Jump to content


Photo

Not sure what's wrong but told to talk to y'all


  • Please log in to reply
17 replies to this topic

#1 Jeff Murphy

Jeff Murphy

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 29 August 2006 - 10:50 PM

I read your forum FAQ and have spybot and Ad-aware on my comp. My computer has been sluggish lately, i had a whole bunch of popb-ups and warnings from my comp that it is infected. I gave my comp to my brother who said he got rid of alot of stuff but not all of it. What he told me was that one of the major issues was that he was unable to download windows updates. Just now when i went to turn on my computer, the blue screen of death came up. The technical info was this 0x0000007E (0x0804E2EA0, 0xF8CB3BEC, 0xF8CB38E8) I also ran hijackthis like your FAQ said and it is posted below. I also ran the ewido anti-spyware program that you recommended, the report is posted below the hijackthis report. I didn't perform any actions, i wanted to wait and let you guys tell me what to do. The kicker here is that i'm leaving for western Africa on September 14th and my computer is my only line of communication to my girlfriend and family. I know y'all are volunteers and i appreciate any help you can give me. Thank you, Jeff.

Logfile of HijackThis v1.99.1
Scan saved at 12:36:09 AM, on 8/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Jeff Murphy\Desktop\Jeff's Installs\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://runonce.msn.com
O15 - Trusted Zone: http://download.windowsupdate.com
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:28:22 AM 8/30/2006

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{874443fe-aa33-4ebf-a6ac-73208787e62d} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} -> Adware.Generic : No action taken.
HKU\S-1-5-21-3104543552-613944582-3230577033-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4} -> Adware.Generic : No action taken.
C:\Program Files\IntCodec -> Adware.IntCodec : No action taken.
C:\Program Files\IntCodec\ot.ico -> Adware.IntCodec : No action taken.
C:\Program Files\IntCodec\ts.ico -> Adware.IntCodec : No action taken.
HKLM\SYSTEM\ControlSet006\Services\Eventlog\System\gv3 -> Adware.SuperBar : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP404\A0118667.exe -> Downloader.Zlob.aco : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP404\A0118668.exe -> Downloader.Zlob.aco : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP410\A0121190.dll -> Downloader.Zlob.aeg : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP404\A0118642.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP404\A0118643.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP404\A0118653.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP404\A0118654.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118842.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118843.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118861.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118862.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118874.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118875.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118885.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118886.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118896.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118897.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118907.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118908.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118917.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118918.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118930.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118931.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118941.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118942.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118951.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118952.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118962.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118963.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118972.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118973.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118983.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118984.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118994.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118995.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119005.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119006.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119016.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119017.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119027.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119028.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119038.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119039.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119049.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119050.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119060.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119061.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120060.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120061.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120071.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120072.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120082.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120083.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120092.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120093.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120103.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120104.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120114.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120115.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120125.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120126.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120135.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120136.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120146.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120147.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0121146.dll -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0121147.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP409\A0121162.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP409\A0121164.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP409\A0121167.dll -> Downloader.Zlob.yt : No action taken.
C:\Documents and Settings\Jeff Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\fix.jar-2319d0a1-7fd7db81.zip/A.class -> Not-A-Virus.Exploit.Java.ByteVerify : No action taken.
C:\Documents and Settings\Jeff Murphy\Local Settings\Temp\tmp10.tmp -> Not-A-Virus.Hoax.Win32.Renos.dp : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP406\snapshot\MFEX-1.DAT -> Not-A-Virus.Hoax.Win32.Renos.dp : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP407\A0118759.dll -> Not-A-Virus.Hoax.Win32.Renos.dp : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP407\snapshot\MFEX-1.DAT -> Not-A-Virus.Hoax.Win32.Renos.dp : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020320.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020321.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020324.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020325.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020326.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020327.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020329.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020330.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020332.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020335.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020336.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020337.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020338.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020425.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020450.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020455.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020509.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020513.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020515.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020524.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020525.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020526.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020527.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020539.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020838.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020839.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020840.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020844.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020929.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020930.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020941.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00020948.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.10:C:\RECYCLER\NPROTECT\00021337.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020316.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020321.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020324.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020326.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020327.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020328.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020329.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020330.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020335.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020336.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020337.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020338.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020425.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020450.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020452.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020509.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020513.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020515.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020524.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020525.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020526.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020527.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020528.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020840.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020844.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020845.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020850.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020929.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\RECYCLER\NPROTECT\00020948.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020316.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020324.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020325.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020327.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020328.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020329.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020330.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020335.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020336.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020337.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020338.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020425.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020447.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020448.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020450.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020452.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020455.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020509.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020513.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020524.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020525.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020526.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020527.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020528.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020539.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020845.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\RECYCLER\NPROTECT\00020850.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020315.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020316.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020317.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020324.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020325.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020328.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020329.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020330.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020332.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020335.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020336.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020337.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020338.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020425.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020447.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020448.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020449.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020452.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020509.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020513.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020524.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020525.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020526.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020527.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020539.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020615.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020829.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00020929.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\RECYCLER\NPROTECT\00021341.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020316.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020325.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020328.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020329.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020330.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020332.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020335.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020336.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020337.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020338.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020447.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020448.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020449.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020452.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020509.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020513.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020523.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020524.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020525.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020527.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020539.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020829.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020858.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020859.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\RECYCLER\NPROTECT\00020942.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\RECYCLER\NPROTECT\00020316.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\RECYCLER\NPROTECT\00020325.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\RECYCLER\NPROTECT\00020328.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\RECYCLER\NPROTECT\00020332.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\RECYCLER\NPROTECT\00020447.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\RECYCLER\NPROTECT\00020448.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\RECYCLER\NPROTECT\00020449.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\RECYCLER\NPROTECT\00020455.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\RECYCLER\NPROTECT\00020510.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\RECYCLER\NPROTECT\00020514.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\RECYCLER\NPROTECT\00020523.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\RECYCLER\NPROTECT\00020528.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\RECYCLER\NPROTECT\00020539.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\RECYCLER\NPROTECT\00020858.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\RECYCLER\NPROTECT\00020859.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\RECYCLER\NPROTECT\00020942.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\RECYCLER\NPROTECT\00021355.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.16:C:\RECYCLER\NPROTECT\00020314.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.16:C:\RECYCLER\NPROTECT\00020328.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.16:C:\RECYCLER\NPROTECT\00020332.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.16:C:\RECYCLER\NPROTECT\00020425.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.16:C:\RECYCLER\NPROTECT\00020447.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.16:C:\RECYCLER\NPROTECT\00020448.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.16:C:\RECYCLER\NPROTECT\00020449.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.16:C:\RECYCLER\NPROTECT\00020514.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.16:C:\RECYCLER\NPROTECT\00020523.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.16:C:\RECYCLER\NPROTECT\00020528.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.16:C:\RECYCLER\NPROTECT\00020615.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.16:C:\RECYCLER\NPROTECT\00021355.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\RECYCLER\NPROTECT\00020310.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\RECYCLER\NPROTECT\00020311.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\RECYCLER\NPROTECT\00020312.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\RECYCLER\NPROTECT\00020313.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\RECYCLER\NPROTECT\00020314.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\RECYCLER\NPROTECT\00020319.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\RECYCLER\NPROTECT\00020332.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\RECYCLER\NPROTECT\00020425.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\RECYCLER\NPROTECT\00020442.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\RECYCLER\NPROTECT\00020449.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\RECYCLER\NPROTECT\00020514.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\RECYCLER\NPROTECT\00020523.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\RECYCLER\NPROTECT\00020528.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\RECYCLER\NPROTECT\00020539.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\RECYCLER\NPROTECT\00020615.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\RECYCLER\NPROTECT\00020942.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\RECYCLER\NPROTECT\00021341.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\RECYCLER\NPROTECT\00020310.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\RECYCLER\NPROTECT\00020311.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\RECYCLER\NPROTECT\00020312.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\RECYCLER\NPROTECT\00020313.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\RECYCLER\NPROTECT\00020314.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\RECYCLER\NPROTECT\00020319.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\RECYCLER\NPROTECT\00020320.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\RECYCLER\NPROTECT\00020333.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\RECYCLER\NPROTECT\00020334.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\RECYCLER\NPROTECT\00020442.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\RECYCLER\NPROTECT\00020448.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\RECYCLER\NPROTECT\00020510.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\RECYCLER\NPROTECT\00020528.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\RECYCLER\NPROTECT\00020615.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\RECYCLER\NPROTECT\00020942.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\RECYCLER\NPROTECT\00020987.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\RECYCLER\NPROTECT\00021354.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00020310.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00020311.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00020312.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00020313.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00020314.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00020319.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00020320.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00020333.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00020334.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00020442.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00020510.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00020615.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00020860.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00020987.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00020999.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00021227.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00021228.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\RECYCLER\NPROTECT\00021354.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020310.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020311.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020312.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020313.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020314.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020320.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020333.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020334.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020442.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020510.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020860.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020861.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020863.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020864.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020865.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020866.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020867.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020868.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020987.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00020999.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00021227.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00021228.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\RECYCLER\NPROTECT\00021229.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020310.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020311.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020312.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020313.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020333.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020510.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020615.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020861.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020863.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020864.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020865.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020866.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020867.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020868.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020870.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020871.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020873.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020874.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020876.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020877.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020878.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020987.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00020999.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00021227.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00021228.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00021229.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00021356.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\RECYCLER\NPROTECT\00021361.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020334.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020510.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020615.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020616.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020870.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020871.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020873.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020874.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020876.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020877.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020878.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020879.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020880.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020881.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020882.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020883.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020884.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020885.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020886.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020887.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020888.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020889.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020890.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020891.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020943.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00020999.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00021227.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00021228.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00021229.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00021356.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00021361.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00021362.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\RECYCLER\NPROTECT\00021369.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020333.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020334.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020442.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020879.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020880.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020881.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020882.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020883.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020884.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020885.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020886.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020887.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020888.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020889.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020890.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020891.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020892.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020943.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00020947.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00021229.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00021362.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\RECYCLER\NPROTECT\00021369.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.24:C:\RECYCLER\NPROTECT\00020333.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.24:C:\RECYCLER\NPROTECT\00020334.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.24:C:\RECYCLER\NPROTECT\00020442.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.24:C:\RECYCLER\NPROTECT\00020445.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.24:C:\RECYCLER\NPROTECT\00020616.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.24:C:\RECYCLER\NPROTECT\00020617.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.24:C:\RECYCLER\NPROTECT\00020892.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.24:C:\RECYCLER\NPROTECT\00020947.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.24:C:\RECYCLER\NPROTECT\00021381.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.25:C:\RECYCLER\NPROTECT\00020445.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.25:C:\RECYCLER\NPROTECT\00020616.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.25:C:\RECYCLER\NPROTECT\00020943.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.25:C:\RECYCLER\NPROTECT\00021231.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.25:C:\RECYCLER\NPROTECT\00021232.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.25:C:\RECYCLER\NPROTECT\00021234.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.25:C:\RECYCLER\NPROTECT\00021274.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.25:C:\RECYCLER\NPROTECT\00021355.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.25:C:\RECYCLER\NPROTECT\00021381.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\RECYCLER\NPROTECT\00020445.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\RECYCLER\NPROTECT\00020446.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\RECYCLER\NPROTECT\00020616.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\RECYCLER\NPROTECT\00020617.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\RECYCLER\NPROTECT\00020618.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\RECYCLER\NPROTECT\00020619.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\RECYCLER\NPROTECT\00020943.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\RECYCLER\NPROTECT\00020947.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\RECYCLER\NPROTECT\00021231.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\RECYCLER\NPROTECT\00021232.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\RECYCLER\NPROTECT\00021234.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\RECYCLER\NPROTECT\00021274.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\RECYCLER\NPROTECT\00021355.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\RECYCLER\NPROTECT\00020445.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\RECYCLER\NPROTECT\00020446.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\RECYCLER\NPROTECT\00020616.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\RECYCLER\NPROTECT\00020617.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\RECYCLER\NPROTECT\00020947.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\RECYCLER\NPROTECT\00021231.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\RECYCLER\NPROTECT\00021232.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\RECYCLER\NPROTECT\00021234.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\RECYCLER\NPROTECT\00021274.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.28:C:\RECYCLER\NPROTECT\00020446.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.28:C:\RECYCLER\NPROTECT\00020617.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.28:C:\RECYCLER\NPROTECT\00020618.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.28:C:\RECYCLER\NPROTECT\00020619.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.28:C:\RECYCLER\NPROTECT\00021231.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.28:C:\RECYCLER\NPROTECT\00021232.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.28:C:\RECYCLER\NPROTECT\00021234.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.28:C:\RECYCLER\NPROTECT\00021274.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.28:C:\RECYCLER\NPROTECT\00021275.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\RECYCLER\NPROTECT\00020446.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\RECYCLER\NPROTECT\00020616.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\RECYCLER\NPROTECT\00020617.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\RECYCLER\NPROTECT\00020618.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\RECYCLER\NPROTECT\00020619.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\RECYCLER\NPROTECT\00021275.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.30:C:\RECYCLER\NPROTECT\00020445.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.30:C:\RECYCLER\NPROTECT\00020616.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.30:C:\RECYCLER\NPROTECT\00020618.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.30:C:\RECYCLER\NPROTECT\00020619.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.30:C:\RECYCLER\NPROTECT\00020904.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.30:C:\RECYCLER\NPROTECT\00020905.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.30:C:\RECYCLER\NPROTECT\00021275.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.31:C:\RECYCLER\NPROTECT\00020445.MOZ -> TrackingCookie.2o7 : No action taken.
:mozilla.31:C:\RECYCLER

Edited by Jeff Murphy, 29 August 2006 - 11:31 PM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 01 September 2006 - 05:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 Scorpex

Scorpex

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,386 posts

Posted 02 September 2006 - 04:34 PM

Hi Jeff – Welcome to SpywareInfo,

Sorry for the delayed response. The volunteers here are swamped and unfortunately not all logs get answered as quickly as we'd like.


Please download SmitfraudFix (by S!Ri)
Right click the SmitfraudFix.zip and select ‘Extract all” - Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the extracted SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm


Post a new HijackThis log and the list of infected files found by SmitfraudFix


Scorpex

#4 Jeff Murphy

Jeff Murphy

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 05 September 2006 - 07:14 AM

Should i delete the bad files found by ewido anti-virus now or wait for you all to tell me to do that?

SmitFraudFix report

SmitFraudFix v2.83

Scan done at 9:06:47.41, Tue 09/05/2006
Run from C:\Documents and Settings\Jeff Murphy\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeff Murphy\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\IntCodec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

This is the HijackThis Report

Logfile of HijackThis v1.99.1
Scan saved at 9:13:11 AM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jeff Murphy\Desktop\Jeff's Installs\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://runonce.msn.com
O15 - Trusted Zone: http://download.windowsupdate.com
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Thank You for Your Help
Jeff

#5 Scorpex

Scorpex

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,386 posts

Posted 06 September 2006 - 03:12 AM

Hi Jeff,


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the offline installer from HERE.
    • Accept the License Agreement
    • Select "Windows Offline Installation, Multi-language".
    • Save the file to your Desktop.
  • Next, uninstall your currently installed version from Add or Remove Programs.
  • If you have older versions listed uninstall them also. If you simply update to the new version,
    it leaves the older version(s) still installed, complete with previous vulnerabilities.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 2
  • Restart your system.
  • Install the new version by double-clicking on the file you downloaded.

There are entries in your HijackThis log that are related to ViewPoint
Viewpoint Manager is considered as foistware instead of malware since it is installed without user’s approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player


Many of the files in your Ewido report were files in your Norton Protected Recycle Bin
Right click on your Recycle Bin (may be called Norton Protected Recycle Bin or whatever name you chose if you installed that option with your Symantec software), select Empty Recycle Bin, and click Yes.

If you installed the Norton Protected Recycle Bin when you installed your Symantec software, Right click on your Norton Protected Recycle Bin again, and click Empty Norton Protected Files, and select Purge All.



Please disable your Windows Defender Real-time Protection as it may interfere with the changes that we need to make.

Disable Windows Defender by doing the following:
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.


Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".


The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt


Ewido Scan
  • Open Ewido - Click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Post a new HijackThis log, the Ewido report, and the SmitfraudFix log.

Let us know how things are going

Scorpex

#6 Jeff Murphy

Jeff Murphy

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 07 September 2006 - 06:11 PM

So i did all that stuff that you said to do. The only problems i had was that i was unable to find my norton protected recycling bin. I did a search for it to no avail and i looked around the norton folders i have with no luck either. The other problem was with the viewpoint thing. I went to the add/remove programs list and it wasn't there. Any ideas on where else to look? I've noticed that since i got all of this anti-spyware stuff my computer is running MUCH slower than it was before. I currently have on my computer ad-aware, spybot, ewido, zone alarm firewall, windows defender, norton, hijackthis, and avg. Could those be slowing my comp down? I notice it in particular when i go to play games online or from the cd. My comp has also been freezing more in the last two or three days. Posted below are the ewido log, the hijackthis log and the smitfraudfix log

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:24:15 PM 9/7/2006

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
HKU\S-1-5-21-3104543552-613944582-3230577033-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SYSTEM\ControlSet006\Services\Eventlog\System\gv3 -> Adware.SuperBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP410\A0121190.dll -> Downloader.Zlob.aeg : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118842.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118843.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118861.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118862.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118874.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118875.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118885.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118886.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118896.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118897.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118907.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118908.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118917.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118918.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118930.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118931.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118941.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118942.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118951.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118952.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118962.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118963.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118972.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118973.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118983.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118984.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118994.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0118995.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119005.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119006.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119016.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119017.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119027.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119028.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119038.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119039.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119049.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119050.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119060.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0119061.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120060.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120061.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120071.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120072.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120082.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120083.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120092.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120093.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120103.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120104.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120114.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120115.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120125.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120126.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120135.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120136.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120146.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0120147.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0121146.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP408\A0121147.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP409\A0121162.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP409\A0121164.exe -> Downloader.Zlob.yt : Error during cleaning.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP409\A0121167.dll -> Downloader.Zlob.yt : Error during cleaning.
C:\Documents and Settings\Jeff Murphy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\fix.jar-2319d0a1-7fd7db81.zip/A.class -> Not-A-Virus.Exploit.Java.ByteVerify : Ignored.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 8:09:31 PM, on 9/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jeff Murphy\Desktop\Jeff's Installs\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://runonce.msn.com
O15 - Trusted Zone: http://download.windowsupdate.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe


SmitFraudFix v2.83

Scan done at 20:10:41.60, Thu 09/07/2006
Run from C:\Documents and Settings\Jeff Murphy\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeff Murphy\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEFFMU~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Thank you so much for your help,
Jeff

#7 Scorpex

Scorpex

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,386 posts

Posted 08 September 2006 - 11:23 AM

Hi Jeff,

Norton protected recycling bin – My main reason for emptying this was to cut down on the size of the Ewido log. I noticed the new Ewido report didn’t show the files.

Viewpoint – There are a couple entries in your HijackThis log that refer to Viewpoint. I wasn’t sure if it was still on your system but figured I’d have you check Add/Remove programs. We’ll remove them with HijackThis below.


I've noticed that since i got all of this anti-spyware stuff my computer is running MUCH slower than it was before


ad-aware, spybot, avg, hijackthis – The way you have these set up, these shouldn’t be using any system resources unless you actually run them. Just disk space

Set up Ewido as a stand-alone scanner
Open Ewido Anti-Spyware
- The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'

Right click on Ewido in the system tray and uncheck "Start with Windows".

Next go to Start > Run and type: services.msc
* Press "OK".
* Click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard.
* When you find the guard service, double-click on it.
* In the Properties Window > General Tab that opens, click the "Stop" button.
* From the drop-down menu next to "Startup Type", click on "Manual".
* Now click "Apply", then "OK" and close the Services window.


Please run HijackThis and click "Do a system scan only" Place checks next to the following entries:

O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

If you or an Administrator did not set these next 2 put a check next to them.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present



Close all browser and other windows except for HijackThis, and click "Fix Checked".


Delete the follow folder if present:
C:\Program Files\Viewpoint


Let me know how things are going


Scorpex

#8 Jeff Murphy

Jeff Murphy

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 13 September 2006 - 11:57 AM

So i did what you said at least twice now. The first time things didn't go nearly as smoothly as they did just now. Before i was unable to hit stop in the ewido tab, but i did everything else. I've run hijackthis twice and the first time it didn't seem like anything happened. After i hit fix checked, a new window popped up and it was empty. I went to run hijackthis just now but was only able to find one of the items that you mentioned and tha was the second "06" you listed. I guess that's a good thing. My computer is still running slowly and is having trouble when left on in hibernate or standby mode. Also, the last time i replied to you, when i closed out of firefox i saw a pop-up on my desktop. I havne't seen any since, but i thought i should mention it. I notice how slow my computer is running especially whne igo to play games either from a cd-rom or on internet servers. I usually have a very high ping and there is alot of lag. That is if i can connect at all to these servers. I would really love it if i could get my computer back to what it was before the viruses took over my comp.

Thank You For all Your Help Scorpex!
Jeff Murphy

#9 Scorpex

Scorpex

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,386 posts

Posted 15 September 2006 - 12:31 AM

Hi Jeff,

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Also, please download(save) SilentRunners from here: http://www.silentrun...ent Runners.zip
Unzip it to the desktop and double-click on it.
If you get any kind of warning message about scripts, please choose to allow the script to run.
When the “do you want to skip supplemental searches’ box comes up – Click NO.
When the scan is finished, a message will pop up and a logfile will have been created on the desktop.
Please post the entire contents of this logfile for me to see.

Hopefully this will reveal anything that may be lurking in the background.

Scorpex

#10 Jeff Murphy

Jeff Murphy

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 17 September 2006 - 01:12 PM

Hey Scorpex,
Finally in Africa. Posts may be more sporadic now. Did what you said. Here is the combofix report:

Jeff Murphy - 06-09-17 14:49:54.46 Service Pack 2
ComboFix 06.09.14 - Running from: C:\Documents and Settings\Jeff Murphy\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-08-17 to 2006-09-17 ))))))))))))))))))))))))))))))))))


2006-09-05 09:06 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2006-09-05 09:06 40,960 --a------ C:\WINDOWS\SYSTEM32\swsc.exe
2006-09-05 09:06 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2006-09-05 09:06 135,168 --a------ C:\WINDOWS\SYSTEM32\swreg.exe
2006-09-02 17:44 91,904 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2006-08-28 03:36 121,856 --------- C:\WINDOWS\SYSTEM32\xmllite.dll
2006-08-27 21:23 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2006-08-23 00:31 50,688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-08-23 00:31 5,906,432 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-08-23 00:31 457,728 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-08-23 00:31 175,616 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-08-23 00:18 206,336 --------- C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
2006-08-23 00:13 11,776 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-08-23 00:11 12,288 --------- C:\WINDOWS\SYSTEM32\msfeedssync.exe
2006-08-23 00:10 61,440 --------- C:\WINDOWS\SYSTEM32\icardie.dll
2006-08-23 00:09 262,656 --------- C:\WINDOWS\SYSTEM32\iertutil.dll
2006-08-22 23:36 380,928 --------- C:\WINDOWS\SYSTEM32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-17 14:41 -------- d-------- C:\Documents and Settings\Jeff Murphy\Application Data\Skype
2006-09-17 14:08 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-17 13:01 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-17 13:01 -------- d-------- C:\Program Files\Common Files
2006-09-09 15:31 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-06 19:00 -------- d-------- C:\Program Files\Java
2006-09-06 18:59 -------- d-------- C:\Program Files\Common Files\Java
2006-09-02 20:16 -------- d-------- C:\Program Files\Norton AntiVirus
2006-09-02 18:04 -------- d-------- C:\Program Files\Symantec
2006-09-02 17:51 -------- d-------- C:\Program Files\SymNetDrv
2006-09-02 14:54 -------- d-------- C:\Program Files\Zone Labs
2006-08-28 08:17 -------- d-------- C:\Program Files\Windows Defender
2006-08-28 08:17 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-28 03:42 -------- d-------- C:\Program Files\Internet Explorer
2006-08-23 00:31 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-08-23 00:31 225792 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-08-23 00:31 152064 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-08-23 00:18 78336 --a------ C:\WINDOWS\SYSTEM32\ieencode.dll
2006-08-23 00:17 40448 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-08-23 00:17 105472 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-08-23 00:17 100352 --a------ C:\WINDOWS\SYSTEM32\occache.dll
2006-08-23 00:16 16896 --a------ C:\WINDOWS\SYSTEM32\corpol.dll
2006-08-23 00:14 378368 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-08-23 00:14 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-08-23 00:13 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-08-23 00:13 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-08-23 00:13 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-08-23 00:13 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-08-23 00:13 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-08-23 00:13 122880 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-08-23 00:10 35328 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-08-23 00:07 45568 --a------ C:\WINDOWS\SYSTEM32\mshta.exe
2006-08-22 23:37 48128 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-08-22 23:30 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-08-21 08:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-21 05:14 128896 --------- C:\WINDOWS\SYSTEM32\DRIVERS\fltmgr.sys
2006-08-12 11:47 -------- d-------- C:\Program Files\Google
2006-08-10 19:46 22752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2006-08-04 17:25 -------- d-------- C:\Program Files\BearShare
2006-07-27 09:24 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-07-26 19:00 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-07-26 19:00 -------- d-------- C:\Program Files\QuickTime
2006-07-26 18:58 -------- d-------- C:\Program Files\iTunes
2006-07-26 18:58 -------- d-------- C:\Program Files\iPod
2006-07-23 15:29 -------- d-------- C:\Program Files\Common Files\xing shared
2006-07-23 15:29 -------- d-------- C:\Program Files\Common Files\Real
2006-07-21 04:24 72704 --a------ C:\WINDOWS\SYSTEM32\hlink.dll
2006-06-29 08:05 26112 --------- C:\WINDOWS\SYSTEM32\idndl.dll
2006-06-29 08:05 23552 --------- C:\WINDOWS\SYSTEM32\normaliz.dll
2006-06-28 17:59 24576 --------- C:\WINDOWS\SYSTEM32\nlsdl.dll
2006-06-22 01:06 69120 --a------ C:\WINDOWS\SYSTEM32\ciodm.dll
2006-06-22 01:06 1435648 --a------ C:\WINDOWS\SYSTEM32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="\"C:\\Program Files\\Creative\\Shared Files\\CamTray.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Program Files\\skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell AIO Printer A920"="\"C:\\Program Files\\Dell AIO Printer A920\\dlbkbmgr.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000b5

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Digital Line Detect.lnk"
"backup"="C:\\WINDOWS\\pss\\Digital Line Detect.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\DIGITA~1\\DLG.exe "
"item"="Digital Line Detect"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AcctMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AcctMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Norton SystemWorks\\Password Manager\\AcctMgr.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Apoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Apoint"
"hkey"="HKLM"
"command"="C:\\Program Files\\Apoint\\Apoint.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AS00_Gear511]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Gear511"
"hkey"="HKLM"
"command"="C:\\Program Files\\NETGEAR\\WG511SCU\\Utility\\Gear511.exe -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ATIModeChange]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ati2mdxx"
"hkey"="HKLM"
"command"="Ati2mdxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\bascstray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BascsTray"
"hkey"="HKLM"
"command"="BascsTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Dell AIO Printer A920]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dlbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Dell AIO Printer A920\\dlbkbmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Dell QuickSet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="quickset"
"hkey"="HKLM"
"command"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DVDSentry]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DSentry"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\DSentry.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\GhostStartTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostStartTrayApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\GhostStartTrayApp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Logitech Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logi_MwX"
"hkey"="HKLM"
"command"="Logi_MwX.Exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"WLTRYSVC"=dword:00000002
"LexBceS"=dword:00000002
"iPodService"=dword:00000003
"IDriverT"=dword:00000003
"BAsfIpM"=dword:00000002
"Ati HotKey Poller"=dword:00000002
"NICCONFIGSVC"=dword:00000002


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Sun 09/17/2006 14:51:20.52
ComboFix.txt

Here is the Silent Runners report:

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Creative WebCam Tray" = ""C:\Program Files\Creative\Shared Files\CamTray.exe"" ["Creative Technology Ltd"]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Skype" = ""C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Dell AIO Printer A920" = ""C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"" ["Dell Computer Corporation"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ["Symantec Corporation"]
"ccRegVfy" = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll" ["Sun Microsystems, Inc."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {HKLM...CLSID} = "CNavExtBho Class"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WINDOW~4\MpShHook.dll" [MS]
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\scrnsave.scr" [MS]


DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------

C:\Documents and Settings\Jeff Murphy\Cookies\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Jeff Murphy\Local Settings\Application Data\Microsoft\Feeds Cache\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Jeff Murphy\Local Settings\Application Data\Microsoft\Feeds Cache\0MSU8FG5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Jeff Murphy\Local Settings\Application Data\Microsoft\Feeds Cache\QGX643CM\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Jeff Murphy\Local Settings\Application Data\Microsoft\Feeds Cache\VVC5AS19\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Jeff Murphy\Local Settings\Application Data\Microsoft\Feeds Cache\XRRKK2MR\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Jeff Murphy\Local Settings\History\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Jeff Murphy\Local Settings\History\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Jeff Murphy\Local Settings\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Jeff Murphy\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\LocalService\Local Settings\History\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\NetworkService\Local Settings\History\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\30F2OYVV\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4L4W626A\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G2W4KYAJ\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJ0FY75M\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


Startup items in "Jeff Murphy" & "All Users" startup folders:
-------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
INFECTION WARNING! "Adobe Reader Speed Launch.lnk.disabled" [null data]


Enabled Scheduled Tasks:
------------------------

"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
"Spybot - Search & Destroy - Scheduled Task" -> launches: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK /AUTOFIX" ["Safer Networking Limited"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_08"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll" ["Sun Microsystems, Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Windows Defender Service, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 41 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 7 seconds.
---------- (total run time: 78 seconds)

Thanks alot scorpex,
Jeff Murphy

#11 Scorpex

Scorpex

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,386 posts

Posted 20 September 2006 - 01:41 AM

Hi Jeff,

Didn’t see anything obvious in those logs

One of your logs shows that you have disabled some startup programs/services using MSConfig.
I suggest you re-enable all device drivers and services for the time being.

Click on Start -> Run -> type in MSCONFIG -> then click OK!
Under the "General" Tab, make sure "Normal Startup-load all device drivers and services" has a green tick by it
Click Apply->Close. A System Configuration box will pop up.
Click Apply->Close
Follow the Prompts to Restart


Click on Start -> Run -> type in eventvwr -> then click OK
Look for Errors in Applications, System, etc
If you find errors, double click them. The Event Properties window will come up. On the right-hand side you‘ll see an up arrow and a down arrow. The button below them will copy the error description to the clipboard (makes it easy to copy/paste)


Download Rootkit Revealer
  • Unzip it to your desktop.
  • Open the RootkitRevealer folder and double-click RootkitRevealer.exe
  • Click the Scan button (bottom right)
  • It may take a while to scan (don't do anything while it's running)
  • When it's done, go to File > Save. Choose to save the log to C:\
  • Open rootkitreveal.txt in C:\ and copy the entire contents and paste them here
Please don't surf or do anything else during the scan with RootkitRevealer, or it may interfere with the results and show legitimate entries.


Download F-Secure BlackLight
  • Save BlackLight to your desktop.
  • Double-click blbeta.exe then accept the agreement.
  • Click > Scan then > Next
  • After the scan you'll see a list of all items found. Please click Next and exit. Don't choose to rename anything yet! I want to see the log first, because legitimate items can also be present there.
  • There will be a log on your desktop with the name fsbl.xxxxxxx.log (where the xxxxxxx are numbers)

Post the recent errors, the contents of c:\rootkitreveal.txt, and the Blacklight log in your next reply.


Scorpex

#12 Scorpex

Scorpex

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,386 posts

Posted 12 October 2006 - 11:49 AM

Due to the lack of feedback this Topic is closed.

Reopened.

Edited by jedi, 13 October 2006 - 10:04 AM.


#13 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Retired Staff
  • PipPipPipPipPip
  • 15,830 posts

Posted 13 October 2006 - 10:04 AM

Reopened at request of topic owner.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#14 Scorpex

Scorpex

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,386 posts

Posted 13 October 2006 - 03:31 PM

Hi Jeff,

I was notified that this topic was reopened. Post whenever you’re ready – No rush

Scorpex

#15 Jeff Murphy

Jeff Murphy

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 02 November 2006 - 07:47 AM

hey scorpex,
Now that my field work is done i should be able to post more often. Here's the stuff from last time.

Error View

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 2
Date: 9/22/2006
Time: 7:14:58 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application terminated


Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/22/2006
Time: 7:14:52 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/22/2006
Time: 7:14:48 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/22/2006
Time: 7:14:36 AM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/22/2006
Time: 7:14:26 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/22/2006
Time: 7:14:24 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 9/22/2006
Time: 7:13:27 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Windows saved user JEFF\Jeff Murphy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 9/22/2006
Time: 7:13:25 AM
User: JEFF\Jeff Murphy
Computer: JEFF
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/22/2006
Time: 6:33:24 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/22/2006
Time: 6:33:21 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/22/2006
Time: 6:33:13 AM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/22/2006
Time: 6:33:13 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/22/2006
Time: 6:33:12 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 9/21/2006
Time: 5:42:24 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Windows saved user JEFF\Jeff Murphy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 9/21/2006
Time: 5:42:23 PM
User: JEFF\Jeff Murphy
Computer: JEFF
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/21/2006
Time: 1:58:07 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/21/2006
Time: 1:58:03 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/21/2006
Time: 1:57:57 PM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/21/2006
Time: 1:57:55 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/21/2006
Time: 1:57:55 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 2
Date: 9/19/2006
Time: 5:54:46 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application terminated

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/19/2006
Time: 5:54:40 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/19/2006
Time: 5:54:34 PM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/19/2006
Time: 5:54:33 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/19/2006
Time: 5:54:33 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 9/19/2006
Time: 5:32:16 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Windows saved user JEFF\Jeff Murphy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 9/19/2006
Time: 5:32:14 PM
User: JEFF\Jeff Murphy
Computer: JEFF
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/19/2006
Time: 3:53:05 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/19/2006
Time: 3:53:01 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/19/2006
Time: 3:52:55 PM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/19/2006
Time: 3:52:54 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/19/2006
Time: 3:52:53 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/19/2006
Time: 3:48:33 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 2
Date: 9/19/2006
Time: 3:48:28 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application terminated

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/19/2006
Time: 3:48:27 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/19/2006
Time: 3:48:02 PM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/19/2006
Time: 3:48:00 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/19/2006
Time: 3:47:59 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 9/18/2006
Time: 5:31:54 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Windows saved user JEFF\Jeff Murphy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 9/18/2006
Time: 5:31:53 PM
User: JEFF\Jeff Murphy
Computer: JEFF
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/18/2006
Time: 4:48:53 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/18/2006
Time: 4:48:49 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/18/2006
Time: 4:48:42 PM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/18/2006
Time: 4:48:41 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/18/2006
Time: 4:48:40 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/17/2006
Time: 1:01:36 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/17/2006
Time: 1:01:31 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/17/2006
Time: 1:01:25 PM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/17/2006
Time: 1:01:24 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/17/2006
Time: 1:01:24 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 9/17/2006
Time: 12:04:10 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Windows saved user JEFF\Jeff Murphy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 9/17/2006
Time: 12:04:08 PM
User: JEFF\Jeff Murphy
Computer: JEFF
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/17/2006
Time: 11:05:43 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/17/2006
Time: 11:05:38 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/17/2006
Time: 11:05:31 AM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/17/2006
Time: 11:05:31 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/17/2006
Time: 11:05:30 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 9/17/2006
Time: 11:04:38 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Windows saved user JEFF\Jeff Murphy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 9/17/2006
Time: 11:04:36 AM
User: JEFF\Jeff Murphy
Computer: JEFF
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/17/2006
Time: 10:31:19 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/17/2006
Time: 10:31:15 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/17/2006
Time: 10:31:08 AM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/17/2006
Time: 10:31:07 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/17/2006
Time: 10:31:07 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 9/17/2006
Time: 9:14:29 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Windows saved user JEFF\Jeff Murphy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 9/17/2006
Time: 9:14:28 AM
User: JEFF\Jeff Murphy
Computer: JEFF
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/17/2006
Time: 6:45:50 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/17/2006
Time: 6:45:44 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/17/2006
Time: 6:45:37 AM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/17/2006
Time: 6:45:36 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/17/2006
Time: 6:45:36 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 9/16/2006
Time: 2:46:24 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Windows saved user JEFF\Jeff Murphy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 9/16/2006
Time: 2:46:23 PM
User: JEFF\Jeff Murphy
Computer: JEFF
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/16/2006
Time: 2:30:22 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/16/2006
Time: 2:30:17 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/16/2006
Time: 2:30:10 PM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/16/2006
Time: 2:30:10 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/16/2006
Time: 2:30:09 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 9/15/2006
Time: 5:40:05 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Windows saved user JEFF\Jeff Murphy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 9/15/2006
Time: 5:40:04 AM
User: JEFF\Jeff Murphy
Computer: JEFF
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/15/2006
Time: 5:27:19 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/15/2006
Time: 5:27:15 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/15/2006
Time: 5:27:06 AM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/15/2006
Time: 5:26:28 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/15/2006
Time: 5:26:28 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Error
Event Source: LiveUpdate
Event Category: None
Event ID: 56
Date: 9/15/2006
Time: 5:21:16 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
6002: LiveUpdate failed because the LiveUpdate package could not be uncompressed.

Make sure your disk is not full and run LiveUpdate again.

Event Type: Error
Event Source: LiveUpdate
Event Category: None
Event ID: 56
Date: 9/15/2006
Time: 5:21:15 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
6002: LiveUpdate failed because the LiveUpdate package could not be uncompressed.

Make sure your disk is not full and run LiveUpdate again.

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/15/2006
Time: 5:19:50 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/15/2006
Time: 5:19:44 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/15/2006
Time: 5:19:38 AM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/15/2006
Time: 5:19:01 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/15/2006
Time: 5:19:01 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 9/14/2006
Time: 6:50:26 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Windows saved user JEFF\Jeff Murphy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 9/14/2006
Time: 6:50:24 PM
User: JEFF\Jeff Murphy
Computer: JEFF
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/14/2006
Time: 6:43:18 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/14/2006
Time: 6:43:11 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/14/2006
Time: 6:43:02 PM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/14/2006
Time: 6:42:29 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/14/2006
Time: 6:42:29 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 9/14/2006
Time: 6:33:33 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Windows saved user JEFF\Jeff Murphy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 9/14/2006
Time: 6:33:31 PM
User: JEFF\Jeff Murphy
Computer: JEFF
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 2
Date: 9/14/2006
Time: 6:04:36 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application terminated

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/14/2006
Time: 6:04:33 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/14/2006
Time: 6:04:30 PM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/14/2006
Time: 6:04:29 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/14/2006
Time: 6:04:29 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 9/14/2006
Time: 10:13:58 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Windows saved user JEFF\Jeff Murphy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 9/14/2006
Time: 10:13:56 AM
User: JEFF\Jeff Murphy
Computer: JEFF
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 2
Date: 9/14/2006
Time: 9:59:46 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application terminated

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/14/2006
Time: 9:59:42 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/14/2006
Time: 9:59:36 AM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/14/2006
Time: 9:59:35 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/14/2006
Time: 9:59:35 AM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/13/2006
Time: 6:23:45 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/13/2006
Time: 6:23:42 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/13/2006
Time: 6:23:34 PM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/13/2006
Time: 6:23:14 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/13/2006
Time: 6:23:14 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 9/13/2006
Time: 4:05:06 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Windows saved user JEFF\Jeff Murphy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 9/13/2006
Time: 4:05:04 PM
User: JEFF\Jeff Murphy
Computer: JEFF
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 2
Date: 9/13/2006
Time: 3:59:24 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application terminated

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/13/2006
Time: 3:59:21 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/13/2006
Time: 3:59:16 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/13/2006
Time: 3:59:09 PM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/13/2006
Time: 3:58:53 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/13/2006
Time: 3:58:53 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/13/2006
Time: 2:26:03 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/13/2006
Time: 2:26:00 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/13/2006
Time: 2:25:53 PM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/13/2006
Time: 2:25:52 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/13/2006
Time: 2:25:52 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 2
Date: 9/13/2006
Time: 1:30:51 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application terminated

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/13/2006
Time: 1:30:49 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/13/2006
Time: 1:30:46 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/13/2006
Time: 1:30:39 PM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/13/2006
Time: 1:30:23 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/13/2006
Time: 1:30:23 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 9/13/2006
Time: 1:29:06 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Windows saved user JEFF\Jeff Murphy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/13/2006
Time: 1:21:20 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/13/2006
Time: 1:21:01 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 9/13/2006
Time: 1:20:53 PM
User: N/A
Computer: JEFF
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 1
Date: 9/13/2006
Time: 1:20:24 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccEvtMgr
Event Category: None
Event ID: 26
Date: 9/13/2006
Time: 1:20:24 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application starting

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/12/2006
Time: 11:45:14 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

Event Type: Information
Event Source: ccPwdSvc
Event Category: None
Event ID: 1
Date: 9/12/2006
Time: 11:45:10 PM
User: NT AUTHORITY\SYSTEM
Computer: JEFF
Description:
Application started

IT CONTINUES FOR ABOUT 919 MORE ENTRIES BUT I DON'T HAVE ENOUGH TIME TO ENTER ALL OF THESE APPLICATION ERRORS.
THERE ARE ALSO SYSTEM ERRORS (2,174). IF YOU NEED THESE PLEASE SAY SO.

Blacklight

10/23/06 06:36:07 [Info]: BlackLight Engine 1.0.47 initialized
10/23/06 06:36:07 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/23/06 06:36:08 [Note]: 7019 4
10/23/06 06:36:08 [Note]: 7005 0
10/23/06 06:36:12 [Note]: 7006 0
10/23/06 06:36:12 [Note]: 7011 1128
10/23/06 06:36:12 [Note]: 7026 0
10/23/06 06:36:12 [Note]: 7026 0
10/23/06 06:36:18 [Note]: FSRAW library version 1.7.1020
10/23/06 07:05:51 [Note]: 2000 1012
10/23/06 12:27:12 [Note]: 7007 0

Rootkit Revealer

HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 10/20/2006 12:23 PM 80 bytes Data mismatch between Windows API and raw hive data.

Alright scorpex, that's all i got. Hope it helps. Also, how do i get that button back on my quick launch toolbar that goes directly to the desktop. I deleted it, but have a new found respect for is function.

thanks, Jeff

#16 Scorpex

Scorpex

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,386 posts

Posted 03 November 2006 - 07:57 PM

Hi Jeff,

Right-click your Taskbar and select Toolbars > Quick Launch - Is that what you meant?

Since it’s been a while, give me a recap on what issues you are having.

Scorpex

#17 Jeff Murphy

Jeff Murphy

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 16 November 2006 - 05:25 AM

Hey scorpex,
The major problems i'm having is that my computer has gotten extremely slow in the last couple of months. I've also had a few encounters with the blue screen of death. My keyboard is broken right now as is my AC power cord so i'm having some troubles with my computer in general. These last two things aren't that big of a deal since my comp is still under warranty and when i get back to the states i can just get new ones of those. But if you have any ideas on how to make my computer faster i'm all ears.
As for the quick launch toolbar, what i was looking for was the button that automatically takes you to the desktop when you have a whole bunch of windows open. I used to have it on there, but then i got rid of it b/c i didn't use it. Now i'm regretting that decision and i want it back. If you know how to put it back on the quick launch toolbar i would greatly appreciate the knowledge. Thanks

Jeff

#18 Scorpex

Scorpex

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,386 posts

Posted 17 November 2006 - 09:49 PM

Hi Jeff,

Download ShowDesktopShortcut by Doug Knox Here – Save it to your Desktop
Once downloaded, right-click ShowDesktopShortcut.zip and select Extract all.
Double-click ShowDesktopShortcut.exe and click Restore

Another way to minimizes all windows - if you have a Windows key on your keyboard you can hold that down and press m


Click on Start -> Run -> type in eventvwr -> then click OK
On the left-hand side of the Event Viewer window, Double-click System
Look for Errors in System (especially around startup or if you know when a recent BSOD occurred)
Double-click the errors. The Event Properties window will come up. On the right-hand side you‘ll see an up arrow and a down arrow. The button below them will copy the error description to the clipboard (makes it easy to copy/paste)


Press Ctrl Alt Delete to open Task Manager. Click the Performance tab
Under Physical Memory (K) let me know what it says next to Total and Available

Do you remember installing any software or hardware around the time the BSODs started?

Went back and looked at some of your earlier scans – you should clear out your java cache
Clearing Java Cache:
  • Go to Start > Control Panel
  • Double-click on the Java Icon (coffee cup) and click the ‘General’ tab in the Java Control Panel.
  • Under the Temporary Internet Files section , click the Delete Files button.
  • There are three options in the window to clear the cache – Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Other Files
  • Click OK in the Delete Temporary Files Window.
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Then click OK in the main Java Control Panel window.
Scorpex

Edited by Scorpex, 17 November 2006 - 09:51 PM.





Member of UNITE
Support SpywareInfo Forum - click the button