Author Topic: IE Crashes each time it opens a new windo. Help!! (Read 3562 times)

Amanda · « **on:** September 21, 2005, 07:00:49 PM »

Alright, I've been having so much trouble with this stupid error. Can someone help me? Every time IE opens a new window (such as an address book, a link in a new window, etc. including things I can't control like some popups) it crashes. I get the "iexplorer.exe has encountered an error and needs to close. We're sorry for the inconvenience" error message. Under the technical error report it says this:

"The following files will be included in this error report: C:\DOCUME~1\Mannie\LOCALS~1\Temp\WER50.tmp.dir00\appcompat.txt

I had recently installed Webroot Popup Washer but I don't think that's my problem. I've shut it off and the problem persists. It makes a "beep" noise when it blocks a pop up and that's not what this is doing. I also remember resizing my temp. internet files folder to a smaller size. I made it bigger and that didn't help. I've reset a ton of times, and uninstallled/reinstalled IE. It doesn't help. When you delete the appcompat.txt file it creates a new one. I read that it has to do with ServicePack 1 but I don't know. Does anyone have any ideas? I am totally stumped at this one. I have Norton Antivirus, Webroot SpySweeper, and some McNaughton virus cleaner as well. None have detected anything.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />

Amanda · « **Reply #1 on:** September 21, 2005, 07:06:41 PM »

Here's my hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 8:05:20 PM, on 9/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\D-Link AirPlus G\AirPlus.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\DOCUME~1\Mannie\LOCALS~1\Temp\~e5.0001
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Mannie\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WWWinkle Helper - {1897E906-6880-4ab9-8752-B80987FA7862} - C:\Program Files\Naturally Open\Search Panel\Search Panel.dll (file missing)
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\PROGRA~1\Webroot\POP-UP~1\VAPopupKiller.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpWasher] C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Search Panel - {DD1358B9-6C8A-4f85-AC51-0A4171F77758} - C:\Program Files\Naturally Open\Search Panel\Search Panel.dll (file missing)
O9 - Extra 'Tools' menuitem: Search Panel - {DD1358B9-6C8A-4f85-AC51-0A4171F77758} - C:\Program Files\Naturally Open\Search Panel\Search Panel.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

guestolo · « **Reply #2 on:** September 21, 2005, 07:18:40 PM »

Hi Amanda, one requirement I ask when posting a Hijackthis log is that you register to the forum
It's free and a simple process

Afterwards, post a fresh hijackthis log back to this thread

Amandalism · « **Reply #3 on:** September 21, 2005, 07:37:42 PM »

Sorry about that. I guess I was registered before and didn't know it.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' /> Here's the new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:37:05 PM, on 9/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\D-Link AirPlus G\AirPlus.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\DOCUME~1\Mannie\LOCALS~1\Temp\~e5.0001
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mannie\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WWWinkle Helper - {1897E906-6880-4ab9-8752-B80987FA7862} - C:\Program Files\Naturally Open\Search Panel\Search Panel.dll (file missing)
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\PROGRA~1\Webroot\POP-UP~1\VAPopupKiller.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpWasher] C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Search Panel - {DD1358B9-6C8A-4f85-AC51-0A4171F77758} - C:\Program Files\Naturally Open\Search Panel\Search Panel.dll (file missing)
O9 - Extra 'Tools' menuitem: Search Panel - {DD1358B9-6C8A-4f85-AC51-0A4171F77758} - C:\Program Files\Naturally Open\Search Panel\Search Panel.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

guestolo · « **Reply #4 on:** September 21, 2005, 07:55:08 PM »

Doesn't look that bad, but I would like to run a couple scans on your computer

Can you do the following please
==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0
Don't run this yet, we'll need it in a bit
Alternate download location if having trouble with the first link

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, IF you get a warning "Database could not be found!". Click OK. We'll fix that next
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Please Print this out or save these instructions to a Notepad file and save it to your Desktop
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation

==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files
DECLINE to Log off or Restart when scan is done.

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Do another scan with Hijackthis and put a check next to these entries:

O2 - BHO: WWWinkle Helper - {1897E906-6880-4ab9-8752-B80987FA7862} - C:\Program Files\Naturally Open\Search Panel\Search Panel.dll (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Search Panel - {DD1358B9-6C8A-4f85-AC51-0A4171F77758} - C:\Program Files\Naturally Open\Search Panel\Search Panel.dll (file missing)
O9 - Extra 'Tools' menuitem: Search Panel - {DD1358B9-6C8A-4f85-AC51-0A4171F77758} - C:\Program Files\Naturally Open\Search Panel\Search Panel.dll (file missing)

After you have ticked the above entries, close All other open windows,
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart back to Normal mode

Reboot may be a bit slower as we used CleanUp! to additionally clear your prefetch folder, bootup will get quicker the next couple times

Back in Windows
Run hijackthis again and post a fresh log
Also include the Report from Ewidos you saved to desktop earlier

NOTE: If prompted by SpySweeper or Microsoft anti-spyware about changes
Allow them so they won't interfere in any fixes we are trying

Amandalism · « **Reply #5 on:** September 22, 2005, 03:38:31 PM »

Alright, I had a little trouble doing everything you asked. I ran Ewido first because i forgot about the Cleanup, but I didn't think it would really matter. When that was finished, I tried to find Cleanup! but I couldn't, so I figured "Desk Cleanup" was the closest thing. I let that go all night but it didn't do anything. So I ran hijackthis and forgot about cleanup. In hijackthis

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
and
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
wern't there, so I fixed the other few.

Here's the logs:

Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         10:50:14 PM, 9/21/2005
+ Report-Checksum:      A987CDCB

+ Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678} -> Spyware.BargainBuddy : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678} -> Spyware.BargainBuddy : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
   :mozilla.6:C:\Documents and Settings\Mannie\Application Data\Mozilla\Firefox\Profiles\yvuac7ul.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.10:C:\Documents and Settings\Mannie\Application Data\Mozilla\Firefox\Profiles\yvuac7ul.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.21:C:\Documents and Settings\Mannie\Application Data\Mozilla\Firefox\Profiles\yvuac7ul.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.22:C:\Documents and Settings\Mannie\Application Data\Mozilla\Firefox\Profiles\yvuac7ul.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.41:C:\Documents and Settings\Mannie\Application Data\Mozilla\Firefox\Profiles\yvuac7ul.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.42:C:\Documents and Settings\Mannie\Application Data\Mozilla\Firefox\Profiles\yvuac7ul.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.43:C:\Documents and Settings\Mannie\Application Data\Mozilla\Firefox\Profiles\yvuac7ul.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.44:C:\Documents and Settings\Mannie\Application Data\Mozilla\Firefox\Profiles\yvuac7ul.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.45:C:\Documents and Settings\Mannie\Application Data\Mozilla\Firefox\Profiles\yvuac7ul.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.49:C:\Documents and Settings\Mannie\Application Data\Mozilla\Firefox\Profiles\yvuac7ul.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
   :mozilla.50:C:\Documents and Settings\Mannie\Application Data\Mozilla\Firefox\Profiles\yvuac7ul.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
   C:\Documents and Settings\Mannie\Local Settings\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
   C:\Documents and Settings\Mannie\Local Settings\Temp\Cookies\mannie@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\Mannie\Local Settings\Temp\Cookies\mannie@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
   C:\Documents and Settings\Mannie\Local Settings\Temp\gdd0.sys -> Trojan.Kolweb.b : Cleaned with backup
   C:\Documents and Settings\Wheetie\Cookies\wheetie@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
   C:\Documents and Settings\Wheetie\Cookies\wheetie@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   C:\Documents and Settings\Wheetie\Local Settings\Temp\2b2w.sys -> Trojan.Delf.cf : Cleaned with backup
   C:\Documents and Settings\Wheetie\Local Settings\Temp\mia7.sys -> Trojan.Delf.cf : Cleaned with backup
   C:\em.exe -> TrojanDropper.Agent.kd : Cleaned with backup
   C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
   C:\Program Files\Microsoft AntiSpyware\Quarantine\41595089-612C-4C34-987F-6F1A30\B19C63A3-FE7C-465C-939D-2FCFB9 -> TrojanDownloader.Qoologic.p : Cleaned with backup
   C:\WINDOWS\gdd0.sys -> Trojan.Kolweb.b : Cleaned with backup
   C:\WINDOWS\system32\6dqzg0n.dll -> Trojan.Kolweb.a : Cleaned with backup
   C:\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\WINDOWS\system32\c8xqnu4.exe -> Trojan.Kolweb.b : Cleaned with backup
   C:\WINDOWS\system32\gdd0.sys -> Trojan.Kolweb.b : Cleaned with backup
   C:\WINDOWS\system32\redit.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
   C:\WINDOWS\system32\tgdbtl.exe -> Trojan.Delf.cf : Cleaned with backup
   C:\WINDOWS\system32\w3c5f0.exe -> Trojan.Delf.cf : Cleaned with backup
   C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
   C:\WINDOWS\Temp\Cookies\mannie@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\WINDOWS\Temp\i56.tmp -> Spyware.SurfSide : Cleaned with backup
   C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\E5XBMO1W\TBPSSvc[1].cab/TBPSSvc.exe -> Spyware.WebSearch : Cleaned with backup
   C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\F3GT0FKO\common[1].cab/common.dll -> Spyware.WebSearch : Cleaned with backup
   C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\T76O5LKM\TBPS[1].cab/TBPS.exe -> Spyware.WebSearch : Cleaned with backup

::Report End

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 4:32:24 PM, on 9/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
C:\Program Files\D-Link AirPlus G\AirPlus.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Mannie\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\PROGRA~1\Webroot\POP-UP~1\VAPopupKiller.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpWasher] C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

guestolo · « **Reply #6 on:** September 22, 2005, 10:25:09 PM »

Can you do the following please
I want to see a few logs, please supply them all, even if they take a few replies

==Download and save WinPFind.zip
UNZIP the contents to your desktop

Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
This could take some time as it will scan your drive

Download and save Trackqoo.zip
UNZIP the contents to your desktop
Double Click on "Track qoo.vbs"
Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post

Also,
Download FindQoologic.zip save it to your Desktop.
UNZIP the contents to C:\
So you now have a C:\Find-Qoologic folder
Open the FindQoologic folder.
Locate and double-click the Find-Qoologic.bat file to run it.
wait until a text opens, post it in a reply to your thread.

Amandalism · « **Reply #7 on:** September 24, 2005, 09:23:49 AM »

WinPFind log:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
abetterinternet.com 7/2/2005 2:58:54 PM 11081 C:\WINDOWS\mmhrv.dll
web-nex 7/2/2005 2:58:54 PM 11081 C:\WINDOWS\mmhrv.dll
ad-w-a-r-e.com 7/2/2005 2:58:54 PM 11081 C:\WINDOWS\mmhrv.dll

Checking %System% folder...
PEC2 11/8/2003 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PECompact2 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/9/2005 9:18:28 PM 194560 C:\WINDOWS\SYSTEM32\Napoleon Dynamite.scr
Umonitor 11/8/2003 8:00:00 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 11/8/2003 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/22/2005 4:29:48 PM S 2048 C:\WINDOWS\bootstat.dat
9/21/2005 9:05:20 PM HS 10240 C:\WINDOWS\Thumbs.db
9/1/2005 8:23:26 PM RH 749 C:\WINDOWS\WindowsShell.Manifest
9/1/2005 9:03:26 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
9/21/2005 9:06:30 PM HS 9216 C:\WINDOWS\Fonts\Thumbs.db
9/1/2005 8:53:26 PM H 0 C:\WINDOWS\LastGood\INF\crlupd.inf
9/1/2005 8:53:26 PM H 0 C:\WINDOWS\LastGood\INF\crlupd.PNF
9/1/2005 8:55:30 PM H 0 C:\WINDOWS\LastGood\INF\ieexcep.inf
9/1/2005 8:55:30 PM H 0 C:\WINDOWS\LastGood\INF\ieexcep.PNF
9/1/2005 8:57:26 PM H 0 C:\WINDOWS\LastGood\INF\iereadme.inf
9/1/2005 8:57:26 PM H 0 C:\WINDOWS\LastGood\INF\iereadme.PNF
8/25/2005 7:52:18 PM H 0 C:\WINDOWS\LastGood\INF\Iesetup.inf
8/25/2005 7:52:18 PM H 0 C:\WINDOWS\LastGood\INF\Iesetup.PNF
9/1/2005 7:55:24 PM H 0 C:\WINDOWS\LastGood\INF\java.inf
9/1/2005 7:55:24 PM H 0 C:\WINDOWS\LastGood\INF\java.PNF
8/20/2005 11:41:20 AM H 0 C:\WINDOWS\LastGood\INF\oem18.inf
8/20/2005 11:41:20 AM H 0 C:\WINDOWS\LastGood\INF\oem18.PNF
9/1/2005 8:03:00 PM H 0 C:\WINDOWS\LastGood\INF\oem19.inf
9/1/2005 8:03:00 PM H 0 C:\WINDOWS\LastGood\INF\oem19.PNF
9/1/2005 8:57:18 PM H 0 C:\WINDOWS\LastGood\INF\oem20.inf
9/1/2005 8:57:18 PM H 0 C:\WINDOWS\LastGood\INF\oem20.PNF
9/1/2005 8:55:52 PM H 0 C:\WINDOWS\LastGood\INF\removbak.inf
9/1/2005 8:55:52 PM H 0 C:\WINDOWS\LastGood\INF\removbak.PNF
9/1/2005 9:03:26 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
9/1/2005 8:23:26 PM RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
9/1/2005 8:23:26 PM RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
9/1/2005 8:23:26 PM RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
9/1/2005 8:23:26 PM RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
9/1/2005 8:23:26 PM RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
9/23/2005 3:06:00 AM H 1024 C:\WINDOWS\system32\config\default.LOG
9/23/2005 6:52:36 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
9/22/2005 4:31:14 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
9/23/2005 7:02:08 AM H 1024 C:\WINDOWS\system32\config\software.LOG
9/23/2005 4:30:18 AM H 1024 C:\WINDOWS\system32\config\system.LOG
9/1/2005 7:46:36 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
9/21/2005 9:17:20 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\a6b8dcbc-1311-44e8-ab91-91f61bb454b0
9/21/2005 9:17:20 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
9/22/2005 4:29:56 PM H 6 C:\WINDOWS\Tasks\SA.DAT
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS01156CC3-84E4-42E9-A2A3-645765BA816F.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS017E0542-E25B-433E-92FF-EFD9ED626E12.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS02134DB0-B269-418F-820C-C64FC77BD883.tmp
8/20/2005 9:15:06 PM H 38178 C:\WINDOWS\Temp\CS0255064C-EC78-45F2-B78F-B86430E186EF.tmp
9/22/2005 4:32:56 PM H 0 C:\WINDOWS\Temp\CS025728D2-A624-4B9C-8F1A-289E9D1E961E.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS02C31EFB-A507-48AB-92AE-190EC3A72C76.tmp
8/25/2005 10:24:44 AM H 0 C:\WINDOWS\Temp\CS030258D9-7ABB-4579-B917-88F894FA1A8A.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS03DF027C-9B0D-48AD-8EF2-76BC7DCF8C80.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS03F950D1-62C1-434D-A17E-0EFA3D44998D.tmp
8/25/2005 10:24:44 AM H 508 C:\WINDOWS\Temp\CS0507D90A-73FA-412C-B1B0-954C26FC1ABA.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS0532B60E-4B54-4897-83FC-EF44AF7EE89B.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CS055CE069-1270-4FDF-AD68-0E3984C79F46.tmp
8/25/2005 10:24:44 AM H 526 C:\WINDOWS\Temp\CS05BF3F03-2D35-40C9-AD02-93356DFA55C0.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS06938965-6656-4C0B-A8EF-658F5CF54D69.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS082B7FCA-0A74-4BDF-8E97-2F9826B19A4C.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CS0939E745-456F-4874-8CA8-FB2604AD049D.tmp
8/25/2005 10:24:44 AM H 162 C:\WINDOWS\Temp\CS0A84F3AC-3FA1-4F37-80ED-68131784BBC0.tmp
9/22/2005 4:32:58 PM H 0 C:\WINDOWS\Temp\CS0C53CB4F-B8C1-4E1A-802F-3162D45438BA.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CS0C864858-8F47-47E2-B5F8-902E18AA0657.tmp
8/25/2005 10:24:44 AM H 118 C:\WINDOWS\Temp\CS0CE8BCD1-39C5-40CF-A582-27FE51C2E8AF.tmp
8/21/2005 11:13:42 PM H 39720 C:\WINDOWS\Temp\CS0D798A17-C3A0-43DD-B80A-847758F32A1B.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS0DF3472B-BC0A-4B99-A78D-505751DA3598.tmp
8/21/2005 3:06:42 AM H 72484 C:\WINDOWS\Temp\CS0EAB6147-6988-4033-BD67-1B2E10F33C22.tmp
8/21/2005 11:13:42 PM H 748 C:\WINDOWS\Temp\CS10983C95-0FA6-4AC3-A622-8C9A4D7E2E83.tmp
8/21/2005 10:15:46 PM H 124 C:\WINDOWS\Temp\CS1118775B-0500-42DF-8E96-7429013EBED0.tmp
8/21/2005 10:15:46 PM H 100 C:\WINDOWS\Temp\CS11F39203-E13D-408F-87F8-0CE1CF183F94.tmp
8/20/2005 9:15:38 PM H 412770 C:\WINDOWS\Temp\CS126C2355-4829-4EF2-98B3-145BED92EC58.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CS13CC654A-0B32-4A45-8595-BEB4563BDCA3.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS13DE7ACB-91A5-45DE-954E-FAA30CD85A5C.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS1416B98B-D95E-43D7-9B83-64995AF35CC1.tmp
8/20/2005 9:15:06 PM H 39720 C:\WINDOWS\Temp\CS14267A07-A40F-4AAD-9B7A-CCC33FED1A6D.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS144B2D0C-85A0-4873-AFA4-4D2C09FA64AF.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS14B0CB43-E63C-4542-B8C7-19473BC23002.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS15DEBF64-70F1-4F6D-BEA5-7F63200C6718.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS161F0422-74EC-44AB-9CC7-26FC774F5BF3.tmp
8/25/2005 10:24:44 AM H 516 C:\WINDOWS\Temp\CS167A0F06-8D89-4AA3-A9CD-F048D4F70E0B.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS174CA0E5-A308-466C-9215-D442F1D86B5C.tmp
8/21/2005 11:14:12 PM H 1368000 C:\WINDOWS\Temp\CS18C74792-0028-4E97-9B70-17E589418698.tmp
9/22/2005 4:32:32 PM H 32 C:\WINDOWS\Temp\CS18F693FF-4DD7-4647-AABE-C7BB78EC1D30.tmp
8/20/2005 9:15:38 PM H 1670318 C:\WINDOWS\Temp\CS19E17ED7-6443-4502-A668-AE2EE04D0CF4.tmp
8/21/2005 10:15:46 PM H 96 C:\WINDOWS\Temp\CS1B708F1C-0939-4D33-979A-B4138CF9B19F.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS1C89CD69-468B-4FF4-BDC4-CC950391EB04.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS1CD8EDB9-5825-44D0-969B-3CB8F0D4E7FF.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS1F2C5690-2245-47E5-AE93-EC72790893B2.tmp
9/22/2005 4:32:58 PM H 420224 C:\WINDOWS\Temp\CS2288F4A7-5D2A-483C-9C71-56EDBE41EDAF.tmp
8/20/2005 9:15:06 PM H 32 C:\WINDOWS\Temp\CS246460BF-4FA3-4682-B7C8-A1EC006CF514.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS24F6C4D9-C391-4CDF-9E4E-67C29E835C8A.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS2618E00B-1176-4A2E-86CA-3561618A2063.tmp
8/20/2005 9:15:38 PM H 80652 C:\WINDOWS\Temp\CS263DEBA1-7D7C-4649-81CD-FC068BC32728.tmp
8/21/2005 11:14:14 PM H 1670318 C:\WINDOWS\Temp\CS2655B1BB-3808-4F89-92A4-894D4AF7C2A0.tmp
8/25/2005 10:24:44 AM H 14 C:\WINDOWS\Temp\CS273E176F-C6C8-4725-8762-7F0D4EE56437.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CS296EF354-A081-47F6-B5B5-5B2BEF18A4B6.tmp
8/21/2005 10:15:46 PM H 14 C:\WINDOWS\Temp\CS2A334983-F2CA-414C-A5F7-70662CC9AEE7.tmp
8/25/2005 10:24:44 AM H 0 C:\WINDOWS\Temp\CS2CFCB181-2DD6-4A91-81EC-D88B3FA6AB9B.tmp
8/21/2005 11:13:42 PM H 68241 C:\WINDOWS\Temp\CS2D177614-A963-4A38-8F6C-7B1F50B14F87.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS2D411A42-B93C-44B3-948C-5D90F89CF6D3.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS2DB5CBF7-EF55-43BA-9F35-6FD2B9D4697F.tmp
8/25/2005 10:24:44 AM H 42 C:\WINDOWS\Temp\CS2EDA7B3A-3790-47B6-B3D1-4F9713E09396.tmp
8/21/2005 10:15:46 PM H 100 C:\WINDOWS\Temp\CS2F926AB0-DB2D-4BAE-B962-E01A008EA2D4.tmp
8/20/2005 9:15:06 PM H 3366 C:\WINDOWS\Temp\CS30C910D1-B565-4C6C-B76D-5F115AED2BA6.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CS31E09B49-60BE-423B-944A-28A2ACFDD374.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS32D9E5BB-1476-489B-8723-D18D7D5364D5.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS3324D52F-1CD1-4B23-A2C0-0BE178A8F0A5.tmp
8/25/2005 10:24:44 AM H 68 C:\WINDOWS\Temp\CS33AF99E4-D831-4620-9269-906C4617FB46.tmp
9/22/2005 4:32:32 PM H 140 C:\WINDOWS\Temp\CS35CF02D5-74D1-4263-BC61-D60DF45E638E.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS366DE20D-AA7B-42EC-B7E0-9052BF9E5B0A.tmp
8/20/2005 9:15:06 PM H 128 C:\WINDOWS\Temp\CS368064DD-5A91-40E4-B2A4-F04D16C90ADA.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS36EB645D-15D5-41B9-A33F-4197B0ACE181.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CS38482CE1-A097-4D5F-B4CA-F5CF024B5818.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS3A22C884-4E88-4FDA-B239-ED8D8E3BA5B0.tmp
8/21/2005 11:13:42 PM H 204 C:\WINDOWS\Temp\CS3B1BC00D-6D9F-4C26-9654-AEF1710CA796.tmp
8/21/2005 10:15:46 PM H 120 C:\WINDOWS\Temp\CS3B2791E0-906C-4CD2-9C4D-4C2FF071BC69.tmp
8/20/2005 9:15:06 PM H 306 C:\WINDOWS\Temp\CS3B45A20F-5B8A-48A3-A304-064926D3E396.tmp
8/25/2005 10:24:44 AM H 30 C:\WINDOWS\Temp\CS3BF2C306-53E0-4449-A9E7-23589B43A52D.tmp
8/21/2005 10:15:46 PM H 526 C:\WINDOWS\Temp\CS3C70FF76-71F4-4FBB-8833-16A520136185.tmp
8/21/2005 10:15:46 PM H 0 C:\WINDOWS\Temp\CS3CC02FD3-0AFD-4797-98A8-73A027780166.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS3D8218F3-751F-40F6-A3BE-31C24963CEB3.tmp
8/20/2005 9:15:06 PM H 904636 C:\WINDOWS\Temp\CS3E146F29-9B88-4FFA-BA6D-813E76F3B8C1.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS3FAC8535-7D03-4908-8E77-B5EF2D7B4E4C.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS41E2B745-D698-4CA9-A9FF-16DEAA0C899B.tmp
8/25/2005 10:24:44 AM H 48 C:\WINDOWS\Temp\CS422E00F5-9786-46F7-BBE7-1D88CED53C6D.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS43DE55B2-1958-4F16-85A1-FC3D85E66B84.tmp
8/21/2005 11:13:42 PM H 2016 C:\WINDOWS\Temp\CS446C9519-BB34-47B4-9A3A-546420A75AD8.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CS459C23C5-18CD-4627-BF51-C14F90B1A1CF.tmp
8/25/2005 10:24:44 AM H 496 C:\WINDOWS\Temp\CS4629BA09-8293-4EAB-B1B7-407CAD027539.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CS47CC9654-7483-41BF-9568-303C9768E63D.tmp
8/21/2005 11:14:14 PM H 412770 C:\WINDOWS\Temp\CS4A7E2479-D72B-43C6-B5D5-C67CF0723CED.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS4BCF5C57-FC40-4DCB-B85A-AE2F11B5BA2C.tmp
8/21/2005 10:15:46 PM H 68 C:\WINDOWS\Temp\CS4D9530D1-8574-4E04-8B56-29988EE8DCD6.tmp
8/21/2005 10:15:46 PM H 0 C:\WINDOWS\Temp\CS4DA72722-DBDB-47CA-9BAF-D62FA2FFDFB5.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS4DB0D379-78BE-4137-BDA7-AC3DDC4B51A8.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS4EEA7E46-7317-4519-9D00-0449F56D3D44.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS4F7A0B77-AD73-49C6-B114-19DE3387CC62.tmp
8/21/2005 11:13:42 PM H 160 C:\WINDOWS\Temp\CS4FE22B90-0BB5-407D-B27C-78B9E10CD94C.tmp
8/21/2005 11:13:42 PM H 5464 C:\WINDOWS\Temp\CS5011B3E9-2573-4D78-BE1B-5E0C77B54FC7.tmp
8/21/2005 10:15:46 PM H 0 C:\WINDOWS\Temp\CS5019E723-A358-429F-9FF4-E0AB14C4C5F7.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS5067B6C9-833A-4446-B114-EB625CDE56A7.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS50985106-3936-40D9-9B4B-BB7ED4B1E881.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS50E29F45-8E4F-4011-BCCB-31C659A55551.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS517D95D0-5F98-45AE-90F1-C2A03F8CBD7F.tmp
8/21/2005 11:13:42 PM H 38178 C:\WINDOWS\Temp\CS5234188A-7E31-4F93-AFB0-1421B407D4EF.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CS541AC159-7D90-4110-B5AD-865F27820A79.tmp
8/20/2005 9:15:06 PM H 2163462 C:\WINDOWS\Temp\CS544E12D5-37FA-4966-BDE9-34B1A9FDBBD1.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS54EE34E1-35A0-402F-8280-5BD6408CB7D1.tmp
8/21/2005 10:15:46 PM H 50 C:\WINDOWS\Temp\CS556B94B1-B7AD-4947-AB4B-9CC8289D8EA8.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS57166125-2A72-4B2B-9D0C-20ECDA23A8EB.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS583260FB-B7E2-4781-AD07-D6ED5C91171B.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS591410A6-6FDC-4338-B9C9-9D56EE802198.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS5914737B-414C-4F60-9108-DCE51028A0F7.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS5E787B53-D9E8-4DBF-A9AE-5DEE84A116D9.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS5E82EDA2-1C4C-4B80-8272-6AF2CE35C65B.tmp
8/21/2005 10:15:46 PM H 0 C:\WINDOWS\Temp\CS609243AB-A8DA-41CD-B91B-EE9BA2128B44.tmp
8/21/2005 11:13:42 PM H 2163462 C:\WINDOWS\Temp\CS60D9420E-00C7-4CD1-89A4-C5CA89995D45.tmp
8/21/2005 10:15:46 PM H 162 C:\WINDOWS\Temp\CS61234C3B-B335-4508-9495-8E9A4D51ACB2.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS61629921-F717-4260-8011-C63E283E3FD4.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS61C760B1-CEDE-4B93-BEC0-2DB3FE7F55AF.tmp
8/25/2005 10:24:44 AM H 0 C:\WINDOWS\Temp\CS6204D8DF-3A95-40C4-BA13-FFB01D9B4AE0.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS64CC0498-32CE-4CEA-A358-C629F4C100CB.tmp
8/21/2005 11:13:42 PM H 240 C:\WINDOWS\Temp\CS64D74B60-509D-4E10-AE54-832DF3A6D312.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS665EBDE3-10DB-449C-B5B6-D1B5B1667236.tmp
9/22/2005 4:32:58 PM H 0 C:\WINDOWS\Temp\CS671B3ACF-A4D9-4835-B54F-E64E0424F66F.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS6A0BFCFE-7F89-4A49-9487-6737BC7E6551.tmp
8/25/2005 10:24:44 AM H 0 C:\WINDOWS\Temp\CS6A7A7A2D-1317-4ECA-A7DF-BE73BCCC5624.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS6D62582D-6E3D-497A-9DEE-841CDABBE359.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS6D7FEB3E-9250-4C8C-81AF-BA6A67951381.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS6F023604-8E38-4A49-BC4D-A79FDC77EDE1.tmp
8/20/2005 9:15:06 PM H 1455886 C:\WINDOWS\Temp\CS6F5EE5E2-3C82-4701-8B28-49D94949AACA.tmp
8/21/2005 10:15:46 PM H 30 C:\WINDOWS\Temp\CS70C0F6E8-45DF-4AB3-B2C9-BBB50A3FF020.tmp
8/21/2005 10:15:46 PM H 0 C:\WINDOWS\Temp\CS70DDD5D6-9931-4C33-9467-34F15B49CD10.tmp
8/20/2005 9:15:06 PM H 547202 C:\WINDOWS\Temp\CS70EE0B05-8C77-404B-A803-13637C73E959.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS711A951D-2EAC-4485-A83B-86903E59F981.tmp
8/20/2005 9:15:06 PM H 160 C:\WINDOWS\Temp\CS715D4625-D49D-4417-9074-A883FC344C7C.tmp
8/21/2005 11:13:42 PM H 306 C:\WINDOWS\Temp\CS71B4622F-79C2-403B-BC92-FD251F28865E.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS7220226D-65AB-42AB-85A7-AB7533ADA6AA.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CS72B792E9-9986-40B9-9F57-321C0DAA628E.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CS73C458B2-72B2-4471-8BBC-3AEA4E9BAF60.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS7529A55A-B69F-4213-AFE4-59CDF0EE0E20.tmp
8/20/2005 9:15:06 PM H 2016 C:\WINDOWS\Temp\CS7810EABE-B4A0-4A5B-81E2-0152ABE4082D.tmp
8/21/2005 10:15:46 PM H 42 C:\WINDOWS\Temp\CS78863BCD-BD02-4342-811A-013EE81CDD5A.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS78CA5D5A-000D-431E-BD8E-B0FEB3237EE1.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CS7A2FDC49-6D35-4288-811D-8E3610E0D08F.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS7B04B71E-BBC2-4955-89D6-B1F1ECF3ED9B.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS7BB47CEA-3DAE-4B33-A490-9EE2CEF1CF28.tmp
8/25/2005 10:24:44 AM H 0 C:\WINDOWS\Temp\CS7D0C1D52-E856-46A0-B1EC-51F01B2C69F5.tmp
8/25/2005 10:24:44 AM H 136 C:\WINDOWS\Temp\CS7D164A99-62D9-4DBF-BDA8-61992009728F.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS7D756909-2460-4047-8124-7D7E42477424.tmp
8/20/2005 9:15:06 PM H 204 C:\WINDOWS\Temp\CS7DBC34AB-D644-4172-ADFB-00AE2E4992B5.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CS7E40AB9D-D7D5-4743-A750-1A471AB39623.tmp
8/25/2005 10:24:44 AM H 102 C:\WINDOWS\Temp\CS7F8593C4-58C4-4B74-B0A3-F364B244F5FC.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS7FAED219-81B4-4A88-B5B4-5BA868DADBE3.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS8090F426-A03D-4256-895E-D6501DE059A6.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS80B6F56F-E77D-4064-8993-F9759C680306.tmp
8/21/2005 11:13:42 PM H 32 C:\WINDOWS\Temp\CS835A630A-276B-418B-B724-2C0AF890CE7E.tmp
8/20/2005 9:15:06 PM H 240 C:\WINDOWS\Temp\CS8377EF6E-0A24-4554-B682-6F06EE1AFAFD.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS856903A7-B14C-4229-AAE5-3A3F53372FF3.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CS86D4921D-B340-4958-AD22-96AFC2AF064B.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS877F3E80-592E-4C63-B5BB-42EEC1E60CD8.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS87B7E524-5225-431A-875B-7F202F6D6924.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS87FCC622-E8A4-4434-9CC2-3940EBADC5AB.tmp
8/20/2005 9:15:06 PM H 6128 C:\WINDOWS\Temp\CS8884795C-46C5-4F30-806E-CEFD60ADA2EC.tmp
8/20/2005 9:15:06 PM H 0 C:\WINDOWS\Temp\CS88E6901D-28B5-4B62-818B-305024FDDD37.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS89365AB6-8603-491D-97ED-B06B71A8CE41.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS8E7E6E65-8954-41A8-BB64-4D830DA0FAB7.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS8E80B751-F48C-4520-BF61-CC42A89FBBEB.tmp
8/20/2005 9:15:06 PM H 748 C:\WINDOWS\Temp\CS8EDD3BF7-1594-4B3A-810A-BD8C7F513D7C.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CS8F9EE802-2DFF-4404-AF1B-EEC31CA296D0.tmp
8/21/2005 11:14:14 PM H 80652 C:\WINDOWS\Temp\CS906603C7-E07D-4B1F-9517-519FE27484C4.tmp
8/21/2005 10:15:46 PM H 0 C:\WINDOWS\Temp\CS918AB775-B778-43C3-A57F-2C8817AA4D5F.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS924474C3-3363-459C-8A59-C83CEC6F0704.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CS938C91B4-45A5-4076-A0DA-678BC45E00A6.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS93F95C5C-934E-43AD-9AC2-CE2CD87DFF6E.tmp
8/21/2005 11:13:42 PM H 1059112 C:\WINDOWS\Temp\CS943FC086-C70B-4284-AD5B-98CE694A90BB.tmp
8/21/2005 10:15:46 PM H 0 C:\WINDOWS\Temp\CS9602C63C-936F-40D0-BDD4-952323C15E7A.tmp
8/21/2005 11:13:42 PM H 30 C:\WINDOWS\Temp\CS9679DB5D-2713-4771-8D35-423171402217.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS96A361A9-C88B-4DB1-96EC-0F67467A4EBB.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS96D29632-923B-48AC-80C5-E849B4E72559.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS97F4CED5-2DB1-4CDD-8B39-8F6A71460F0E.tmp
8/25/2005 10:24:44 AM H 100 C:\WINDOWS\Temp\CS98375A7A-6D57-482B-B2A0-B1ECE1A6550F.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS99A6D92A-8E88-4D21-B2C9-2408DAC2ED60.tmp
8/25/2005 10:24:44 AM H 42 C:\WINDOWS\Temp\CS9A68B174-0BA1-489C-B9BC-3104C2FDFF5A.tmp
8/21/2005 11:13:42 PM H 547202 C:\WINDOWS\Temp\CS9AF33770-3AD0-4721-A887-F11291D3A610.tmp
8/21/2005 10:15:46 PM H 496 C:\WINDOWS\Temp\CS9C168D75-8259-4103-AE53-B0E8E4D5AC5D.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS9CA14232-4440-49D9-B540-3B7E197E920E.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CS9CF6B167-9A0A-449F-8B48-E36E32AD6A31.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS9D8441F9-1A03-4277-9FCC-D500D79CC6F5.tmp
8/21/2005 11:13:42 PM H 23352 C:\WINDOWS\Temp\CS9DF8F7C3-55DD-47F2-AC63-3F78CB83AB74.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CS9E0F566A-4C38-46E3-957C-3AC4CAD8DD13.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CS9E2B7017-C50E-48CE-B43E-53430A2BE811.tmp
8/25/2005 10:24:44 AM H 114 C:\WINDOWS\Temp\CS9F5737E7-DF81-4080-A2B6-D182EFF3E3F1.tmp
8/25/2005 10:24:44 AM H 496 C:\WINDOWS\Temp\CS9FFAD4A8-F1BD-4F44-8EC9-41A570A7972F.tmp
8/20/2005 9:15:06 PM H 23352 C:\WINDOWS\Temp\CSA0935239-59AD-4FE9-AF08-2607AFD0BC89.tmp
8/20/2005 9:15:06 PM H 1059112 C:\WINDOWS\Temp\CSA0DBE764-89D0-4EE3-81B5-00C89635EE93.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CSA2B860E2-81E4-4C42-A12A-F9713676D8E1.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSA3555524-3752-41B3-8E47-0926118B9471.tmp
8/25/2005 10:24:44 AM H 496 C:\WINDOWS\Temp\CSA3789991-8DAC-4257-9F49-B7B987CA4B0C.tmp
8/21/2005 10:15:46 PM H 114 C:\WINDOWS\Temp\CSA3D23F4E-007B-4B96-A284-A36D8E1D8194.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSA41F7871-4EF9-40BC-BB2E-E1EBE31DE4AA.tmp
8/21/2005 10:15:46 PM H 48 C:\WINDOWS\Temp\CSA46D34C6-E60F-43A2-A068-88BAA1B74B93.tmp
8/20/2005 9:15:06 PM H 5464 C:\WINDOWS\Temp\CSA51AEB8D-D30F-449D-BAFD-AF208C5D8BBC.tmp
8/25/2005 10:24:44 AM H 0 C:\WINDOWS\Temp\CSA5500C40-2A1F-4703-BE28-911D070731EC.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSA60E377D-7B90-4DCE-A697-19813122F998.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CSA63081FC-25CE-47B4-B5B5-D23C2A865402.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CSA7029FA3-8060-4C59-8638-B10514C84030.tmp
8/25/2005 10:24:44 AM H 120 C:\WINDOWS\Temp\CSA74EFF26-B38E-47FA-A4F2-076272E20DC1.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CSA813B5A1-6CF7-41DC-88AF-2F749236297E.tmp
8/21/2005 11:13:42 PM H 1455886 C:\WINDOWS\Temp\CSA87E0743-3F80-48BB-9074-7DDD45AFB747.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSA9F47E55-212C-4BE4-8BF4-F0CCB980EE01.tmp
8/25/2005 10:24:44 AM H 30 C:\WINDOWS\Temp\CSAA0E560D-4A4A-42C6-B714-0B3CE7DD6387.tmp
8/21/2005 11:13:42 PM H 6128 C:\WINDOWS\Temp\CSABAD95CD-4D63-4B84-8DD9-53B9D2D91BBC.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CSABF9E33F-BF16-4B63-95FF-2DBEF21C203E.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSACCB04EE-EA4A-4680-9100-5758ACD44C69.tmp
8/25/2005 10:24:44 AM H 0 C:\WINDOWS\Temp\CSACE4BB7C-2561-4484-930B-8C23A97A4A10.tmp
9/23/2005 3:05:56 AM H 0 C:\WINDOWS\Temp\CSADE1BBB8-CFDC-43ED-9FF7-5D0ABC3756F0.tmp
8/21/2005 10:15:46 PM H 48 C:\WINDOWS\Temp\CSB5B4964F-E31C-4B38-884F-E721AD7B6CC0.tmp
8/21/2005 10:15:46 PM H 508 C:\WINDOWS\Temp\CSB5DB3930-4744-49F4-A359-DEA457BE42D6.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CSB7793E60-C8D7-4B37-A102-9C11042D6567.tmp
8/21/2005 10:15:46 PM H 496 C:\WINDOWS\Temp\CSB8B1ED9E-4E04-48C7-8114-C5E5E3CB3972.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CSB8D34BC4-5E70-451B-9923-C54856BA762B.tmp
8/20/2005 9:15:06 PM H 1272804 C:\WINDOWS\Temp\CSB9EFE4F6-AF79-4223-88B0-B653E17F5177.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSBAB9B293-E53F-43A5-8F3E-C706D59D3043.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CSBB30DD68-91C2-42FC-9113-551AB562DC11.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSBB3BD451-4CBF-47FD-AD48-0B156870F0B2.tmp
8/21/2005 10:15:46 PM H 516 C:\WINDOWS\Temp\CSBB59E5B0-4E68-4D2D-A3F2-7B3818D70442.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CSBB865FE0-652D-4881-99DB-B8FE5892F106.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSBB954E90-3FDA-462D-8036-966CE0F6BA28.tmp
8/21/2005 10:15:46 PM H 30 C:\WINDOWS\Temp\CSBBCD97F9-AE5A-438E-A962-5114C3833548.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSBC1FA7A9-321B-477A-9582-E191B22B4359.tmp
8/22/2005 3:06:38 AM H 72484 C:\WINDOWS\Temp\CSBD356DB8-703F-4D04-892C-8DF59D9E7D7E.tmp
8/21/2005 11:13:42 PM H 3366 C:\WINDOWS\Temp\CSBDFAEB13-6B46-4C9B-A4FF-F471E23BABB5.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSBDFBE3AE-7848-4B60-B95F-DC1130B6AB1E.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSC3509C95-0323-49C9-BEDE-9975EBEA3D3B.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CSC3D3DCDF-8A9B-4BD8-B11B-C9E6C9ECECFC.tmp
8/21/2005 11:13:42 PM H 1494 C:\WINDOWS\Temp\CSC56E5CCE-87B4-4DEC-B79D-BF43E286B0F1.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CSC60EDD74-64FD-4EA2-87D8-B9AEDD1CD59B.tmp
8/25/2005 10:24:44 AM H 120 C:\WINDOWS\Temp\CSC6D98F7E-006A-4A75-AB05-83619E6D3E81.tmp
8/25/2005 10:24:44 AM H 96 C:\WINDOWS\Temp\CSC7AAF5A6-10EC-4368-BBFD-256DFDB78D47.tmp
8/20/2005 9:15:06 PM H 1494 C:\WINDOWS\Temp\CSC7D58BFF-DAB1-4693-86B3-4AA0C33E3591.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSC841ADFA-F312-43D0-BDA2-D6ED2ABD244B.tmp
8/21/2005 11:13:42 PM H 128 C:\WINDOWS\Temp\CSC879AABD-F726-4764-8A2D-5ADCA7B5D46B.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSCB444DA7-08B3-432D-8E13-E717AFB69E37.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CSCB81F3F8-187F-43C2-A713-39C608D0D442.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CSCBA538BF-6D5E-491B-B818-5F333A9980A8.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CSCC0840E5-CE1F-4215-88AF-C26E3480E31E.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSCD88106A-E28E-48C6-BE6D-50E1D8E27641.tmp
8/25/2005 10:24:44 AM H 100 C:\WINDOWS\Temp\CSCEFA9600-0A3A-4733-9DAB-92016CCB1F58.tmp
8/20/2005 9:15:06 PM H 30 C:\WINDOWS\Temp\CSCF263AA5-97A4-465C-9D91-7063138488A1.tmp
8/21/2005 11:13:42 PM H 0 C:\WINDOWS\Temp\CSCF38428C-7AFC-4C3C-BDC3-33D922B2218F.tmp
8/25/2005 10:24:44 AM H 100 C:\WINDOWS\Temp\CSD15C1BAE-5A36-43FF-9AC0-0A5711B339CD.tmp
8/25/2005 10:24:44 AM H 50 C:\WINDOWS\Temp\CSD186416A-EED4-4633-8DCC-32DF793791BC.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CSD1C61A74-6870-4E45-9538-CA6ED2C0E0B9.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CSD233753E-84F7-41ED-ACCB-E502F8CB7D6C.tmp
8/21/2005 10:15:46 PM H 48 C:\WINDOWS\Temp\CSD2902814-54FB-422A-8691-1C688D061D3D.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CSD3B5921A-6258-4B25-8CDA-83B54EC5D925.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CSD41C56C7-6B74-461A-B577-2FAF83DF582A.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSD5238201-2D73-4E67-8E6E-CC9B55D154CB.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CSD538B404-8D5E-4607-824F-9CC6A2E625C5.tmp
8/22/2005 3:00:08 AM H 548 C:\WINDOWS\Temp\CSD58EF397-E4DC-474A-87EE-9C9D5292B744.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSD7E51356-0FBE-458F-A726-DE1944F045ED.tmp
9/22/2005 4:32:32 PM H 204 C:\WINDOWS\Temp\CSD8BFCC90-9874-4F28-9A00-E9F60B662F0B.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CSD95DD7B9-3702-49D7-9D78-75E08560B966.tmp
8/21/2005 10:15:46 PM H 102 C:\WINDOWS\Temp\CSDA9C5952-2A5E-4318-BA54-8B5140D067BD.tmp
8/21/2005 10:15:46 PM H 0 C:\WINDOWS\Temp\CSDAAEF85A-B819-483C-8A92-44F8B3544041.tmp
9/23/2005 3:00:06 AM H 0 C:\WINDOWS\Temp\CSDB9728D0-9E57-4018-9440-7D775249E2B9.tmp
8/25/2005 10:24:44 AM H 48 C:\WINDOWS\Temp\CSDD5AED6C-27D6-4A16-8D0E-6B7A3E521565.tmp
8/21/2005 11:13:42 PM H 0 C:\WINDOWS\Temp\CSDD64CF8A-1A50-4BCE-B282-73CBF4B0CAD4.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CSDD8F2A84-2D7A-4262-8909-4ABA9B63A642.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CSDDD5FB1A-DAFD-4B78-B181-7BFE7FEB6B2B.tmp
8/21/2005 10:15:46 PM H 120 C:\WINDOWS\Temp\CSDE52DBAD-77FD-4A73-AE4B-A253358FA3A0.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CSDE94DF19-17A5-4547-8447-C4C8E80F596E.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSE107F9D9-6FFE-4030-8C01-53580DDF7E22.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CSE3820A08-3244-4938-8733-AB92F4A8E3E7.tmp
8/20/2005 9:15:06 PM H 102268 C:\WINDOWS\Temp\CSE3A2CB80-9D7F-48DD-A072-E4482D1D89FC.tmp
8/21/2005 10:15:46 PM H 136 C:\WINDOWS\Temp\CSE5BA44FA-A2C6-43A1-B5DF-FAAAF0974478.tmp
8/25/2005 10:24:44 AM H 0 C:\WINDOWS\Temp\CSE6947AF9-66DC-434B-9868-36971D0DABD8.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSE76E88D1-C329-4A54-BCA4-34FC21A90FBB.tmp
8/21/2005 3:00:14 AM H 548 C:\WINDOWS\Temp\CSE79F7505-A695-442A-B16B-8F7EE87770B7.tmp
8/21/2005 10:15:46 PM H 118 C:\WINDOWS\Temp\CSEA210600-982E-4A31-AAD6-8BF9DEB919E0.tmp
8/21/2005 10:15:46 PM H 100 C:\WINDOWS\Temp\CSEAF874AB-7B03-4DBC-9A2B-4D27ABBB708C.tmp
8/20/2005 9:15:36 PM H 1368000 C:\WINDOWS\Temp\CSED62B61C-B66C-4D58-B9F3-5A96615E909E.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CSEDC4AF8C-C435-4704-A9B4-C0F524258B5F.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CSEF1679C7-468A-4FEF-BC8A-2C18C7BACA99.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSEF46A43B-C050-4799-B7D7-97AF5F611D9B.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CSEFBB79B6-62CB-4B64-945D-D3C78C23CFA3.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CSF0387D33-06AD-466F-9A33-52465BE16225.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CSF07850F4-1297-482F-BDAA-55EEA68F5BD2.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CSF2F9EC48-174A-4015-A349-D269ECCA7674.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CSF337A2AD-35C3-4E52-A1E3-2000A3FB57BB.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSF3B40B66-A89B-4C82-9F44-0987EFA14722.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSF3FEDA76-97F2-42ED-B638-3FE6B0CA15AB.tmp
8/25/2005 10:24:44 AM H 124 C:\WINDOWS\Temp\CSF48B619C-32DE-4E72-9BAB-D2ABFC1E5937.tmp
9/23/2005 6:30:28 AM H 0 C:\WINDOWS\Temp\CSF4D0B951-D789-49D0-935F-4145BC5722D6.tmp
8/21/2005 11:13:42 PM H 102268 C:\WINDOWS\Temp\CSF5785838-8203-4036-9211-A232C9DA641D.tmp
8/21/2005 11:13:42 PM H 1272804 C:\WINDOWS\Temp\CSF78FEE4C-F0A3-435F-BD12-AC1D842F7CD6.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CSF80B3FE4-DF85-4699-9C27-0DDAE273F215.tmp
8/25/2005 10:24:44 AM H 10 C:\WINDOWS\Temp\CSF9B1D8BA-4F08-41EB-B53D-9175BFA12D0E.tmp
8/21/2005 11:13:42 PM H 904636 C:\WINDOWS\Temp\CSF9B2C9FF-AB93-42A6-A273-08ADB2D43CAB.tmp
8/20/2005 9:15:06 PM H 68241 C:\WINDOWS\Temp\CSFA8310C6-4354-4474-A0DD-7FE6E58339D2.tmp
8/21/2005 10:15:46 PM H 42 C:\WINDOWS\Temp\CSFC3CD506-9823-41D7-93A6-6767AF7F3075.tmp
8/21/2005 10:15:46 PM H 492 C:\WINDOWS\Temp\CSFC693DF4-C5B8-49DD-BA6D-19B66A5E0618.tmp
8/25/2005 10:24:44 AM H 48 C:\WINDOWS\Temp\CSFDB7478A-0C15-480C-85BD-2AC94892E2FD.tmp
8/21/2005 10:15:46 PM H 10 C:\WINDOWS\Temp\CSFEE6FBC4-EC4A-4E67-BD62-94B0F03EF62A.tmp
8/20/2005 9:15:06 PM H 0 C:\WINDOWS\Temp\CSFF24F32B-4027-482A-953E-F342E84F78C7.tmp
9/22/2005 4:32:32 PM H 0 C:\WINDOWS\Temp\CSFFD130B2-481D-4177-A388-DD568EC3D0C5.tmp

Checking for CPL files...
Microsoft Corporation 11/8/2003 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 6/3/2005 3:52:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Wacom Technology, Corp. 5/29/2003 9:41:08 AM 958464 C:\WINDOWS\SYSTEM32\pentablet.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 3/26/1998 5:36:30 PM 202240 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 578560 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 129024 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 121856 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 65536 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 268288 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 11/8/2003 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
12/27/2004 5:13:20 PM 890 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
9/2/2003 2:06:46 PM 1952 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
12/23/2004 9:46:18 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
12/23/2004 10:16:54 PM 499 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus G Configuration Utility.lnk
12/23/2004 10:55:24 PM 810 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk
12/24/2004 4:19:20 PM 1628 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
12/23/2004 4:07:20 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
12/23/2004 9:46:18 PM HS 84 C:\Documents and Settings\Mannie\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
12/23/2004 4:07:20 PM HS 62 C:\Documents and Settings\Mannie\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
       =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
   {35795A86-A5CA-4B00-B1C5-BBD1EB86B52D}    = C:\WINDOWS\system32\ccnfmsp.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mmtskxxm
   {ddd2e9d4-64b8-4e8d-b8f8-cf746ec4bbca}    = C:\WINDOWS\System32\iiqgv.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\Shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\Shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\UltraEdit-32
   {b5eedee0-c06e-11cf-8c56-444553540000}    = C:\Program Files\UltraEdit\ue32ctmn.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\VirusScan
   {cda2863e-2497-4c49-9b89-06840e070a87}    = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
   {5464D816-CF16-4784-B9F3-75C0DB52B499}    = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\Shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
   {7C9D5882-CB4A-4090-96C8-430BFE8B795B}    = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\VirusScan
   {cda2863e-2497-4c49-9b89-06840e070a87}    = C:\Program Files\Network Associates\VirusScan\shext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\Shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\VirusScan
   {cda2863e-2497-4c49-9b89-06840e070a87}    = C:\Program Files\Network Associates\VirusScan\shext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\Shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\Shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\Shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\Shell32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}
   HelperObject Class = C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
   Yahoo! Companion BHO = C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
   AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A3A071E-F913-4eee-AE15-AEFFA16FB6BC}
   Popup Killer = C:\PROGRA~1\Webroot\POP-UP~1\VAPopupKiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
   &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}    = SnagIt   : C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
   {EF99BD32-C1FB-11D2-892F-0090271D4F88}    = &Yahoo! Companion   : C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : C:\WINDOWS\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
   MenuText    = Sun Java Console   : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
   ButtonText    = Messenger   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
   ButtonText    = Research   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
   ButtonText    = AIM   : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
   ButtonText    = Messenger   : C:\Program Files\Messenger\MSMSGS.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
   Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
   &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
   File Search Explorer Band = %SystemRoot%\system32\Shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
   History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
   Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\Shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32

Amandalism · « **Reply #8 on:** September 24, 2005, 09:26:05 AM »

trackqoo

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\""
"CamMonitor"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\\\Unload\\hpqcmon.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"EPSON Stylus Photo R320 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9FA.EXE /P30 \"EPSON Stylus Photo R320 Series\" /O6 \"USB001\" /M \"Stylus Photo R320\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

Subkey --- mmtskxxm
{ddd2e9d4-64b8-4e8d-b8f8-cf746ec4bbca}
C:\WINDOWS\System32\iiqgv.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\Shell32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\Shell32.dll

Subkey --- UltraEdit-32
{b5eedee0-c06e-11cf-8c56-444553540000}
C:\Program Files\UltraEdit\ue32ctmn.dll

Subkey --- VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87}
C:\Program Files\Network Associates\VirusScan\shext.dll

Subkey --- Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499}
C:\PROGRA~1\Yahoo!\Common\ymmapi.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\Shell32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers

Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\Shell32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\Shell32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\Shell32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\Shell32.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Gamma Loader.exe.lnk
Adobe Gamma Loader.lnk
D-Link AirPlus G Configuration Utility.lnk
desktop.ini
SnagIt 7.lnk
TabUserW.exe.lnk
==============================
C:\Documents and Settings\Mannie\Start Menu\Programs\Startup

Adobe Gamma Loader.exe.lnk
Adobe Gamma Loader.lnk
D-Link AirPlus G Configuration Utility.lnk
desktop.ini
SnagIt 7.lnk
TabUserW.exe.lnk
desktop.ini
==============================
C:\WINDOWS\system32 cpl files

access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
pentablet.cpl Wacom Technology, Corp.
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation

Amandalism · « **Reply #9 on:** September 24, 2005, 06:22:33 PM »

Find Qoologic last edited 9/02/2005
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
some examples are MRT.EXE NTDLL.DLL.
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»

(fstarts by IMM - test ver. 0.001) NOT using address check -- 0x77f75fae

Global Startup:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
.
..
Adobe Gamma Loader.exe.lnk
Adobe Gamma Loader.lnk
D-Link AirPlus G Configuration Utility.lnk
desktop.ini
SnagIt 7.lnk
TabUserW.exe.lnk

User Startup:
C:\Documents and Settings\Mannie\Start Menu\Programs\Startup
.
..
desktop.ini

»»»»» Search by size and name...
»»»»» Files found by this method are not necessarily bad...
»»»»» Example PNGFILT.DLL ctl3d32.dll are windows files...

guestolo · « **Reply #10 on:** September 24, 2005, 08:23:57 PM »

Sorry for the delay, and thanks for all the logs
Did you install Windows CleanUp!

Can you do the following please
I want to check one file
We still have to clean some registry entries also

But let's do this first

Can you go to this link
Give this site time to load
Jotti's Online Malware scan

Use the browse button and navigate to this file on your hard drive
C:\WINDOWS\mmhrv.dll <-this file

Right click on it and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please

Amandalism · « **Reply #11 on:** September 25, 2005, 07:40:06 PM »

Wow, I'm sorry. I installed Cleanup! but I forgot where I put it. It was in My Documents. Sorry about that. Here's the log for the cleanup:

CleanUp! started on 09/25/05 20:33:00.
...
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aim39.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aim3A.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aim3B.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aim5C.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aim5D.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aim63.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aim9D.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aimA94.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aimA95.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aimA97.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aimA99.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aimA9B.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aimA9D.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aimA9F.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aimAA0.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aimAA1.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aimAA2.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aimC6.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aimD2.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\FunSizeMandalBar\urlcache\aimD3.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\midgetgidgeh\urlcache\aim178.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aim190.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aim2.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aim3.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aim35.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aim36.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aim6D.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aimA4.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aimA5.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aimA6.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aimA8.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aimA9.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aimBD.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aimBE.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aimD8.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aimDC.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aimDE.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aimE0.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aimE2.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aimE5.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aimE7.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Aim\ugszywrd\SummerDreams2007\urlcache\aimE9.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Microsoft\Address Book\Mannie.wa~ - deleted
C:\Documents and Settings\Mannie\Application Data\Microsoft\Office\fbcDDB.tmp - deleted
C:\Documents and Settings\Mannie\Application Data\Microsoft\Office\Recent\~$aughterhouse-Five.doc.LNK - deleted
C:\Documents and Settings\Mannie\Application Data\Microsoft\Office\Recent\index.dat - deleted
C:\Documents and Settings\Mannie\Application Data\Microsoft\Templates\~$Normal.dot - deleted
C:\Documents and Settings\Mannie\Application Data\Mozilla\Firefox\Profiles\yvuac7ul.default\bookmarks.bak - deleted
C:\Documents and Settings\Mannie\Application Data\Webroot\Spy Sweeper\Data\alwayskr.tmp - deleted
C:\Documents and Settings\Mannie\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Mannie\Favorites\Sims 2\~ helaene ~.url - deleted
C:\Documents and Settings\Mannie\Incomplete\downloads.bak - deleted
C:\Documents and Settings\Mannie\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Mannie\Local Settings\History\History.IE5\MSHist012005092520050926\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Mannie\Local Settings\Temp\~DF68A4.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Mannie\Local Settings\Temp\~DF834B.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Mannie\Local Settings\Temp\~DF90D.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Mannie\Local Settings\Temp\~PST1384.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Mannie\Local Settings\Temp\~DF68A4.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Mannie\Local Settings\Temp\~DF834B.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Mannie\Local Settings\Temp\~DF90D.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Mannie\Local Settings\Temp\~PST1384.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Mannie\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Mannie\My Documents\Mannie's Goodies\School\04-05\English\~$nalexamessay.doc - deleted
C:\Documents and Settings\Mannie\My Documents\Mannie's Goodies\School\04-05\history\~$devalstuff.doc - deleted
C:\Documents and Settings\Mannie\My Documents\Mannie's Goodies\School\04-05\history\~WRD0603.tmp - deleted
C:\Documents and Settings\Mannie\My Documents\My Music\License Backup\drmv1key.bak - deleted
C:\Documents and Settings\Mannie\My Documents\My Music\License Backup\drmv1lic.bak - deleted
C:\Documents and Settings\Mannie\My Documents\My Music\License Backup\drmv2key.bak - deleted
C:\Documents and Settings\Mannie\My Documents\My Music\License Backup\drmv2lic.bak - deleted
C:\Documents and Settings\Mannie\UserData\index.dat - deleted
C:\Documents and Settings\Wheetie\Application Data\Aim\wlcvhuwr\LimeGreenCows525\urlcache\aim4.tmp - deleted
C:\Documents and Settings\Wheetie\Application Data\Microsoft\Office\fbc7.tmp - deleted
C:\Documents and Settings\Wheetie\Application Data\Microsoft\Office\Recent\index.dat - deleted
C:\Program Files\eMule\downloads.bak - deleted
C:\Program Files\eMule\config\clients.met.bak - deleted
C:\Program Files\eMule\config\eMule Light.tmpl - deleted
C:\Program Files\eMule\config\eMule.tmpl - deleted
C:\Program Files\ewido\security suite\Quarantine\fil10.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil11.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil12.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil13.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil14.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil15.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil16.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil17.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil18.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil19.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil1A.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil1B.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil1C.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil1D.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil1E.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil1F.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil20.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil21.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil22.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil23.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil24.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil25.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil26.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil27.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil28.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil29.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil6.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil7.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil8.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil9.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\filA.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\filB.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\filC.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\filD.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\filE.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\filF.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\reg1.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\reg2.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\reg3.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\reg4.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\reg5.tmp - deleted
C:\Program Files\TechSmith\SnagIt 7\~$agIt Add-in.dot - deleted
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\downloads.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\eMule_Chicane.tmpl - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\eMule.tmpl - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\config\clients.met.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\Temp\001.part.met.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\Temp\002.part.met.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\Temp\003.part.met.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\Temp\004.part.met.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\Temp\005.part.met.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\Temp\006.part.met.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\Temp\007.part.met.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\Temp\008.part.met.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\Temp\009.part.met.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\Temp\010.part.met.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\Temp\011.part.met.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\Temp\012.part.met.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\Temp\013.part.met.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\Temp\014.part.met.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc19\Temp\016.part.met.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc20.46a\downloads.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc20.46a\eMule Light.tmpl - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc20.46a\eMule.tmpl - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc52\downloads.bak - deleted
C:\RECYCLER\S-1-5-21-606747145-616249376-725345543-1003\Dc52\config\clients.met.bak - deleted
C:\WINDOWS\SIERRA.IN~ - deleted
C:\WINDOWS\Active Setup Log.BAK - deleted
C:\WINDOWS\EPSTPLOG.BAK - deleted
C:\WINDOWS\imsins.BAK - deleted
C:\WINDOWS\Debug\UserMode\userenv.bak - deleted
C:\WINDOWS\Help\wmplayer.bak - deleted
C:\WINDOWS\inf\mplayer2.bak - deleted
C:\WINDOWS\LastGood\active setup log.bak - deleted
C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1033.dat.bak - deleted
C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\index.dat - deleted
C:\WINDOWS\Prefetch\~E5.0001-203947B4.pf - deleted
C:\WINDOWS\Resources\Themes\Luna\luna.msstyles - deleted
C:\WINDOWS\security\edb.chk - deleted
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk - deleted
C:\WINDOWS\system32\CONFIG.TMP - deleted
C:\WINDOWS\system32\setb7.tmp - deleted
C:\WINDOWS\system32\CatRoot2\edb.chk - deleted
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012004122320041224\index.dat - deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\system32\usmt\migwiz.exe.manifest - deleted
C:\WINDOWS\Temp\CS035AC0D5-8F3C-4582-AE65-F046E77C7511.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS05C3BDBF-FB17-47F7-904D-6AEAE676F8F1.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS080F3484-3AA0-456C-96ED-B2019B124F72.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS0A509B34-7852-4251-9AE1-654A3D478C09.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS0B954230-6174-4BEC-AED4-79B24798C6FD.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS0BC4CBD4-4D67-4FDF-BAC8-B4E5A88E2CC9.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS0C10E32A-3556-4751-88EF-79257F450A05.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS0D320911-5841-4D42-A1E7-92D0A4CAD48C.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS0D4A9AF2-0151-43A6-95C3-0BE36364FFD1.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS0E043CAC-85B8-4510-BB9B-4594F3B87E49.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS0E25AB35-07F4-42E5-89B5-5C4C88FD93A4.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS0EAC13A9-ABCC-4608-9C00-D36B9035BA7A.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS1E0C203D-9BB8-4C3E-ACE2-83A0E3F9000B.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS1F9AA2A7-ECA8-48EA-B08F-4097ED24AB5A.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS267B78E5-4AEF-4E6F-A958-7055BFB5D3A4.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS29DB4E0E-B92B-4D88-94E1-32A12BEE8AAB.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS2AC52C34-368E-46FD-A4E6-36C497B8C4D7.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS2FAAE743-A75B-46A6-A592-E468A6197533.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS308EC2A4-1335-4737-9DEF-1A08AB919290.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS3313C13A-62EA-486B-904E-5A35B048ACA0.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS342975D8-35A3-4D8F-86C4-52279EA388FA.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS36633C88-616D-4DF8-8869-9581F2AF18A7.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS36A6D9D5-4C16-40BD-AFFC-7E6FFE583562.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS3DBAE875-B383-4459-AB42-D607A8806E45.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS43DDA5B0-1625-442C-B5F9-7599960C1C92.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS4853EEF6-57F5-46D8-8954-67DD7D624543.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS491955D5-7F99-4F4C-AC00-E65201E783AA.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS4A3AE243-C4B6-4400-AEE8-4E0006F4FFAB.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS4C5B2141-6D8E-4C9F-8130-2962797BB247.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS4C7060A5-3757-42FB-94D6-5A26516C5667.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS515EC0F5-2737-46CE-A3F4-9CD79E4C6F22.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS5CE8BCE6-81A6-4416-9EFE-423A6DF81040.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS5DE068A0-4ECA-4506-8665-CD5239638559.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS6197C322-8948-45FA-A888-4C767E15A6EB.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS623A31C7-5B99-401B-BA35-F0F6E3C0E667.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS63365DE5-FD08-4E27-BBC3-0181C6713C42.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS638F756D-27B0-44C1-8AC7-989E0F4D09C7.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS63C25028-6583-4E2A-A11A-B455C4C772B2.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS68FEDB70-C9D3-4A8D-8772-56AD2F5E0926.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS6C1F06A7-0257-4066-A8A9-B04AEF73AB0F.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS6DB50E08-5DC5-4EB7-BD74-8F1905F9BC22.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS7413C477-BF75-45C9-9C3B-74B3973C2CC2.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS769122B9-971A-451F-9BE6-EBE6F2AE1BFC.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS76EA69D2-9DD6-4935-983A-4C8B309408F0.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS77906CA9-DEE2-42F5-8693-C8B2F2482226.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS78EE3D51-5E54-4F10-BD73-1284EB8E3074.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS825B2C3A-90E1-47D1-8E9D-BCA41085FD30.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS8812E2E5-5FA9-4DB2-B8DC-847B091226D5.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS888AC74F-23A2-4C1D-8EAE-1CBE7A7CD471.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS88B0ECA8-5CF8-4546-9457-0C68BF0380C2.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS88D06893-2992-4C8F-B39B-0A47D63D2833.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS8B90AED4-C9F2-4EBA-A487-2297755B2EF2.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS8BF6C5B7-69A7-4599-8350-EC61C8701F6D.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS8C365C6B-60EC-47D1-A8A5-3987F619EDB5.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS8D1E03D8-0D95-40CB-9234-B092AD787441.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS94FD167A-C0F4-43CF-A0A5-89333AA5F42E.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS956665AD-320E-4B8F-BBC1-17DF9B45F036.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS96042A46-2776-4D4A-9F0B-EC109800735E.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS974DA459-EE23-46B0-B0A9-88FDBCEA3D70.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS9976E88F-C720-4EEA-986C-7C660076FE6F.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS99D988D0-E89F-4C33-8481-16EFC4603F33.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS9A6E863E-052B-430E-8E59-869D958F6D02.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS9B54D01F-080C-4135-BFF5-972E5642949C.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSA218B513-4581-4C2C-823E-78B3B4ECF9A0.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSA48BBF97-224A-45DA-AA16-95E90D2B1646.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSA4E2CF7E-3366-46A0-A8B7-300FF1A51D02.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSA521B2FF-78E9-40D9-8F5C-CF47FAA87E11.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSA943A220-5338-4F22-A1F5-2048FD440A71.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSAAB9784A-3251-4E3D-9CDF-EBCD2182B3BE.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSAC0861FE-7E2C-4CB9-BDE4-F3C09DB8621F.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSAE1764B6-E105-4AFE-9AF3-BE1BC0AAEECD.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSB9808B94-8B55-4222-AB6C-6C0613F9697D.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSBBB47D60-2C75-45A7-AA40-0BC3C5A8B5B5.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSBF93BADF-407F-4C4A-A982-559E92137EF3.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSC762ECE7-7A62-4925-8F1D-47E348D6477A.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSC789C59E-D0CF-4524-8449-F76A126561D0.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSC8450066-0DF5-4EA8-9C3E-11BD8FEF573A.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSC8A21316-FE8B-47AA-B2AB-3B26C00AB7E2.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSCBDD26A7-C7B1-42DC-AB25-4FC904A567A3.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSCD47680E-7DF7-4D4C-98FB-6CA727749E05.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSD3C23D5B-8CFA-465F-9BCE-4D37FF53EF1D.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSD4F3B482-0C2D-4DC4-8E07-79F1EA434F3A.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSD5F1804D-2880-4A16-8085-A2A5AE08CEC3.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSD663177E-7C7E-4DBC-9F22-760B92C39C9C.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSD6B48CC6-CDF9-4CB1-ACDF-A1139BCFA01D.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSD7EECD02-EB18-4E14-9E05-01A0C7688564.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSDAC17E93-AD1F-46B6-8843-AA16FDF833A5.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSDFBFB78A-579D-479A-92C5-386ED9416D3B.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSE0D19336-2D36-439B-910D-C759C1094435.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSE1340C33-CAF4-46EF-92BD-7B124F53D645.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSE9DDD09E-520B-43BA-A50D-79F76C3F9A37.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSEA263508-A0BF-4EF9-B828-5086B365E703.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSEB97C196-5875-4B35-AFDF-33ED55E759FE.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSEF6781BA-9E9B-44C4-B292-83790EE12B15.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSEF7BE48E-68F4-43F5-8A3C-C22E0AC3A566.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSF0253B6C-2564-4853-B1B0-E3CDB3202509.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSF693F30C-AECE-4FA7-B1FD-61D31524FE37.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSF88BE0AC-272F-41FC-974B-AA5CB076C876.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSFAEDDD9A-E104-4320-AB94-472A8B6EC19C.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSFB811C7A-9DE1-4A51-B6FD-DD62CDC815C7.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSFEC1831F-F525-4541-9ED7-652F73612D3A.tmp currently in use. Will be deleted when Windows is restarted.
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.0 recovered 3.68 GB of disk space from 23085 files. Wow! You really needed that.
CleanUp! finished on 09/25/05 20:39:15.

Amandalism · « **Reply #12 on:** September 25, 2005, 07:43:38 PM »

Here's the other log:

Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

I wasn't sure if this is what you wanted, and since they contridicted each other, I'll post this too:

Last file scanned at least one scanner reported something about: Uninst-eMusic-promotion.ex, detected by:

Scanner Malware name
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
Dr.Web X
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus Trojan-Downloader.Win32.IstBar.lu
NOD32 X
Norman Virus Control X
UNA X
VBA32 X

Sorry for my delays as well. It's been a busy week.

guestolo · « **Reply #13 on:** September 27, 2005, 08:26:49 PM »

Sorry for the delay

Can you do the following
I still don't trust that file, but let's stay on the side of caution

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

Navigate to this file on your drive
C:\WINDOWS\mmhrv.dll
Right click on mmhrv.dll and rename it too mmhrv.old

Afterwards, if the next file is found delete it
C:\WINDOWS\System32\iiqgv.dll

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop

Code: [Select]

REGEDIT4

[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mmtskxxm]

[-HKEY_CLASSES_ROOT\CLSID\{ddd2e9d4-64b8-4e8d-b8f8-cf746ec4bbca}]

Double click on fix.reg and allow to merge to the registry

Restart your computer

Back in Windows, can I see a fresh hijackthis log
Also, run TrackQoo run more time and post the contents of the text file that opens

Amandalism · « **Reply #14 on:** September 28, 2005, 07:10:27 PM »

Logfile of HijackThis v1.99.1
Scan saved at 8:07:59 PM, on 9/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\D-Link AirPlus G\AirPlus.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Mannie\My Documents\hijackthis\HijackThis.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\PROGRA~1\Webroot\POP-UP~1\VAPopupKiller.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpWasher] C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

Amandalism · « **Reply #15 on:** September 28, 2005, 07:11:25 PM »

and Trackqoo:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\""
"CamMonitor"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\\\Unload\\hpqcmon.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"EPSON Stylus Photo R320 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9FA.EXE /P30 \"EPSON Stylus Photo R320 Series\" /O6 \"USB001\" /M \"Stylus Photo R320\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\Shell32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\Shell32.dll

Subkey --- UltraEdit-32
{b5eedee0-c06e-11cf-8c56-444553540000}
C:\Program Files\UltraEdit\ue32ctmn.dll

Subkey --- VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87}
C:\Program Files\Network Associates\VirusScan\shext.dll

Subkey --- Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499}
C:\PROGRA~1\Yahoo!\Common\ymmapi.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\Shell32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers

Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\Shell32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\Shell32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\Shell32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\Shell32.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Gamma Loader.exe.lnk
Adobe Gamma Loader.lnk
D-Link AirPlus G Configuration Utility.lnk
desktop.ini
SnagIt 7.lnk
TabUserW.exe.lnk
==============================
C:\Documents and Settings\Mannie\Start Menu\Programs\Startup

Adobe Gamma Loader.exe.lnk
Adobe Gamma Loader.lnk
D-Link AirPlus G Configuration Utility.lnk
desktop.ini
SnagIt 7.lnk
TabUserW.exe.lnk
desktop.ini
==============================
C:\WINDOWS\system32 cpl files

access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
pentablet.cpl Wacom Technology, Corp.
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation

guestolo · « **Reply #16 on:** September 28, 2005, 09:08:25 PM »

You can go back and hide hidden files and folders
I recommend you leave Hide Extensions for known file types unchecked

If everything is running better, please do the following
You should disable system restore and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature

Once System Restore is reenabled

You should set up protection against future attacks
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"

You should also consider visiting windows updates and installing SP2 and all other latest High Priority updates

Amandalism · « **Reply #17 on:** September 29, 2005, 09:40:48 PM »

actually, it's not working still. IE still closes when a new linked window opens. I'm sorry to bother you with this.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #18 on:** September 29, 2005, 10:38:56 PM »

==Download and save WinPFind.zip
UNZIP the contents to your desktop
Don't run it yet

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation

Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
Click START SCAN
This could take some time as it will scan your drive
Close out after

Restart back to Normal mode

Post the results of the WindPFind.txt located in the WinPFind folder

Also Run a new scan with Hijackthis and post a fresh log

News:

Author Topic: IE Crashes each time it opens a new windo. Help!! (Read 3562 times)

Amanda

Amanda