My Norton scans every Friday night. I didn't like tonight's scan. Pic below is from a 7 day log. It's all foreign to my eyes.

I hope it was just a cavity and I don't need a root channel. The computer seems to be itself. No apparent slow downs, etc. I need some reassurance please.

TIA

http://i16.tinypic.com/2qxxcat.jpg

Read this:

http://www.symantec.com/smb/security_response/writeup.jsp?docid=2005-032616-0025-99

If you didn't open an email attachment or otherwise install some infected file, it is likely you are okay... It may be worthwhile to run another scan or two to be sure... You can do these:

MWavScan has full function until Feb 15, so you can let it clean:

Try running an MWavScan... It will produce a log in the lower window that has the bad list and you will need to use Ctrl-C to copy it and then paste it here for review.... If the list is extremely long, you can just paste the lines that begin with the word "File" since those are the ones we need to be most concerned about...

http://www.mwti.net/products/mwav/mwav.asp

Then I suggest this:

* Click here (http://support.f-secure.com/enu/home/ols.shtml) to use the F-Secure Online Scanner
Then click the Start Scanning button below.
You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here (http://support.f-secure.com/enu/home/ols-faq.shtml).
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.


And finally AVG AntiSpyware (Ewido)...

Please download, install, and update Ewido anti-spyware (http://www.ewido.net/en/download/)



Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.

After the update finishes (the status bar at the bottom will display "Update successful")

Close ewido. Do not run it yet.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.


In Safe Mode, load Ewido and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Restart back into Normal Mode.


Please perform another scan with Hijack This, and then post back with a copy of the Ewido log and the new HijackThis log.

If you didn't open an email attachment or otherwise install some infected file, it is likely you are okay... It may be worthwhile to run another scan or two to be sure... You can do these:

Thanks for the long instructions....

I have downloaded a bunch of drivers from HP website, plus a couple of freeware (from unfamiliar websites):o over the past week.

I delete unfamiliar e-mail without even opening them.

I downloaded all the Norton updates and ran another scan which came out clean.

Instead of downloading MWAV, I downloaded and installed eScanWin by mistake :o which created a mess. Took a bit of time to clean that up.

I am done with the MWAV scan and am in the process of the F-Secure. You are not kidding by it taking a long time.

Will post results when done if I don't fall asleep at the keyboard.

I guess this is not the tooth cavity I hoped for. Gearing up for the root channel.:rolleyes:

Done with F-Secure.

Should I do Ewido and HijackThis and post all the results together? Or results piece by piece?

St this point, post the results from each one a separate response.

Please indicate how the system is doing.

Results from MWAV:

Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: Entries Removed.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: Entries Removed.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USWebUnco ated.icc". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\AppleRGB. icc". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\ColorMatc hRGB.icc". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\Euroscale Coated.icc". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\Euroscale Uncoated.icc". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\JapanStan dard.icc". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\sRGB Color Space Profile.icm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USSheetfe dCoated.icc". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USSheetfe dUncoated.icc". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USWebCoat edSWOP.icc". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\AdobeRGB1 998.icc". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\WideGamutRGB.icc". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\NTSC1953.icc". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\PAL_SECAM.icc". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\SMPTE-C.icc". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\CIERGB.icc". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\Photoshop5DefaultCMYK.icc". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\Photoshop4DefaultCMYK.icc". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\system32\QuickTime.qts". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\system32\QuickTimeVR.qtx". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\Upgrade\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\CDEngine\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".dwg". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".dxf". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".ISO". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".PlayList". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".ref". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".uez". Action Taken: Entries Removed.

Results fron F-Secure: (1 of 3)

Scanning Report
Friday, January 26, 2007 22:27:25 - 22:59:43
Computer name: YOUR-825E5EA26A
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\

Result: 0 malware found

Statistics
Scanned:
· Files: 36646
· System: 4228
· Not scanned: 205
Actions:
· Disinfected: 0
· Renamed: 0
· Deleted: 0
· None: 0
· Submitted: 0
Files not scanned:
Ð< x z IBERFIL.SYS
· C:\PAGEFILE.SYS
· C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\012E40627DC9 04305BCE86A6217679E3_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\040330404652 AE9FAEB5CF89CAB5EC68_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04B9B82920E8 63DE5178533ECD4290BA_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\058F9258356E F3AF8B1EE195B52C9A8F_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05FA20BF8A25 6BB4671F47A042A154E9_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\075598994508 5677A47D3F72F757FBEA_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0895BC414AB9 DDA5C38A49A418ACF8C8_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\09621257373B AC721202D2A49927E4BC_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A2F18D67AD0 D81F7464427CD197A9E1_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0BD592948E40 E90AC64F6C0726B3D7D7_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0CEBAA9264C2 413839CD3717EC60F65B_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F70B1BD01BC FE76E9ECDD5A5F872079_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\11A742B167FF B092CDAC4F483CB1CBC2_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\11E9449B9552 F1461ACC5D7C4CF1FC33_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1242959141BB EDFB46E419B01942862D_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\131AEA7F04C1 A1896667A1D30BC20535_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1502AC3F1254 8F530D5F9C66F6656A68_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1577A73B68E2 BC41EEFBDADB76618006_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15B560C0D056 B649A5C96055488118E0_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15D46AC41DE0 3A55B199A31D62201F59_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1788EE2365E0 F54A31CD79BF08DF8FEF_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\18D4DBFDE46D DE7ED8224B3FA7AAF772_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B580A815B8B D2C787756E55AC314A5B_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINFB-Cî Þ ï
· C:\HIBERFIL.SYS
· C:\PAGEFILE.SYS
· C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\012E40627DC9 04305BCE86A6217679E3_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\040330404652 AE9FAEB5CF89CAB5EC68_A83415FB-C#

4 D x z x z 13E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04B9B82920E8 63DE5178533ECD4290BA_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\058F9258356E F3AF8B1EE195B52C9A8F_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05FA20BF8A25 6BB4671F47A042A154E9_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\075598994508 5677A47D3F72F757FBEA_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0895BC414AB9 DDA5C38A49A418ACF8C8_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\09621257373B AC721202D2A49927E4BC_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A2F18D67AD0 D81F7464427CD197A9E1_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0BD592948E40 E90AC64F6C0726B3D7D7_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0CEBAA9264C2 413839CD3717EC60F65B_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F70B1BD01BC FE76E9ECDD5A5F872079_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\11A742B167FF B092CDAC4F483CB1CBC2_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\11E9449B9552 F1461ACC5D7C4CF1FC33_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1242959141BB EDFB46E419B01942862D_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\131AEA7F04C1 A1896667A1D30BC20535_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1502AC3F1254 8F530D5F9C66F6656A68_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1577A73B68E2 BC41EEFBDADB76618006_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15B560C0D056 B649A5C96055488118E0_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15D46AC41DE0 3A55B199A31D62201F59_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1788EE2365E0 F54A31CD79BF08DF8FEF_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\18D4DBFDE46D DE7ED8224B3FA7AAF772_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B580A815B8B D2C787756E55AC314A5B_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1BE3340B8B42 6033E446965E3A82BBF4_A83415FB-C703-46D9-BCF4-7313E1850LL þ ¾ Ù
·

Results from F-Secure: (2 of 3)

C:\HIBERFIL.SYS
· C:\PAGEFILE.SYS
· C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\012E40627DC9 04305BCE86A6217679E3_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\040330404652 AE9FAEB5CF89CAB5EC68_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04B9B82920E8 63DE5178533ECD4290BA_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\058F9258356E F3AF8B1EE195B52C9A8F_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05FA20BF8A25 6BB4671F47A042A154E9_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\075598994508 5677A47D3F72F757FBEA_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0895BC414AB9 DDA5C38A49A418ACF8C8_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\09621257373B AC721202D2A49927E4BC_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A2F18D67AD0 D81F7464427CD197A9E1_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0BD592948E40 E90AC64F6C0726B3D7D7_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0CEBAA9264C2 413839CD3717EC60F65B_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F70B1BD01BC FE76E9ECDD5A5F872079_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\11A742B167FF B092CDAC4F483CB1CBC2_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\11E9449B9552 F1461ACC5D7C4CF1FC33_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1242959141BB EDFB46E419B01942862D_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\131AEA7F04C1 A1896667A1D30BC20535_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1502AC3F1254 8F530D5F9C66F6656A68_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1577A73B68E2 BC41EEFBDADB76618006_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15B560C0D056 B649A5C96055488118E0_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15D46AC41DE0 3A55B199A31D62201F59_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1788EE2365E0 F54A31CD79BF08DF8FEF_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\18D4DBFDE46D DE7ED8224B3FA7AAF772_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B580A815B8B D2C787756E55AC314A5B_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1BE3340B8B42 6033E446965E3A82BBF4_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C731F56F075 12A3C6C86D889940AF1B_A4Ag ¼ A C x z x z 15FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71B694528798 4C6614BE8013508FDE7D_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7305660A1DBC 758530F0367B7310E5D7_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\731E000CDDF3 D8CED4CCD74A6FB6C82D_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\736820A97ADE 7078BF0C0BCA469AC0E8_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76A4F28DBB3C CA679BB4FA18D01AF533_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\778C13C65DAC 37217A7C552790F6F701_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\78ABAA1F0186 87A77953EC6FD5D1C90E_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D191373D16F 0684B2A5DE2F54741C5D_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D7109CC386F 7908D4B6B961E0C8EFC3_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E94B95742EF 29C4DC0B51B886827189_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81C46BA66A5B 2AE6283AE94DB66ADAF4_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8296E3BF95D9 856AFAAA332912065CF3_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\846ABDFF5AAD 2A2F572E10BD5AFCEDA4_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\85B1C75B3E9F 0B76FA7B2C56CC6E7F4F_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\871194999C3C 323D765F535AF04E0A5C_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\877E18C74F27 1274542E2AF6BD0EB547_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87D2F520E87D B9C315377633FF94E339_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89333BF3AB18 B5F57871439E6211CB9A_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89E20487F5AD A5069021A55EB967C439_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B1705DF400B 0CA7242DDDF73003D8BE_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8BF1AD839543 722E0D58117DA0B6CE9B_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D8463F406E3 38E8457E9CB091E9412E_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8E2FC88EFEB4 76ABC35C80E8E7574F76_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F2D33C48242 98ABA6819F7853C49411_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\900F60403427 F9B36F4FFE75C3FFF6DC_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\91E0149DBBB8 BBEA40DD60EE8ED728D3_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\929760AA1EE6 1C4DDBA462C48A795218_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94855C4107A9 7A45F0EE461D4CDBB42D_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\964E280C24EB 31CD56484BD8AF86A8FF_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\971C484397E2 6A09C886E2D2CC91FFCA_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CE39AFD8BA6 BDB8B372466A0E6176CB_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9F02ABA8FCA2 201E77881C2BB3C0FC50_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9F81159F093A 9FEC1BC1D7B558BB5767_A83415FB-C703-46D9-BCF4-7313E1850800

Results from F-Secure (3 of 3):

· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9FF1D47851F7 EC53DD1B69CB228FFE8B_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A0A0DBA3771C 96A6A51C8054FC63D2AA_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A0F38E670F4B C89573B8F3B95B44944E_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A13C7B948BFD B8F894A0247A4A4E3CEA_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A357D11D1164 392AEC59BCD8F2DA3FAA_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A662F157ACCE EED429F68E7F3A1C0F63_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A7B4D2329E73 599CEE547148536C9AC7_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A99F2D527BD4 E48CD3991333760F1CCD_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB50C4476767 A66AA63A3A21439C2E6C_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ACD0790098CB AA1D340BC5FA353ACC84_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ADAC3BACB7A2 7A0B574112368CD3977B_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AEF6A6F26E05 0C322D0BEB025E187EC9_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF1C3A0A091C A82D1302AA07850D5F9F_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AFEC09BE3604 109223D7AA2393386E6B_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B1D020B62180 F9C9612B081B043936D3_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B325C9874F13 7A8AAD85238C919A12F7_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B410CAE71DE8 46361DB3CEC499D70EA9_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B743504D01E7 0ABE5A95C449EB900F69_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B8916E2D4BFE B6173AA49DAD8343428D_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B9239430659B 1E93FCBB1E3F651C2F40_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA117DFE7691 66BBDD0B6651B51E7B02_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BDC535A2154A 8D932F8458020614A8A9_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE21512F6B59 61EAEECB5882A9B8802E_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE85A961C177 7C2B164E0DCBEE2F8713_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BEA3BCAD25AA 19F95453D9A3A372B140_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF4773BFC321 2E0E04F06806D9D4387B_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF4C7EF54305 B8842716C439BB32918E_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C0001516838E DE993700DA6D29D51B62_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C19F921849B6 80CF218ADEA58386B81C_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C20DFE9E40A5 970391E5BD33EAB46AA8_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C22CC95366DD B078A53503E89B80FAFF_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C71495B5D104 847E1A7836F3D3EC245B_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7CBCD0031E0 76385A381AC32CE9FAD6_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C81C706F5E40 8FAE61C26AC322DAE9AB_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9486054011A 549F33F2C3C4C59C2CC3_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9EA42D1DA0C 40579B04FB6EC9FD0CC0_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CBDD667FBE9B 02CC9E69633052B5C595_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CBEC1DF329F3 2B6E317AD9432E348D8B_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD718242558F 55596E5D9FAF21F1A5CC_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE0D5762F756 E18C04A9089C5A62DF7F_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE9ED691B370 FC25A5FEE37FCE9B7331_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D0F462B53487 30D27AAEB4F461A67249_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D3637B6D00D2 56C77081ED7C28BA87AA_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D4D6D0FF3315 43651AFEB53EBC62CFD4_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D5264408C39C DDF3276A3ADBD922D2E1_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D6777B97378A 846EB8DA725497B0BD5E_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D83BA7DBBFF1 F4356EB5E21D9F3AAAB9_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D9C5469E7CC3 3C4B93AF85673E228BA9_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA967C38B8A2 E8C6D6582384DB7CE9BC_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DBFBA572785B 7E267384C6DAB1F9EF38_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC8D2F7C924A 9195A5921A3503983162_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DD08B98F9B9E 65FBCDC980E20886A29F_A83415FB-C703-46D9-BCF4-7313E1850800

Results from F-Secure (3a of 3)

· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E09F09D65E20 4E50A97BD341D55B688B_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E1B4BFEDF02B 017BABC8A2D89C9EE28F_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2E40D02026C 42CB6EF2FC03E1443F86_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E39F8B5320EE C6EC1CBB1AC67E204660_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E45EC1D0CC98 BC3C7D45F9BD0F5FF657_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5F5B7FE8E94 D02F93588533174FE791_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E7ABCB238957 60031E1F1241493C314A_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E7F0BEEC875A BDAAE2410104EC7D0DF0_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E895F4988BAC AA9F1AA29CC33AA667BB_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA8732945C97 6E33CCA4F5DC8FB85DC1_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB5DAB95A7B9 0164E311086F2ACADF86_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EC03032734EF 4762A9BFEF9EB28312E3_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EDA5ABA004B3 4DC76F41571663CDA780_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F0121E933D42 E20A6BB00AD00F32C098_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F20482D738DB E462011008A85E38A866_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F24D55FEDAA3 EFDE4C3F2703E5A6B39C_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F544A0E28A0F CBD42EEBEA5BA96EB3F3_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F92E35C2A5CB F15EB0B9E348D1A1E739_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FC46372D9D45 695B60D70D44000E9C68_A83415FB-C703-46D9-BCF4-7313E1850800
· C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FCB3A44A58F4 18BF4EBCD0A0B63694DC_A83415FB-C703-46D9-BCF4-7313E1850800
·

System is running normal, best I can tell.

I'm getting reday to download and run Ewido

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:17:29 AM 1/27/2007

+ Scan result:



C:\Documents and Settings\Parents\Cookies\parents@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@cnetaustralia.122 .2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@msnportal.112.2o7 [1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@rotator.adjuggler [1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@downloads.techrep ublic.com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@techrepublic.com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@e-2dj6wjkocpdjmhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@e-2dj6wjliejd5sfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@ehg-bandwidth.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@ehg-chartercommunications.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@ehg-digg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@ehg-futurepub.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@ehg-kodak.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@ehg-seagate.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@ehg-speakeasy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@ehg-techtarget.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@ehg-ubid.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@network.realmedia [1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@statse.webtrendsl ive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Parents\Cookies\parents@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Read this:
Please perform another scan with Hijack This, and then post back with a copy of the Ewido log and the new HijackThis log.

I hadn't done a HijackThis before. Seems like a generic copy/paste instructions. Should I go ahead? Do the logs posted above show anything to be concerened about? If so, are there any instructions for HijackThis? I guess I can serach for them

Thanks for taking time to review the logs .. HomeSA

Here are my HJT instructions...

http://www.merijn.org/programs.php

To run HJT, extract it to a permanent folder such as one you create like C:\HJT or the Desktop. Close all open windows and
browsers and make sure that all programs are enabled if you use msconfig. Run it and Scan, then Save the log.
When the log window appears, Right click to Copy it, open your browser and come here to Paste the entire log. Do
not make any changes until it is checked since most items are either benign or essential to the computer.

So far, what has been found and fixed seems pretty benign... If the HJT log is clean and Norton is up to date, you are probably okay...

Logfile of HijackThis v1.99.1
Scan saved at 11:05:04 PM, on 1/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.superiorelectronics.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.superiorelectronics.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - [url]http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab[/url]
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - [url]http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - [url]http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128145280406[/url]
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - [url]http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab[/url]
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Budfred, thank you very much for your time and help.

The HJT log is in my previous post.

Now that I have had time to surf and use the computer during the day, I should say that it feels faster and more responsive. It's like getting a car tuned up and having all fluids flushed and changed. You just feel the difference in performance.

Apparently using Norton, SS&D and Adaware was not enough to keep my computer clean. Any recommendations on what to add to my arsenal of "badie" fight? Should I go through the routine you outlined originally on a regular basis?

Thanks for any ideas ... HomeSA

I run an array of scans when I suspect I may have a problem and I am very careful about where I go... This generally has kept me safe in spite of sometimes needing to check out sites that are clearly dubious because of the security work I do... You can certainly run the scans I suggested if you wish, but that is up to you... I use FireFox with add-ons to make online safer... More importantly, your Java is out of date and you are still in IE 6 which suggests you haven't done MS updates recently either... Malware writers exploit earlier versions and unpatched computers... I strongly recommend that you update now... With Java, remember do remove earlier versions since they can still be exploited...

Other than the need for updates, you log looks fine so...

Here is my prevention speech to help avoid future infection:

This is a good time to set up protection against further attacks. Read the article linked below about "How did I
get infected". You need an antivirus that is updated, a good firewall (a router firewall is not enough) and a
spyware blocker like SpywareBlaster and also IE-Spyads. All of these have good free versions available... be very
cautious about any security software that advertises in popups or other intrusive ways, they are not only usually
useless, but also often have malware in them....

http://forums.spywareinfo.com/index.php?showtopic=60955

More importantly, your Java is out of date and you are still in IE 6 which suggests you haven't done MS updates recently either... Malware writers exploit earlier versions and unpatched computers... I strongly recommend that you update now... With Java, remember do remove earlier versions since they can still be exploited...


Thank you again.

Where do I find the Java update. I can uninstall/install programs if I know what it is that I am installing.

True that I haven't done an MS update in a while, on this one machine.

RANT
Long story short, I stopped updating last April when MS installed WGA on my machine under a security patch disguise. My XP Home is legit and I have an original CD for it. Yet, ZA keeps notifying me that WGA is trying to contact M$ every time I start my machine or switch users. Allowing/denying access has not made one bit of difference. I read that it was supposed to go away after a while (like 6 months), but it hasn't. That's got me very pissed at M$ for tricking me into an install that I didn't need and I don't trust their patches. I realize that I am taking a security risk here. I figured that by practicing "safe surfing" I can protect myself, but also acknowledge that it is a fallacy, as evident by the infection I had.

Thanks again for your time. You have been most helpful ... HomeSA

Here is a link to Java...

http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=22&PartDetailId=jre-1.5.0_10-oth-JPR&SiteId=JSC&TransactionId=noreg

I would use the first one on the list...

There is a certain amount of communication that needs to take place between MS and your computer to see what updates you need... If you are only going after the security updates, I believe the validation software is not used...