\centre[1].gif 29/12/2005 23:16 76 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\cmData[1].js 29/12/2005 23:29 10.09 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\coinFooterG[1].gif 29/12/2005 23:26 56 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\cool[1].gif 29/12/2005 23:16 696 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\default[1].htm 29/12/2005 23:29 24.94 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\Dim_3100_17FP_60x60[1].swf 29/12/2005 23:26 6.26 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\ebay_34x14[1].gif 29/12/2005 23:26 687 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\folders2005010281752[1].js 29/12/2005 23:26 8.50 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\fondUser[1].gif 29/12/2005 23:26 105 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\freestyles1[1].css 29/12/2005 23:27 2.73 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\fsBpStyles[1].css 29/12/2005 23:28 3.82 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\fsCMSfeaturePoll[1].css 29/12/2005 23:29 1.46 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\george_galloway_dec05_emp_70[1].jpg 29/12/2005 23:29 17.95 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\go_membercentre[1].gif 29/12/2005 23:27 306 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\hf_global[1].js 29/12/2005 23:27 23.10 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\hf_global[2].js 29/12/2005 23:28 23.10 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\hf_legacy[1].js 29/12/2005 23:28 3.40 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\ico_write[1].gif 29/12/2005 23:26 723 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\icon10[1].gif 29/12/2005 23:17 672 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\icon13[1].gif 29/12/2005 23:17 1.08 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\icon1[1].gif 29/12/2005 23:16 672 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\icon5[1].gif 29/12/2005 23:17 672 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\image2005010281752[1].js 29/12/2005 23:26 2.80 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\image[1].gif 29/12/2005 23:16 203 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\index[1].htm 29/12/2005 23:34 12.13 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\index[2].htm 29/12/2005 23:39 92.12 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\ipb_editor[1].js 29/12/2005 23:16 7.11 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\leftstretch[1].gif 29/12/2005 23:28 47 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\login[1].gif 29/12/2005 23:26 262 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\logo[1].gif 29/12/2005 23:28 1.72 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\main;port=fs;chan=today;dcopt=ist;sz=468x60;ord=5308485092542744[1].htm 29/12/2005 23:29 490 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\main;port=fs;chan=today;sz=728x90;ptile=1sz=728x90;ord=20321664[1].htm 29/12/2005 23:26 468 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\mc_youraccount_bb_wirelessandtalk[1].gif 29/12/2005 23:28 4.82 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\mem_home_bricks[1].jpg 29/12/2005 23:27 12.34 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\membercentre[1].htm 29/12/2005 23:27 26.76 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\mpu;port=fs;chan=today;sec=mpu;sz=300x250;ptile=2sz=300x250;ord=20321664[1].htm 29/12/2005 23:26 1.01 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\mpulogout;port=fs;chan=comms;sec=emaillogout;sz=300x250;sz=300x250;ord=67850508[1].htm 29/12/2005 23:27 316 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\netbenefit[1].gif 29/12/2005 23:26 604 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\ongletRight[1].gif 29/12/2005 23:26 1.87 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\optn=1[1] 29/12/2005 23:27 359 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\palette[1].htm 29/12/2005 23:16 7.38 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\ph34r[1].gif 29/12/2005 23:16 705 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\picto_attach[1].gif 29/12/2005 23:26 61 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\picto_inbox[1].gif 29/12/2005 23:26 331 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\picto_junk[1].gif 29/12/2005 23:26 255 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\picto_search[1].gif 29/12/2005 23:26 794 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\poll_vote_button[1].gif 29/12/2005 23:29 1.01 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\realitytvmoments_dec05_tp2[1].jpg 29/12/2005 23:26 3.55 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\rte_tile[1].gif 29/12/2005 23:16 259 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\sel[1].htm 29/12/2005 23:27 4.18 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\shim[1].gif 29/12/2005 23:26 43 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\smile[1].gif 29/12/2005 23:16 699 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\spellcheck2005010281752[1].js 29/12/2005 23:26 2.64 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\strike[1].gif 29/12/2005 23:16 878 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\t1_bgL[1].gif 29/12/2005 23:28 2.07 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\t1_bgR[1].gif 29/12/2005 23:27 242 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\t[1].gif 29/12/2005 23:28 43 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\tba[1].gif 29/12/2005 23:27 59 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\today_main[1].css 29/12/2005 23:26 20.98 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\today_main[2].css 29/12/2005 23:26 390 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\today_search_1[1].css 29/12/2005 23:26 1.17 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\tool_validation[1].js 29/12/2005 23:27 2.75 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\trpix[1].gif 29/12/2005 23:26 43 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\trpix[2].gif 29/12/2005 23:29 43 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\upset[1].gif 29/12/2005 23:16 679 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\urchin[2].js 29/12/2005 23:13 16.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\Utils_v1-long[2].js 29/12/2005 23:26 1.92 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\6NNW6IS5\write2005010281752[1].js 29/12/2005 23:26 5.63 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\0005E05A-789D-10E5-B51780E92E0100B0[1].js 29/12/2005 23:29 50 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\1-paym_P50ATC_v2_468x60[1].gif 29/12/2005 23:26 12.34 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\4-120x600_m15[1].gif 29/12/2005 23:29 15.14 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\8meg_running[1].swf 29/12/2005 23:26 12.47 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\8Megroadsign_68px[1].jpg 29/12/2005 23:27 2.49 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\adBg[1].gif 29/12/2005 23:29 410 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\ar_news_5[1].js 29/12/2005 23:26 1.07 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\arrow[1].gif 29/12/2005 23:26 59 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\arrow_red_2[1].gif 29/12/2005 23:26 55 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\b_a1[1].gif 29/12/2005 23:28 744 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\b_a2[1].gif 29/12/2005 23:28 546 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\b_a4[1].gif 29/12/2005 23:27 737 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\b_a5[1].gif 29/12/2005 23:28 751 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\b_a7[1].gif 29/12/2005 23:27 731 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\b_a8[1].gif 29/12/2005 23:28 1.08 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\b_bgL2[1].gif 29/12/2005 23:28 46 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\b_c1[1].gif 29/12/2005 23:27 885 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\b_c3[1].gif 29/12/2005 23:28 805 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\bGo_Tod2[1].gif 29/12/2005 23:26 433 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\biggrin[1].gif 29/12/2005 23:16 696 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\blackdot[1].gif 29/12/2005 23:16 807 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\blink[1].gif 29/12/2005 23:16 1.06 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\bold[1].gif 29/12/2005 23:16 81 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\bt_combo_ext[1].gif 29/12/2005 23:26 773 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\bullet_membercentre[1].gif 29/12/2005 23:27 52 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\bullet_on[1].gif 29/12/2005 23:26 174 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\CA0PE74D.htm 29/12/2005 23:26 5.80 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\CAA3MNQ1.htm 29/12/2005 23:24 8.30 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\CAQBMFEL.php%3Fact%3Dpost%26do%3Dreply_post%26f%3D37%26t%3D85768&cc=100&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_his=5&u_java=true 29/12/2005 23:39 2.38 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\cmData[1].js 29/12/2005 23:26 18.45 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\dartad[1].htm 29/12/2005 23:29 1.62 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\edNavWO[1].js 29/12/2005 23:28 402 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\emailsky;port=fs;chan=comms;sec=emailsky;sz=120x600;ord=6592650110634378[1].htm 29/12/2005 23:26 469 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\flashDetect[1].js 29/12/2005 23:26 789 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\fondBarre[1].jpg 29/12/2005 23:26 299 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\fondJauge[1].gif 29/12/2005 23:26 65 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\freestyles1[1].css 29/12/2005 23:28 2.73 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\freestyles1[2].css 29/12/2005 23:29 3.61 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\friends_jun05_rex_130[1].jpg 29/12/2005 23:26 4.16 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\fsBpStyles[1].css 29/12/2005 23:27 7.92 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\happy[1].gif 29/12/2005 23:16 699 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\hf_ads[1].js 29/12/2005 23:27 2.78 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\hf_ads[2].js 29/12/2005 23:28 2.78 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\hf_global[1].css 29/12/2005 23:27 11.43 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\huh[1].gif 29/12/2005 23:16 708 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\icircle[1].gif 29/12/2005 23:26 970 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\icon14[2].gif 29/12/2005 23:17 1.08 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\icon2[1].gif 29/12/2005 23:17 676 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\icon6[1].gif 29/12/2005 23:17 666 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\icon7[1].gif 29/12/2005 23:17 672 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\index[1].htm 29/12/2005 23:28 303 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\ipb_editor_std[1].js 29/12/2005 23:16 18.87 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\loans_tool_validation[1].js 29/12/2005 23:26 2.93 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\logo_FT[1].gif 29/12/2005 23:26 798 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\LoopingScroller[2].js 29/12/2005 23:26 1.32 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\mailperformance2005010281752[1].js 29/12/2005 23:26 1.78 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\mailToFax2005010281752[1].js 29/12/2005 23:26 1.10 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\main;port=fs;chan=comms;sec=email;dcopt=ist;sz=468x60;ord=6672578611633831[1].htm 29/12/2005 23:27 4.33 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\main;port=fs;chan=news;sec=main;dcopt=ist;sz=468x60;ord=5765527245513079[1].htm 29/12/2005 23:29 4.34 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\main;port=fs;chan=today;sz=728x90;ptile=1sz=728x90;ord=26906744[1].htm 29/12/2005 23:29 468 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\match[1].gif 29/12/2005 23:26 1.19 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\mc_youraccount_at_changepay[1].gif 29/12/2005 23:28 5.79 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\mpulogin;port=fs;chan=comms;sec=emaillogin;sz=300x250;sz=300x250;ord=66520067[1].htm 29/12/2005 23:27 316 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\nav2005010281752[1].js 29/12/2005 23:26 2.99 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\news_scroll_dot2[1].gif 29/12/2005 23:26 275 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\optn=1[1] 29/12/2005 23:27 393 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\Other_MemberCentre_Login_hw[1].css 29/12/2005 23:27 181 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\picto_close[1].gif 29/12/2005 23:26 311 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\picto_deleted[1].gif 29/12/2005 23:26 268 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\picto_letter[1].gif 29/12/2005 23:26 563 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\picto_manage_off[1].gif 29/12/2005 23:26 188 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\picto_settings[1].gif 29/12/2005 23:26 306 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\poll_76330FD1DA7BBA086DDE57CA15035580[1].js 29/12/2005 23:29 5.65 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\quote[1].gif 29/12/2005 23:16 133 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\r_text=666666&color_link=0D2975&color_url=666666&color_border=EEF2F7&ad_type=text_image&cc=100&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_his=3&u_java=t 29/12/2005 23:14 2.21 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\radio2005010281752[1].js 29/12/2005 23:26 6.15 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\read_mail2005010281752[1].js 29/12/2005 23:26 10.97 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\right_just[1].gif 29/12/2005 23:16 76 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\sheree_hummer_dec05_big_350[1].gif 29/12/2005 23:26 7.34 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\surrender[1].gif 29/12/2005 23:16 1.90 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\t1_bgR[1].gif 29/12/2005 23:28 242 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\t[1].gif 29/12/2005 23:27 43 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\textarea2005010281752[1].js 29/12/2005 23:26 208 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\textcolor[1].gif 29/12/2005 23:16 109 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\today_ie[1].css 29/12/2005 23:26 860 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\today_shopAds[1].js 29/12/2005 23:26 1023 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\todFooterLogo[1].gif 29/12/2005 23:26 1.20 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\topr[1].gif 29/12/2005 23:28 52 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\urchin[2].js 29/12/2005 23:31 16.71 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\wacko[1].gif 29/12/2005 23:16 946 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\ya_account_anytitle[1].gif 29/12/2005 23:28 603 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\H67EIVK0\zafira_tp2[1].jpg 29/12/2005 23:27 3.35 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\342686FE-FE45-691A-A1B91017A0FB665A[1].js 29/12/2005 23:27 2.03 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\468x60_v01[1].swf 29/12/2005 23:26 35.51 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\666[1].gif 29/12/2005 23:27 43 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\_right[1].gif 29/12/2005 23:28 83 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\_top[1].gif 29/12/2005 23:28 105 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\addressbook2005010281752[1].js 29/12/2005 23:26 11.08 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\amazon_72x18[1].gif 29/12/2005 23:26 588 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\Antispam2005010281752[1].js 29/12/2005 23:26 4.43 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\arrow_icircle_pink[1].gif 29/12/2005 23:26 58 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\arrow_red[1].gif 29/12/2005 23:26 56 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\b_a1[1].gif 29/12/2005 23:27 744 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\b_a4[1].gif 29/12/2005 23:28 737 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\b_a6[1].gif 29/12/2005 23:28 750 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\b_a8[1].gif 29/12/2005 23:27 1.08 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\b_b2[1].gif 29/12/2005 23:28 726 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\b_bgR2[1].gif 29/12/2005 23:28 1.70 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\b_c2[1].gif 29/12/2005 23:27 972 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\bGo[1].gif 29/12/2005 23:27 234 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\bGo_Tod3[1].gif 29/12/2005 23:26 313 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\blushing[1].gif 29/12/2005 23:16 1.11 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\boutonRight[1].gif 29/12/2005 23:26 886 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\CA14SFPX.gif 29/12/2005 23:16 35 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\CABU2XFV.gif 29/12/2005 23:24 35 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\CAJ6OVRL.gif 29/12/2005 23:31 35 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\CAOOYUVR.htm 29/12/2005 23:39 8.39 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\CAXA5QCX.htm 29/12/2005 23:31 8.47 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\checkbox2005010281752[1].js 29/12/2005 23:26 7.42 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\closeall[1].gif 29/12/2005 23:16 351 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\cmData[1].js 29/12/2005 23:27 14.44 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\cmData[2].js 29/12/2005 23:37 7.74 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\cminclude[1].js 29/12/2005 23:28 9.13 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\coche_off[1].gif 29/12/2005 23:26 126 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\coche_on[1].gif 29/12/2005 23:27 132 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\code[1].gif 29/12/2005 23:16 139 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\coinFooterD[1].gif 29/12/2005 23:26 55 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\common_js2005010281752[1].js 29/12/2005 23:26 1.07 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\compost_worker_dec05_emp_70[1].jpg 29/12/2005 23:29 18.87 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\default[1].htm 29/12/2005 23:26 224 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\default[2].htm 29/12/2005 23:37 22.06 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\degLeft[1].gif 29/12/2005 23:26 73 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\dm_client[1].js 29/12/2005 23:26 10.32 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\flashDisplay[1].js 29/12/2005 23:26 3.26 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\fsCmsFeaturePoll_Renderer[1].js 29/12/2005 23:29 19.99 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\fsPop[1].js 29/12/2005 23:27 2.48 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\go_red[1].gif 29/12/2005 23:26 299 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\go_red[2].gif 29/12/2005 23:26 316 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\helpsmilie[1].gif 29/12/2005 23:16 931 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\hf_global[1].css 29/12/2005 23:28 11.43 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\hyperlink[1].gif 29/12/2005 23:16 196 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\ico_check[1].gif 29/12/2005 23:26 594 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\icon11[1].gif 29/12/2005 23:17 689 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\icon3[1].gif 29/12/2005 23:17 673 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\icon8[1].gif 29/12/2005 23:17 677 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\index[1].htm 29/12/2005 23:16 65.99 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\italic[1].gif 29/12/2005 23:16 84 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\laptopman_apr05_getty_tp2[1].jpg 29/12/2005 23:27 3.88 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\laughing[1].gif 29/12/2005 23:16 515 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\logo[1].gif 29/12/2005 23:26 1.72 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\logo[2].gif 29/12/2005 23:27 1.72 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\main;port=fs;chan=today;dcopt=ist;sz=468x60;ord=5422957343498551[1].htm 29/12/2005 23:26 1.07 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\mc_youraccount_at_upgrade[1].gif 29/12/2005 23:28 5.75 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\mcBilling[1].css 29/12/2005 23:28 929 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\mpu;port=fs;chan=today;sec=mpu;sz=300x250;ptile=2sz=300x250;ord=26906744[1].htm 29/12/2005 23:29 1.01 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\news_home[1].gif 29/12/2005 23:29 1.88 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\newsml[1].js 29/12/2005 23:29 10.05 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\numbered_list[1].gif 29/12/2005 23:16 90 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\ongletLeft[1].gif 29/12/2005 23:26 696 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\optn=1[1] 29/12/2005 23:27 359 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\optn=1[1].gif 29/12/2005 23:27 8.42 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\picto_aList[1].gif 29/12/2005 23:26 254 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\picto_contacts[1].gif 29/12/2005 23:26 618 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\picto_exclam[1].gif 29/12/2005 23:26 110 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\picto_sent[1].gif 29/12/2005 23:26 331 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\radio_on[1].gif 29/12/2005 23:26 328 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\randomiser[1].js 29/12/2005 23:26 378 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\redirectfilter2005010281752[1].js 29/12/2005 23:26 3.71 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\rightstretch[1].gif 29/12/2005 23:28 47 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\sel[1].htm 29/12/2005 23:26 4.18 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\SHP_mands_limited1_tp2[1].jpg 29/12/2005 23:26 2.23 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\sport[1].js 29/12/2005 23:29 7.73 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\t[1].gif 29/12/2005 23:26 43 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\t[2].gif 29/12/2005 23:27 43 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\t[3].gif 29/12/2005 23:28 43 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\t[4].gif 29/12/2005 23:29 43 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\thumbsup[1].gif 29/12/2005 23:16 486 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\today_cookies[1].js 29/12/2005 23:26 10.09 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\topstretch[1].gif 29/12/2005 23:28 48 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\trpix[1].gif 29/12/2005 23:27 43 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\wanadoo.co[1].htm 29/12/2005 23:26 47.83 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\weather_tp2[1].jpg 29/12/2005 23:29 2.69 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\whistling[1].gif 29/12/2005 23:16 3.61 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\MBXMK6AH\wub[1].gif 29/12/2005 23:16 1.38 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\0009C726-0383-10E0-92CA80AC13220000[1].js 29/12/2005 23:29 34 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\000A1B54-FF8B-1201-BD3280AC13220000[1].js 29/12/2005 23:29 67 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\000D8B9B-209C-1331-A1BF80AC13220138[1].js 29/12/2005 23:26 8.50 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\2006_preview_dec05_tp1[1].jpg 29/12/2005 23:26 5.39 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\728x90_scroller_bg[1].gif 29/12/2005 23:26 12.26 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\_bottom[1].gif 29/12/2005 23:28 91 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\_left[1].gif 29/12/2005 23:28 82 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\aboutus_contactus[1].gif 29/12/2005 23:37 674 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\advfn[1].gif 29/12/2005 23:26 392 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\arrow-down[1].gif 29/12/2005 23:26 55 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\arrow_white[1].gif 29/12/2005 23:26 57 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\b_a2[1].gif 29/12/2005 23:27 546 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\b_a3[1].gif 29/12/2005 23:28 703 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\b_a5[1].gif 29/12/2005 23:27 751 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\b_a7[1].gif 29/12/2005 23:28 731 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\b_b1[1].gif 29/12/2005 23:27 755 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\b_bgL2[1].gif 29/12/2005 23:27 46 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\b_c1[1].gif 29/12/2005 23:28 885 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\b_c3[1].gif 29/12/2005 23:27 805 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\basestretch[1].gif 29/12/2005 23:28 47 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\bGo[1].gif 29/12/2005 23:28 234 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\boutonLeft[1].gif 29/12/2005 23:26 318 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\BPfeedTool[1].js 29/12/2005 23:27 3.31 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\bpw_jackpotjoy[1].js 29/12/2005 23:26 91 bytes Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\CA3MHS9J.swf 29/12/2005 23:27 27.79 KB Hidden from Windows API.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\CA6N4D6B.php%3Fshowtopic%3D85768&cc=100&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_his=4&u_java=true 29/12/2005 23:16 2.24 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Windows user\Local Settings\Temporary Internet Files\Content.IE5\U7BOJKI4\CAMJ85GL.swf 29/12/2005 23:27 15.11 KB Hidden from Windows API.
C:\Documents and Settings\Wi
  • 0

#10
Metallica
Posted 30 December 2005 - 12:21 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
In IE click Tools > Internet Options > on the General tab > click Delete Files and put a checkmark in the Include Offline Content prompt.

You will probably have to reinstall Norton. I'm guessing that will also solve the Outlook problem, because Norton is set to scan outgoing mail and can't do that right now.

Run another Rootkitrevealer scan and post the new log when you are done.

Regards,
  • 0

Advertisements

#11
spireitesfan
Posted 31 December 2005 - 06:34 AM

spireitesfan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
i havedone the delete files thing.

i am away from home for the new year and have no access to my discs to re-install norton. i cant do that unitll jan the 6th. i have unchecked the scan outgoingmail option though. that has made no difference to outlook.

here is the new log:

C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051230.004\vscanmsx.dat 31/12/2005 01:10 2.02 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 31/12/2005 00:43 64.00 KB Visible in Windows API, but not in MFT or directory index.



its a bit shorter than the last one!

thanks again for your help
  • 0

#12
Metallica
Posted 31 December 2005 - 06:38 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
That looks good now. :tazz:

Download WinPFind.zip and unzip the contents to the C:\ folder.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Locate the c:\winpfind\winpfind.exe file and double-click it to run it. Now click the Start Scan button to begin the scan.

When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder)

If that doesn't show anything interesting we'll wait untill you have been able to reinstall Norton.

Regards,
  • 0

#13
spireitesfan
Posted 01 January 2006 - 01:13 PM

spireitesfan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi

I have done that now. log:


WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 29/08/2002 12:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PECompact2 07/12/2005 13:38:52 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 07/12/2005 13:38:52 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 03/08/2004 23:56:38 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 03/08/2004 23:56:46 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 29/08/2002 12:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 11/03/2004 21:14:32 1300968 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Items found in C:\WINDOWS\SYSTEM32\drivers\etc\lmhosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
01/01/2006 18:56:56 S 2048 C:\WINDOWS\bootstat.dat
19/12/2005 11:24:48 HS 68608 C:\WINDOWS\Thumbs.db
29/12/2005 15:41:02 HS 5632 C:\WINDOWS\Installer\Thumbs.db
28/12/2005 01:03:40 HS 5632 C:\WINDOWS\PCHealth\HelpCtr\System\blurbs\Thumbs.db
17/11/2005 21:43:06 HS 5120 C:\WINDOWS\ShellNew\Thumbs.db
29/12/2005 13:26:38 HS 5120 C:\WINDOWS\system32\Thumbs.db
01/12/2005 04:17:10 S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
02/12/2005 00:12:48 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
01/01/2006 18:56:44 H 8192 C:\WINDOWS\system32\config\default.LOG
01/01/2006 18:57:10 H 1024 C:\WINDOWS\system32\config\SAM.LOG
01/01/2006 18:56:58 H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
01/01/2006 18:57:12 H 69632 C:\WINDOWS\system32\config\software.LOG
01/01/2006 18:57:02 H 1282048 C:\WINDOWS\system32\config\system.LOG
19/12/2005 20:31:32 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
19/12/2005 14:25:58 HS 233472 C:\WINDOWS\system32\DirectX\Dinput\Thumbs.db
11/11/2005 16:36:18 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\6768e009-4920-4034-8b37-a7ef6851329d
11/11/2005 16:36:18 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
01/01/2006 18:55:46 H 6 C:\WINDOWS\Tasks\SA.DAT
17/11/2005 21:43:08 HS 7168 C:\WINDOWS\Web\Thumbs.db

Checking for CPL files...
Microsoft Corporation 03/08/2004 23:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 26/02/2004 17:40:40 14225408 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 03/08/2004 23:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 03/08/2004 23:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 03/08/2004 23:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 03/08/2004 23:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 03/08/2004 23:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 03/08/2004 23:56:58 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 03/08/2004 23:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 03/08/2004 23:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 03/08/2004 23:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 26/08/2005 17:14:42 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 29/08/2002 12:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl
AvantGo, Inc. 17/08/2003 17:14:24 69632 C:\WINDOWS\SYSTEM32\mbllnk.cpl
Microsoft Corporation 03/08/2004 23:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 29/08/2002 12:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 03/08/2004 23:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 03/08/2004 23:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 03/08/2004 23:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 03/08/2004 23:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 14/12/2003 08:20:50 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
29/02/2004 13:12:02 454656 C:\WINDOWS\SYSTEM32\slcpappl.cpl
Microsoft Corporation 03/08/2004 23:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 29/08/2002 12:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 03/08/2004 23:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 03/08/2004 23:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 03:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 26/05/2005 03:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
19/09/2002 19:49:28 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
17/05/2005 07:16:22 1764 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
11/09/2005 11:06:10 827 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Watch.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
19/09/2002 19:37:26 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
19/09/2002 19:49:28 HS 84 C:\Documents and Settings\Windows user\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
07/10/2005 09:17:48 304182 C:\Documents and Settings\Windows user\Application Data\1.bmp
07/10/2005 09:17:48 304182 C:\Documents and Settings\Windows user\Application Data\2.bmp
21/08/2005 19:38:12 871 C:\Documents and Settings\Windows user\Application Data\AdobeDLM.log
18/05/2005 13:08:14 21766 C:\Documents and Settings\Windows user\Application Data\Comma Separated Values (Windows).ADR
17/05/2005 11:46:36 9310 C:\Documents and Settings\Windows user\Application Data\Comma Separated Values (Windows).EML
19/09/2002 19:37:26 HS 62 C:\Documents and Settings\Windows user\Application Data\desktop.ini
21/08/2005 19:38:12 0 C:\Documents and Settings\Windows user\Application Data\dm.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\M2WShlExMenu
{DC6FA7E0-6666-11D5-8CE2-444553540000} = C:\Program Files\Acoustica Mp3 To Wave Converter Plus\M2WShlEx.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
ButtonText = Create Mobile Favorite :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
MenuText = Create Mobile Favorite... : C:\Program Files\Microsoft ActiveSync\inetrepl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
PCMService "c:\Apps\Powercinema\PCMService.exe"
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
H/PC Connection Agent "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
AWMON "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
HistoryKill C:\Program Files\HistoryKill\\histkill.exe /startup
BestPopUpKiller C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter Utility.lnk
location Common Startup
item SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter Utility
location Common Startup
item SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter Utility

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express Calendar Checker.lnk
location Common Startup
command C:\PROGRA~1\ULEADS~1\ULEADP~1.0\CalCheck.exe
item Ulead Photo Express Calendar Checker
location Common Startup
command C:\PROGRA~1\ULEADS~1\ULEADP~1.0\CalCheck.exe
item Ulead Photo Express Calendar Checker

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FUIClearHis
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item freshui
hkey HKCU
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item freshui
hkey HKCU
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PowerCinema
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item setup
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item setup
hkey HKLM
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\THGuard
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item THGuard
hkey HKLM
command "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item THGuard
hkey HKLM
command "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoRecentDocsHistory 
NoRecentDocsMenu

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 01/01/2006 19:04:47






just one other point. I have noticed something odd on shut down. not everytime but maybe 1 in 4 shutdowns, it takes a long time on the "windows is saving your settings" screen, then when the "windows is shutting down" screen comes on, an additinal window opens in the middle, it's plain white and has about 10 characters in top left, they are not letters or symbols, just lines and squares and things like that, small, normal txt size.... i tried to save it to show you but i cant see how to... it doesnt let you either select or right click on it. it has a red cross and dissapears when you click that and then the computer shuts down.
  • 0

#14
Metallica
Posted 01 January 2006 - 01:46 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
One thing I'd like you to do, just to be on the safe side.

Please surf to http://virusscan.jotti.org/
and have this file scanned:
C:\WINDOWS\SYSTEM32\slcpappl.cpl

Copy & paste the results into your next post.
Probably harmless, but I'd like to make sure.

Regards,
  • 0

#15
spireitesfan
Posted 01 January 2006 - 04:40 PM

spireitesfan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Service load: 0% 100%

File: slcpappl.cpl
Status: OK
MD5 7e2bbe69a1f8c857121e0598a1bdff9e
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

Statistics
Last file scanned at least one scanner reported something about: mscornet.exe, detected by:

Scanner Malware name
AntiVir X
ArcaVir Win32
Avast X
AVG Antivirus X
BitDefender BehavesLike:Win32.ExplorerHijack
ClamAV X
Dr.Web X
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus Trojan-Downloader.Win32.Zlob.dq
NOD32 a variant of Win32/TrojanDropper.Small.NCY
Norman Virus Control X
UNA X
VBA32 X
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP