Help - Search - Members - Calendar
Full Version: Sysfader, Spyfader, ETC. *H*E*L*P*!!!!!
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
jerryfr40
Apr 4 2005, 10:49 AM
I am at the end of my rope here. I worked all weekend, surfing, reading, downloading, running and Nothing. I have a little windows application that keeps popping up on my taskbar for a few seconds at a time. I caught the name on the applications task manager. It appears as sysfader AND/OR spyfader.

Also, the MotiveSB program is hogging up to 99% of my CPU at any given time. I use Sprint DSL and am not sure if it is okay to shut it down or how. I have read that it is not a necessary part of the DSL service but most of those were talking about a different provider. If it is unecessary I want to shut it off.

I own an online antique store so I am constantly working with pictures uploading and editing. Right now I can not even open a .jpg without it locking up my computer. If I try then I have to open up the task manager and hit "Logoff Jerry". That is the only thing that it will allow me to do.

PLEASE HELP ME!

Logfile of HijackThis v1.99.1
Scan saved at 6:28:53 AM, on 4/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\PivX\Qwik-Fix Pro\qfui.exe
C:\Program Files\HistoryKill\histkill.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HistoryKill\hkPopupKiller.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Jerry\Desktop\WinZip\8.0\winzip32.exe
C:\DOCUME~1\Jerry\LOCALS~1\Temp\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BHOZapper] C:\Program Files\BHOZapper\BHOZapper.exe
O4 - HKLM\..\Run: [Qwik-Fix Pro User Interface] "C:\Program Files\PivX\Qwik-Fix Pro\qfui.exe"
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.snapfiles.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094524592390
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Qwik-Fix Pro (qfcoresvc) - PivX Solutions, Inc. - C:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Bobbi Flekman
Apr 4 2005, 01:25 PM
Hi jerryfr40,

Please move HijackThis to another location, preferably c:\Program Files\HijackThis. Anywhere is fine, other than your Desktop or a Temp folder. If HijackThis is in a temporary folder you run the risk of accidentally deleting the backups or it clutters your desktop with all the backups.
If you use Windows XP it might be that you just double clicked on the file HijackThis.exe, but that only extracts the file to a temporary folder. Please select the file and Extract it to a folder.

How do you make a permanent folder:

Click "My Computer", then "C:\" and then on "Program Files".
In the menu bar, "File"->"New"->"Folder".
That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".
Now you have "C:\Program Files\HijackThis". Put your HijackThis.exe there.

QUOTE
I am at the end of my rope here. I worked all weekend, surfing, reading, downloading, running and Nothing. I have a little windows application that keeps popping up on my taskbar for a few seconds at a time. I caught the name on the applications task manager. It appears as sysfader AND/OR spyfader.
From your log I see nothing connected... Run HijackThis. Click on "Config...", "Misc Tools". Check "List also minor sections (full)" and "List empty sections (complete)". Click on "Generate StartupList log". Answer "Yes" to the question and Notepad will open with text in it. Please post this text.
Maybe that will explain something.

QUOTE
Also, the MotiveSB program is hogging up to 99% of my CPU at any given time. I use Sprint DSL and am not sure if it is okay to shut it down or how. I have read that it is not a necessary part of the DSL service but most of those were talking about a different provider. If it is unecessary I want to shut it off.
You can shut it off.

You might want to save this page on your favorites, so you can find it again when you return. You can also click on your name and click on "Find All Posts" to find your thread.

Run HijackThis, click on "Scan" and check the boxes next to all these items.

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe

You have Microsoft's Find Fast running on your program and while a legitimate program, it is a resource hog. It is usually the cause of your computer getting really slow or even freezing for several seconds while it is indexing. Find fast neither finds things any better or faster than other Windows searches. You will notice system improvement by disabling this one. After fixing with Hijackthis, go into the "FindFast"-icon in the Control Panel and choose the "Index \ Close and Stop" menu option.

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O15 - Trusted Zone: http://www.snapfiles.com

Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked". Restart your computer and post a new log in this thread.
jerryfr40
Apr 4 2005, 10:41 PM
Thank you for helping me. I just got home from work and was really glad to see your reply. I have done all that you asked.

Here is the "startup list""

StartupList report, 4/4/2005, 6:32:39 PM
StartupList version: 1.52.2
Started from : C:\Program Files\hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\PivX\Qwik-Fix Pro\qfui.exe
C:\Program Files\HistoryKill\histkill.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\HistoryKill\hkPopupKiller.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Jerry\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
Microsoft Works Calendar Reminders.lnk = ?
Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe
Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
GhostStartTrayApp = C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
AcctMgr = C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Smapp = C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
CoolSwitch = C:\WINDOWS\system32\taskswitch.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe
(Default) =
type32 = "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\point32.exe"
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
BHOZapper = C:\Program Files\BHOZapper\BHOZapper.exe
Qwik-Fix Pro User Interface = "C:\Program Files\PivX\Qwik-Fix Pro\qfui.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

(Default) =

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

HistoryKill = C:\Program Files\HistoryKill\histkill.exe /startup

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
NAV Helper - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Norton SystemWorks One Button Checkup.job
Spybot - Search & Destroy - Scheduled Task.job
Symantec Drmc.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://download.yahoo.com/dl/yinst/yinst_current.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

[EPUImageControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
CODEBASE = http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://by11fd.bay11.hotmail.msn.com/resources/MsnPUpld.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://v5.windowsupdate.microsoft.com/v5co...b?1094524592390

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

[Get_ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\HPGETD~1.OCX
CODEBASE = https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

[YAddBook Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

[Java Plug-in 1.4.2_06]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

[QDiagHUpdateObj Class]
InProcServer32 = C:\WINDOWS\system32\qdiagh.ocx
CODEBASE = http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: System32\DRIVERS\ABP480N5.SYS (system)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
adpu160m: System32\DRIVERS\adpu160m.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Compaq AGP Bus Filter: System32\DRIVERS\agpCPQ.sys (system)
Aha154x: System32\DRIVERS\aha154x.sys (system)
aic78u2: System32\DRIVERS\aic78u2.sys (system)
aic78xx: System32\DRIVERS\aic78xx.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: System32\DRIVERS\aliide.sys (system)
ALI AGP Bus Filter: System32\DRIVERS\alim1541.sys (system)
AMD AGP Bus Filter Driver: System32\DRIVERS\amdagp.sys (system)
amsint: System32\DRIVERS\amsint.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
asc: System32\DRIVERS\asc.sys (system)
asc3350p: System32\DRIVERS\asc3350p.sys (system)
asc3550: System32\DRIVERS\asc3550.sys (system)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
BCM V.90 56K Modem: System32\DRIVERS\BCMDM.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
cbidf: System32\DRIVERS\cbidf2k.sys (system)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
cd20xrnt: System32\DRIVERS\cd20xrnt.sys (system)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Arrowkey Device Access: \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS (autostart)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (disabled)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
CmdIde: System32\DRIVERS\cmdide.sys (system)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: System32\DRIVERS\cpqarray.sys (system)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Creative SBLive! Gameport: System32\DRIVERS\ctljystk.sys (manual start)
dac2w2k: System32\DRIVERS\dac2w2k.sys (system)
dac960nt: System32\DRIVERS\dac960nt.sys (system)
Kodak Camera Proxy: system32\DRIVERS\DcCam.sys (system)
DcFpoint: system32\DRIVERS\DcFpoint.sys (manual start)
Kodak DCFS2K Driver: system32\drivers\dcfs2k.sys (autostart)
Legacy Polling Service: system32\DRIVERS\DcLps.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
dcptp: system32\DRIVERS\DcPTP.sys (manual start)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
dpti2o: System32\DRIVERS\dpti2o.sys (system)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel® PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
Creative SB Live! (WDM): system32\drivers\emu10k1m.sys (manual start)
Creative Interface Manager Driver (WDM): system32\drivers\ctlfacem.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Exportit: system32\DRIVERS\exportit.sys (system)
fasttrak: System32\DRIVERS\fasttrak.sys (system)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GBPoll: C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe (autostart)
GhostStartService: C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE (autostart)
GhostPciScanner: \??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
hpn: System32\DRIVERS\hpn.sys (system)
hpt3xx: System32\DRIVERS\hpt3xx.sys (system)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: System32\DRIVERS\i2omp.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IdeBusDr: System32\DRIVERS\IdeBusDr.sys (system)
Intel® Ultra ATA Controller: System32\DRIVERS\IdeChnDr.sys (system)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
ini910u: System32\DRIVERS\ini910u.sys (system)
IntelIde: System32\DRIVERS\intelide.sys (system)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: System32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Kodak Camera Connection Software: %SystemRoot%\system32\drivers\KodakCCS.exe (autostart)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
mchInjDrv: \??\C:\WINDOWS\TEMP\mc24.tmp (disabled)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
mraid35x: System32\DRIVERS\mraid35x.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050401.025\NAVENG.Sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050401.025\NavEx15.Sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NIC Management Service Configuration Driver: \??\C:\WINDOWS\system32\drivers\NMSCFG.SYS (manual start)
Intel® NMS: C:\WINDOWS\System32\NMSSvc.exe (autostart)
Norton Unerase Protection Driver: \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS (manual start)
Norton Unerase Protection: C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE (autostart)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
nv4: System32\DRIVERS\nv4.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
Pcatip: System32\DRIVERS\Pcatip.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
perc2: System32\DRIVERS\perc2.sys (system)
perc2hib: System32\DRIVERS\perc2hib.sys (system)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (manual start)
Microsoft IntelliPoint Filter Driver: system32\DRIVERS\point32.sys (manual start)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Qwik-Fix Pro: "C:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe" (autostart)
ql1080: System32\DRIVERS\ql1080.sys (system)
Ql10wnt: System32\DRIVERS\ql10wnt.sys (system)
ql12160: System32\DRIVERS\ql12160.sys (system)
ql1240: System32\DRIVERS\ql1240.sys (system)
ql1280: System32\DRIVERS\ql1280.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRT.SYS (system)
SAVRTPEL: \??\C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRTPEL.SYS (system)
SAVScan: "C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe" (autostart)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
ScsiAccess: C:\WINDOWS\system32\ScsiAccess.EXE (autostart)
SDdriver: \??\C:\WINDOWS\system32\Drivers\sddriver.sys (manual start)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Creative SoundFont Manager Driver (WDM): system32\drivers\sfmanm.sys (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: System32\DRIVERS\sisagp.sys (system)
smwdm: system32\drivers\smwdm.sys (manual start)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start)
Sparrow: System32\DRIVERS\sparrow.sys (system)
Speed Disk service: C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{09B2AB21-CECC-4A2C-AEFD-E3C5D4C9068C} (manual start)
Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
symc810: System32\DRIVERS\symc810.sys (system)
symc8xx: System32\DRIVERS\symc8xx.sys (system)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
SymWMI Service: "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" (autostart)
sym_hi: System32\DRIVERS\sym_hi.sys (system)
sym_u3: System32\DRIVERS\sym_u3.sys (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TosIde: System32\DRIVERS\toside.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: System32\DRIVERS\ultra.sys (system)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB Root Hub (usbport): System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: System32\DRIVERS\viaagp.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Media Connect (WMC): c:\program files\windows media connect\mswmccds.exe (manual start)
Windows Media Connect (WMC) Helper: C:\Program Files\Windows Media Connect\mswmcls.exe (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 42,581 bytes
Report generated in 0.375 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only




And here is the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 6:36:25 PM, on 4/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\PivX\Qwik-Fix Pro\qfui.exe
C:\Program Files\HistoryKill\histkill.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\HistoryKill\hkPopupKiller.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BHOZapper] C:\Program Files\BHOZapper\BHOZapper.exe
O4 - HKLM\..\Run: [Qwik-Fix Pro User Interface] "C:\Program Files\PivX\Qwik-Fix Pro\qfui.exe"
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094524592390
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Co
Bobbi Flekman
Apr 5 2005, 04:38 PM
Hi jerryfr40,

That doesn't solve anything either.

Run HijackThis, click on "Scan" and check the boxes next to all these items.

O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts

Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked". Restart your computer and post a new log in this thread.

Check your computer with the following free anti-virus/anti-trojan products.

Housecall Anti Virus Panda Anti Virus Trojan Scan Bit Defender

And, here's the link to McAfee AVERT Stinger and instructions for use.

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location, so you can delete it yourself.

Save Silent Runners.vbs to your desktop and double click on it to run. This will make a file called something like "Startup Programs (UserName) DateTime.txt". Double click on it, so it'll open in Notepad. Post the text here.
jerryfr40
Apr 6 2005, 04:40 PM
Alright Bobbi, that was a pretty tall order but I have ran every one of the programs you requested. In fact I worked on them until 2AM and then took the day off today to finish them before the afternoon. It looks like that is when you are online so I hope we can work on this today. I can not tell you how much I appreciate this. I am almost ready to reformat my hard drive even without any backups. This is driving me absolutely crazy. Today is day 5 of my attempts to rid my computer of this "sysfader" and "MicrosoftParkingFormsWindows".

Unfortunately, they are both still present even after all of that. So, here is the HJT log from a moment ago:

Logfile of HijackThis v1.99.1
Scan saved at 12:34:00 PM, on 4/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\BHOZapper\BHOZapper.exe
C:\Program Files\PivX\Qwik-Fix Pro\qfui.exe
C:\Program Files\HistoryKill\histkill.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe
C:\Program Files\HistoryKill\hkPopupKiller.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: BHOZapper Toolbar - {0A029144-6E5A-4F7E-A3B8-0B7F3F729049} - C:\Program Files\BHOZapper\BHOZapper Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BHOZapper] C:\Program Files\BHOZapper\BHOZapper.exe
O4 - HKLM\..\Run: [Qwik-Fix Pro User Interface] "C:\Program Files\PivX\Qwik-Fix Pro\qfui.exe"
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094524592390
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Qwik-Fix Pro (qfcoresvc) - PivX Solutions, Inc. - C:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




and here is the "Silent Runners" log:

"Silent Runners.vbs", revision 34, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"HistoryKill" = "C:\Program Files\HistoryKill\histkill.exe /startup" ["SwankSoft Technologies, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"WorksFUD" = "C:\Program Files\Microsoft Works\wkfud.exe" ["Microsoft® Corporation"]
"Microsoft Works Portfolio" = "C:\Program Files\Microsoft Works\WksSb.exe /AllUsers" ["Microsoft® Corporation"]
"Microsoft Works Update Detection" = "C:\Program Files\Microsoft Works\WkDetect.exe" ["Microsoft® Corporation"]
"BJCFD" = "C:\Program Files\BroadJump\Client Foundation\CFD.exe" ["BroadJump, Inc."]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"GhostStartTrayApp" = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" ["Symantec Corporation"]
"AcctMgr" = "C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup" ["Symantec Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"Smapp" = "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" ["Analog Devices, Inc."]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"CoolSwitch" = "C:\WINDOWS\system32\taskswitch.exe" [null data]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]
"Default" = (no data)
"type32" = ""C:\Program Files\Microsoft IntelliType Pro\type32.exe"" [MS]
"IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"BHOZapper" = "C:\Program Files\BHOZapper\BHOZapper.exe" ["Powerhouse Programming"]
"Qwik-Fix Pro User Interface" = ""C:\Program Files\PivX\Qwik-Fix Pro\qfui.exe"" ["PivX Solutions, Inc."]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [file not found]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll" ["Symantec Corporation"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\DOCUME~1\Jerry\Desktop\WinZip\8.0\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\DOCUME~1\Jerry\Desktop\WinZip\8.0\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\DOCUME~1\Jerry\Desktop\WinZip\8.0\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Explode"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\UNBIND.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\olkfstub.dll" [MS]
"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\phototoys.dll" [MS]
"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\KODAK\IFSCore\kodakshx.dll" ["Eastman Kodak Company"]
"{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"" [MS]
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]
"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]
"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS]
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]
"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS]
"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Enabled Wallpaper and Active Desktop:
-------------------------------------

Active Desktop is disabled.

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Jerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Startup items in "Jerry" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"HP Image Zone Fast Start" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data]
"Kodak EasyShare software" -> shortcut to: "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -h" ["Eastman Kodak Company"]
"Kodak software updater" -> shortcut to: "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" [null data]
"Microsoft Works Calendar Reminders" -> shortcut to: "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe" ["Microsoft® Corporation"]
"Norton GoBack" -> shortcut to: "C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe" ["Symantec Corporation"]
"Office Startup" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]
"Sprint FastConnect virtual assistant" -> shortcut to: "C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe -boot" ["Motive Communications, Inc."]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"]
"Spybot - Search & Destroy - Scheduled Task" -> launches: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK /AUTOFIX /AUTOCLOSE" ["Safer Networking Limited"]
"Symantec Drmc" -> launches: "C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe /CUSTOM /SCHEDULE" [null data]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {CLSID}\(Default) = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {CLSID}\(Default) = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll" ["Symantec Corporation"]

"{0A029144-6E5A-4F7E-A3B8-0B7F3F729049}"
-> {CLSID}\(Default) = "BHOZapper Toolbar"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\BHOZapper\BHOZapper Toolbar.dll" [empty string]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

GBPoll, GBPoll, "C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe" ["Symantec Corporation"]
GhostStartService, GhostStartService, "C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE" ["Symantec Corporation"]
Intel® NMS, NMSSvc, "C:\WINDOWS\System32\NMSSvc.exe" ["Intel Corporation"]
Kodak Camera Connection Software, KodakCCS, "C:\WINDOWS\system32\drivers\KodakCCS.exe" ["Eastman Kodak Company"]
Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe"" ["Symantec Corporation"]
Norton Unerase Protection, NProtectService, "C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]
Qwik-Fix Pro, qfcoresvc, ""C:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe"" ["PivX Solutions, Inc."]
SAVScan, SAVScan, ""C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe"" ["Symantec Corporation"]
ScsiAccess, ScsiAccess, "C:\WINDOWS\system32\ScsiAccess.EXE" [null data]
Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, ""C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------


I will be standing by to do what ever I need to do next. Again, thank you.

Sincerely,
Jerry Housh
Bobbi Flekman
Apr 7 2005, 10:32 AM
Hi jerryfr40,

QUOTE
Alright Bobbi,  that was a pretty tall order but I have ran every one of the programs you requested. In fact I worked on them until 2AM and then took the day off today to finish them before the afternoon. It looks like that is when you are online so I hope we can work on this today. I can not tell you how much I appreciate this. I am almost ready to reformat my hard drive even without any backups. This is driving me absolutely crazy. Today is day 5 of my attempts to rid my computer of this "sysfader" and "MicrosoftParkingFormsWindows".
Again, nothing obvious...

Two more tries.

Launch Notepad, and copy/paste the box below into a new text file. Save it as Options.txt on your Desktop.

QUOTE
RegSearch Options File

[Search]
sysfader
spyfader

[Exclude]

[Options]
Filter=KVDLU


Download Registry Search and extract it. Doubleclick the icon to run and click on "Import...". Select the file you created above. Click "OK" and Registry Search will search the Registry and report what it finds. Post that here.

And...

Download DLLCompare.

Copy the program to its own folder and double click it to start the program. Click "Run Locate.com".
When it is finished click "Compare", and after that "Make a Log of what was found". Post this log in your next post.
jerryfr40
Apr 7 2005, 10:49 AM
Good Morning,

Here are the logs you requested:




REGEDIT4

; Registry Search by Bobbi Flekman
; Version: 1.0.1.4

; Results at 4/7/2005 6:40:39 AM for strings:
; 'sysfader'
; 'spyfader'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_USERS\S-1-5-21-400550780-1690843657-1110412475-1008\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\ContainingTextMRU]
"000"="spyfader"

[HKEY_USERS\S-1-5-21-400550780-1690843657-1110412475-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\SpyFader problem]

; End Of The Log...




* DLLCompare Log version()
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\m-- The nicest hobby on Earth ;) --cl35.dll Thu Sep 9 1999 10:06:38p A.S.. 252,688 246.77 K
C:\WINDOWS\SYSTEM32\msltus35.dll Thu Sep 9 1999 10:06:38p A.S.. 168,720 164.77 K
C:\WINDOWS\SYSTEM32\mspdox35.dll Mon Jun 7 1999 6:59:34p A.S.. 250,128 244.27 K
C:\WINDOWS\SYSTEM32\mstext35.dll Thu Sep 30 1999 7:21:24p A.S.. 166,672 162.77 K
C:\WINDOWS\SYSTEM32\msxbse35.dll Sun Apr 25 1999 5:00:00p A.S.. 287,504 280.77 K
________________________________________________

1,402 items found: 1,402 files (5 H/S), 0 directories.
Total of file sizes: 308,693,603 bytes 294.39 M

Administrator Account = True

--------------------End log---------------------
Bobbi Flekman
Apr 7 2005, 11:10 AM
Strange... No mention in the registry... All DLLCompare gives are database drivers, so nothing bad in them either.

Try another thing.

Download pv.zip, and unzip it to your desktop.
It will not work if you run it from inside the zip.

Open the pv folder and double-click "runme.bat". A DOS box will open. Select
Type 1 for Explorer Dll's
and press <Enter>.

Notepad will open text in it. Copy and paste the text into a new post.

Do the same for 2 (Internet Explorer Dll's).
jerryfr40
Apr 7 2005, 01:55 PM
I will go and do that now. But I also ran a "FileMon" program to see if it would come up anywhere. I HAVE NO IDEA WHAT I AM DOING THERE! I read about it on another thread somewhere else and thought it MIGHT help you. It produced 1.6 million files and about 6 of them did have mention of the SYSFADER virus. I seperated those lines into an excell document but I do not know if it is safe to send out or if it would do any good. It does list the process, request, path, result, and other info. I will post the paths here and if you feel there is a safe way of getting the rest to you and that it may help let me know. The other post thought that it may help identify where it came from so it could be traced from there. Here is the paths:

QUOTE
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\index.dat 

C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\Warning-SysFader-virus[1].html

C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\Warning-SysFader-virus[1].html

C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\Warning-SysFader-virus[1].html 

C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\Warning-SysFader-virus[1].html 

C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\Warning-SysFader-virus[1].html 

C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\Warning-SysFader-virus[1].html 

C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\Warning-SysFader-virus[1].html 

C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\Warning-SysFader-virus[1].html

C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\Warning-SysFader-virus[1].html

THE REST OF THIS IS JUST WHAT CAME AFTER THE FIRST PARTS, IT MAKES NO SENSE TO ME BUT IN EXCEL FORMAT IT MAY.

C:\ SUCCESS Options: Open Directory  Access: All
1396121 9:11:52 AM histkill.exe:2992 DIRECTORY C:\ SUCCESS FileBothDirectoryInformation: Documents and Settings
1396122 9:11:52 AM histkill.exe:2992 CLOSE C:\ SUCCESS 
1396123 9:11:52 AM histkill.exe:2992 OPEN C:\Documents and Settings\ SUCCESS Options: Open Directory  Access: All
1396124 9:11:52 AM histkill.exe:2992 DIRECTORY C:\Documents and Settings\ SUCCESS FileBothDirectoryInformation: Jerry
jerryfr40
Apr 7 2005, 02:01 PM
Here are the other 2 you have requested.

QUOTE
Module information for  'Explorer.EXE'
  MODULE          BASE    SIZE    PATH
Explorer.EXE    1000000  1044480 C:\WINDOWS\Explorer.EXE                  6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Explorer
ntdll.dll      7c900000  720896 C:\WINDOWS\system32\ntdll.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL
kernel32.dll    7c800000  999424 C:\WINDOWS\system32\kernel32.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT BASE API Client DLL
msvcrt.dll      77c10000  360448 C:\WINDOWS\system32\msvcrt.dll            7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
ADVAPI32.dll    77dd0000  634880 C:\WINDOWS\system32\ADVAPI32.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API
RPCRT4.dll      77e70000  593920 C:\WINDOWS\system32\RPCRT4.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Procedure Call Runtime
GDI32.dll      77f10000  286720 C:\WINDOWS\system32\GDI32.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDI Client DLL
USER32.dll      77d40000  589824 C:\WINDOWS\system32\USER32.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP USER API Client DLL
SHLWAPI.dll    77f60000  483328 C:\WINDOWS\system32\SHLWAPI.dll          6.00.2900.2573 (xpsp_sp2_gdr.041130-1729) Shell Light-weight Utility Library
SHELL32.dll    7c9c0000  8470528 C:\WINDOWS\system32\SHELL32.dll          6.00.2900.2578 (xpsp_sp2_gdr.041130-1729) Windows Shell Common Dll
ole32.dll      774e0000  1298432 C:\WINDOWS\system32\ole32.dll            5.1.2600.2595 (xpsp_sp2_gdr.041130-1729) Microsoft OLE for Windows
OLEAUT32.dll    77120000  573440 C:\WINDOWS\system32\OLEAUT32.dll          5.1.2600.2180     
BROWSEUI.dll    75f80000  1032192 C:\WINDOWS\system32\BROWSEUI.dll          6.00.2900.2578 (xpsp_sp2_gdr.041130-1729) Shell Browser UI Library
SHDOCVW.dll    77760000  1490944 C:\WINDOWS\system32\SHDOCVW.dll          6.00.2900.2573 (xpsp_sp2_gdr.041130-1729) Shell Doc Object and Control Library
CRYPT32.dll    77a80000  606208 C:\WINDOWS\system32\CRYPT32.dll          5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll      77b20000    73728 C:\WINDOWS\system32\MSASN1.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
CRYPTUI.dll    754d0000  524288 C:\WINDOWS\system32\CRYPTUI.dll          5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust UI Provider
WINTRUST.dll    76c30000  188416 C:\WINDOWS\system32\WINTRUST.dll          5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll    76c90000  163840 C:\WINDOWS\system32\IMAGEHLP.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
NETAPI32.dll    5b860000  344064 C:\WINDOWS\system32\NETAPI32.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Win32 API DLL
WININET.dll    771b0000  679936 C:\WINDOWS\system32\WININET.dll          6.00.2900.2577 (xpsp_sp2_gdr.041130-1729) Internet Extensions for Win32
WLDAP32.dll    76f60000  180224 C:\WINDOWS\system32\WLDAP32.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
VERSION.dll    77c00000    32768 C:\WINDOWS\system32\VERSION.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
UxTheme.dll    5ad70000  229376 C:\WINDOWS\system32\UxTheme.dll          6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
ShimEng.dll    5cb70000  155648 C:\WINDOWS\system32\ShimEng.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL    6f880000  1875968 C:\WINDOWS\AppPatch\AcGenral.DLL          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
WINMM.dll      76b40000  184320 C:\WINDOWS\system32\WINMM.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
MSACM32.dll    77be0000    86016 C:\WINDOWS\system32\MSACM32.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
USERENV.dll    769c0000  733184 C:\WINDOWS\system32\USERENV.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
comctl32.dll    773d0000  1056768 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll  6.0 (xpsp_sp2_rtm.040803-2158) User Experience Controls Library
comctl32.dll    5d090000  618496 C:\WINDOWS\system32\comctl32.dll          5.82 (xpsp_sp2_rtm.040803-2158) Common Controls Library
serwvdrv.dll    5cd70000    28672 C:\WINDOWS\system32\serwvdrv.dll          5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll    5b0a0000    28672 C:\WINDOWS\system32\umdmxfrm.dll          5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
SYNCOR11.DLL    6bd00000    53248 C:\WINDOWS\system32\SYNCOR11.DLL          1.2.2                SynthCore R2.0 Midi Interface Driver
loadimagehook.dll 10000000  167936 C:\Program Files\PivX\Qwik-Fix Pro\fixes\loadimagehook.dll  1.4.0.30            loadimagehook Dynamic Link Library
appHelp.dll    77b40000  139264 C:\WINDOWS\system32\appHelp.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
CLBCATQ.DLL    76fd0000  520192 C:\WINDOWS\system32\CLBCATQ.DLL          2001.12.4414.258   
COMRes.dll      77050000  806912 C:\WINDOWS\system32\COMRes.dll            2001.12.4414.258   
cscui.dll      77a20000  344064 C:\WINDOWS\System32\cscui.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
CSCDLL.dll      76600000  118784 C:\WINDOWS\System32\CSCDLL.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
themeui.dll    5ba60000  462848 C:\WINDOWS\System32\themeui.dll          6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Theme API
Secur32.dll    77fe0000    69632 C:\WINDOWS\System32\Secur32.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface
MSIMG32.dll    76380000    20480 C:\WINDOWS\System32\MSIMG32.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDIEXT Client DLL
xpsp2res.dll    20000000  2904064 C:\WINDOWS\system32\xpsp2res.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
ACTXPRXY.DLL    71d40000  114688 C:\WINDOWS\system32\ACTXPRXY.DLL          6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ActiveX Interface Marshaling Library
SAMLIB.dll      71bf0000    77824 C:\WINDOWS\system32\SAMLIB.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
LINKINFO.dll    76980000    32768 C:\WINDOWS\system32\LINKINFO.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Volume Tracking
ntshrui.dll    76990000  151552 C:\WINDOWS\system32\ntshrui.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shell extensions for sharing
ATL.DLL        76b20000    69632 C:\WINDOWS\system32\ATL.DLL              3.05.2284            ATL Module for Windows XP (Unicode)
MPR.dll        71b20000    73728 C:\WINDOWS\system32\MPR.dll              5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL
SETUPAPI.dll    77920000  995328 C:\WINDOWS\system32\SETUPAPI.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
urlmon.dll      77260000  647168 C:\WINDOWS\system32\urlmon.dll            6.00.2900.2574 (xpsp_sp2_gdr.041130-1729) OLE32 Extensions for Win32
NETSHELL.dll    76400000  1728512 C:\WINDOWS\system32\NETSHELL.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Network Connections Shell
rtutils.dll    76e80000    57344 C:\WINDOWS\system32\rtutils.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
credui.dll      76c00000  188416 C:\WINDOWS\system32\credui.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Credential Manager User Interface
WS2_32.dll      71ab0000    94208 C:\WINDOWS\system32\WS2_32.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll    71aa0000    32768 C:\WINDOWS\system32\WS2HELP.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
iphlpapi.dll    76d60000  102400 C:\WINDOWS\system32\iphlpapi.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) IP Helper API
msi.dll        7d1e0000  2826240 C:\WINDOWS\system32\msi.dll              3.0.3790.2180        Windows Installer
WINSTA.dll      76360000    65536 C:\WINDOWS\system32\WINSTA.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
webcheck.dll    74b30000  286720 C:\WINDOWS\System32\webcheck.dll          6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Web Site Monitor
WSOCK32.dll    71ad0000    36864 C:\WINDOWS\System32\WSOCK32.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 32-Bit DLL
stobject.dll    76280000  135168 C:\WINDOWS\System32\stobject.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Systray shell service object
BatMeter.dll    74af0000    40960 C:\WINDOWS\System32\BatMeter.dll          6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Battery Meter Helper DLL
POWRPROF.dll    74ad0000    32768 C:\WINDOWS\System32\POWRPROF.dll          6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Power Profile Helper DLL
WTSAPI32.dll    76f50000    32768 C:\WINDOWS\System32\WTSAPI32.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs
rsaenh.dll      ffd0000  163840 C:\WINDOWS\system32\rsaenh.dll            5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
fxsst.dll      68df0000  577536 C:\WINDOWS\system32\fxsst.dll            5.2.2600.2180 (xpsp_sp2_rtm.040803-2158) Fax Service
WINSPOOL.DRV    73000000  155648 C:\WINDOWS\system32\WINSPOOL.DRV          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Spooler Driver
FXSAPI.dll      5a980000  466944 C:\WINDOWS\system32\FXSAPI.dll            5.2.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft  Fax API Support DLL
NTMARTA.DLL    77690000  135168 C:\WINDOWS\system32\NTMARTA.DLL          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MARTA provider
shdoclc.dll      1720000  557056 C:\WINDOWS\system32\shdoclc.dll          6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Doc Object and Control Library
SXS.DLL        75e90000  720896 C:\WINDOWS\system32\SXS.DLL              5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Fusion 2.5
wdmaud.drv      72d20000    36864 C:\WINDOWS\system32\wdmaud.drv            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WDM Audio driver mapper
msacm32.drv    72d10000    32768 C:\WINDOWS\system32\msacm32.drv          5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll    77bd0000    28672 C:\WINDOWS\system32\midimap.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper
browselc.dll    13b0000    73728 C:\WINDOWS\system32\browselc.dll          6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Browser UI Library
AcroIEHelper.dll  e20000    49152 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll  6.0.1.2003110300    Adobe Acrobat IE Helper Version 6.0 for ActivieX
gdiplus.dll    4ec50000  1716224 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll  5.1.3102.2180 (xpsp_sp2_rtm.040803-2158) Microsoft GDI+
DUSER.dll      6c1b0000  315392 C:\WINDOWS\system32\DUSER.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows DirectUser Engine
mscms.dll      73b30000    81920 C:\WINDOWS\system32\mscms.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Color Matching System DLL
CFGMGR32.dll    74ae0000    28672 C:\WINDOWS\System32\CFGMGR32.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Configuration Manager Forwarder DLL
WZSHLSTB.DLL    16200000    24576 C:\DOCUME~1\Jerry\Desktop\WinZip\8.0\WZSHLSTB.DLL  3.0 (32-bit)        WinZip Shell Extension DLL
zipfldr.dll    73380000  356352 C:\WINDOWS\System32\zipfldr.dll          6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Compressed (zipped) Folders
RASAPI32.dll    76ee0000  245760 C:\WINDOWS\system32\RASAPI32.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access API
rasman.dll      76e90000    73728 C:\WINDOWS\system32\rasman.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Connection Manager
TAPI32.dll      76eb0000  192512 C:\WINDOWS\system32\TAPI32.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Windows™ Telephony API Client DLL
msv1_0.dll      77c70000  143360 C:\WINDOWS\system32\msv1_0.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Authentication Package v1.0
printui.dll    74b80000  573440 C:\WINDOWS\system32\printui.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Print UI DLL
ACTIVEDS.dll    77cc0000  204800 C:\WINDOWS\system32\ACTIVEDS.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ADs Router Layer DLL
adsldpc.dll    76e10000  151552 C:\WINDOWS\system32\adsldpc.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ADs LDAP Provider C DLL
idle.dll        60300000    28672 C:\Program Files\Yahoo!\Messenger\idle.dll  1, 0, 0, 2          idle
MSVCR71.dll    7c340000  352256 C:\Program Files\Yahoo!\Messenger\MSVCR71.dll  7.10.3052.4          Microsoft® C Runtime Library
MSGINA.dll      75970000  1011712 C:\WINDOWS\system32\MSGINA.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Logon GINA DLL
ODBC32.dll      74320000  249856 C:\WINDOWS\system32\ODBC32.dll            3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Driver Manager
comdlg32.dll    763b0000  299008 C:\WINDOWS\system32\comdlg32.dll          6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
odbcint.dll      ea0000    94208 C:\WINDOWS\system32\odbcint.dll          3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Resources
MLANG.dll      75cf0000  593920 C:\WINDOWS\system32\MLANG.dll            6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
nvshell.dll      26f0000  458752 C:\WINDOWS\system32\nvshell.dll          6.14.10.6177        NVIDIA Desktop Explorer, Version 61.77
sensapi.dll    722b0000    20480 C:\WINDOWS\system32\sensapi.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SENS Connectivity API DLL
drprov.dll      75f60000    28672 C:\WINDOWS\System32\drprov.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Terminal Server Network Provider
ntlanman.dll    71c10000    57344 C:\WINDOWS\System32\ntlanman.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Lan Manager
NETUI0.dll      71cd0000    94208 C:\WINDOWS\System32\NETUI0.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - GUI Classes
NETUI1.dll      71c90000  262144 C:\WINDOWS\System32\NETUI1.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - Networking classes
NETRAP.dll      71c80000    28672 C:\WINDOWS\System32\NETRAP.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Remote Admin Protocol DLL
davclnt.dll    75f70000    36864 C:\WINDOWS\System32\davclnt.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Web DAV Client DLL
ymmapi.dll      64000000  188416 C:\PROGRA~1\Yahoo!\Common\ymmapi.dll      2004, 6, 13, 1      YMMAPI Module
NavShExt.dll    12d0000    98304 C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll  10.00.13            Norton AntiVirusNAVShellExt Module
MSVCP70.dll    7c080000  487424 C:\WINDOWS\system32\MSVCP70.dll          7.00.9466.0          Microsoft® C++ Runtime Library
MSVCR70.dll    7c000000  344064 C:\WINDOWS\system32\MSVCR70.dll          7.00.9466.0          Microsoft® C Runtime Library
wiashext.dll    593f0000  598016 C:\WINDOWS\system32\wiashext.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Imaging Devices Shell Folder UI
sti.dll        73ba0000    77824 C:\WINDOWS\System32\sti.dll              5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Still Image Devices client DLL
MSISIP.DLL      605f0000    57344 C:\WINDOWS\system32\MSISIP.DLL            3.0.3790.2180        MSI Signature SIP Provider
wshext.dll      74ea0000    65536 C:\WINDOWS\System32\wshext.dll            5.6.0.8820          Microsoft ® Shell Extension for Windows Script Host
MFC42.DLL      73dd0000  1040384 C:\WINDOWS\system32\MFC42.DLL            6.02.4131.0          MFCDLL Shared Library - Retail Version
ScrTrust.dll    21c0000    65536 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrTrust.dll  1, 1, 1, 131        ScriptBlocking Trust Verifier




QUOTE
  Module information for  'iexplore.exe'
  MODULE          BASE    SIZE    PATH
iexplore.exe      400000  102400 C:\Program Files\Internet Explorer\iexplore.exe  6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Internet Explorer
ntdll.dll      7c900000  720896 C:\WINDOWS\system32\ntdll.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL
kernel32.dll    7c800000  999424 C:\WINDOWS\system32\kernel32.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT BASE API Client DLL
msvcrt.dll      77c10000  360448 C:\WINDOWS\system32\msvcrt.dll            7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
USER32.dll      77d40000  589824 C:\WINDOWS\system32\USER32.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP USER API Client DLL
GDI32.dll      77f10000  286720 C:\WINDOWS\system32\GDI32.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDI Client DLL
SHLWAPI.dll    77f60000  483328 C:\WINDOWS\system32\SHLWAPI.dll          6.00.2900.2573 (xpsp_sp2_gdr.041130-1729) Shell Light-weight Utility Library
ADVAPI32.dll    77dd0000  634880 C:\WINDOWS\system32\ADVAPI32.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API
RPCRT4.dll      77e70000  593920 C:\WINDOWS\system32\RPCRT4.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Procedure Call Runtime
SHDOCVW.dll    77760000  1490944 C:\WINDOWS\system32\SHDOCVW.dll          6.00.2900.2573 (xpsp_sp2_gdr.041130-1729) Shell Doc Object and Control Library
CRYPT32.dll    77a80000  606208 C:\WINDOWS\system32\CRYPT32.dll          5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll      77b20000    73728 C:\WINDOWS\system32\MSASN1.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
CRYPTUI.dll    754d0000  524288 C:\WINDOWS\system32\CRYPTUI.dll          5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust UI Provider
WINTRUST.dll    76c30000  188416 C:\WINDOWS\system32\WINTRUST.dll          5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll    76c90000  163840 C:\WINDOWS\system32\IMAGEHLP.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
OLEAUT32.dll    77120000  573440 C:\WINDOWS\system32\OLEAUT32.dll          5.1.2600.2180     
ole32.dll      774e0000  1298432 C:\WINDOWS\system32\ole32.dll            5.1.2600.2595 (xpsp_sp2_gdr.041130-1729) Microsoft OLE for Windows
NETAPI32.dll    5b860000  344064 C:\WINDOWS\system32\NETAPI32.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Win32 API DLL
WININET.dll    771b0000  679936 C:\WINDOWS\system32\WININET.dll          6.00.2900.2577 (xpsp_sp2_gdr.041130-1729) Internet Extensions for Win32
WLDAP32.dll    76f60000  180224 C:\WINDOWS\system32\WLDAP32.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
VERSION.dll    77c00000    32768 C:\WINDOWS\system32\VERSION.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
comctl32.dll    773d0000  1056768 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll  6.0 (xpsp_sp2_rtm.040803-2158) User Experience Controls Library
loadimagehook.dll 10000000  167936 C:\Program Files\PivX\Qwik-Fix Pro\fixes\loadimagehook.dll  1.4.0.30            loadimagehook Dynamic Link Library
SHELL32.dll    7c9c0000  8470528 C:\WINDOWS\system32\SHELL32.dll          6.00.2900.2578 (xpsp_sp2_gdr.041130-1729) Windows Shell Common Dll
comctl32.dll    5d090000  618496 C:\WINDOWS\system32\comctl32.dll          5.82 (xpsp_sp2_rtm.040803-2158) Common Controls Library
uxtheme.dll    5ad70000  229376 C:\WINDOWS\system32\uxtheme.dll          6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
BROWSEUI.dll    75f80000  1032192 C:\WINDOWS\system32\BROWSEUI.dll          6.00.2900.2578 (xpsp_sp2_gdr.041130-1729) Shell Browser UI Library
browselc.dll    20000000    73728 C:\WINDOWS\system32\browselc.dll          6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Browser UI Library
appHelp.dll    77b40000  139264 C:\WINDOWS\system32\appHelp.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
CLBCATQ.DLL    76fd0000  520192 C:\WINDOWS\system32\CLBCATQ.DLL          2001.12.4414.258   
COMRes.dll      77050000  806912 C:\WINDOWS\system32\COMRes.dll            2001.12.4414.258   
urlmon.dll      77260000  647168 C:\WINDOWS\system32\urlmon.dll            6.00.2900.2574 (xpsp_sp2_gdr.041130-1729) OLE32 Extensions for Win32
Secur32.dll    77fe0000    69632 C:\WINDOWS\system32\Secur32.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface
cscui.dll      77a20000  344064 C:\WINDOWS\System32\cscui.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
CSCDLL.dll      76600000  118784 C:\WINDOWS\System32\CSCDLL.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
SETUPAPI.dll    77920000  995328 C:\WINDOWS\system32\SETUPAPI.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
USERENV.dll    769c0000  733184 C:\WINDOWS\system32\USERENV.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
AcroIEHelper.dll  fa0000    49152 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll  6.0.1.2003110300    Adobe Acrobat IE Helper Version 6.0 for ActivieX
NavShExt.dll      fb0000    98304 C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll  10.00.13            Norton AntiVirusNAVShellExt Module
ATL.DLL        76b20000    69632 C:\WINDOWS\system32\ATL.DLL              3.05.2284            ATL Module for Windows XP (Unicode)
MSVCP70.dll    7c080000  487424 C:\WINDOWS\system32\MSVCP70.dll          7.00.9466.0          Microsoft® C++ Runtime Library
MSVCR70.dll    7c000000  344064 C:\WINDOWS\system32\MSVCR70.dll          7.00.9466.0          Microsoft® C Runtime Library
SXS.DLL        75e90000  720896 C:\WINDOWS\system32\SXS.DLL              5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Fusion 2.5
shdoclc.dll      1000000  557056 C:\WINDOWS\system32\shdoclc.dll          6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Doc Object and Control Library
xpsp2res.dll    1090000  2904064 C:\WINDOWS\system32\xpsp2res.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
mlang.dll      75cf0000  593920 C:\WINDOWS\system32\mlang.dll            6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
wsock32.dll    71ad0000    36864 C:\WINDOWS\system32\wsock32.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 32-Bit DLL
WS2_32.dll      71ab0000    94208 C:\WINDOWS\system32\WS2_32.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll    71aa0000    32768 C:\WINDOWS\system32\WS2HELP.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
mswsock.dll    71a50000  258048 C:\WINDOWS\system32\mswsock.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Windows Sockets 2.0 Service Provider
hnetcfg.dll    662b0000  360448 C:\WINDOWS\system32\hnetcfg.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Home Networking Configuration Manager
RASAPI32.DLL    76ee0000  245760 C:\WINDOWS\system32\RASAPI32.DLL          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access API
rasman.dll      76e90000    73728 C:\WINDOWS\system32\rasman.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Connection Manager
TAPI32.dll      76eb0000  192512 C:\WINDOWS\system32\TAPI32.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Windows™ Telephony API Client DLL
rtutils.dll    76e80000    57344 C:\WINDOWS\system32\rtutils.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
WINMM.dll      76b40000  184320 C:\WINDOWS\system32\WINMM.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
serwvdrv.dll    5cd70000    28672 C:\WINDOWS\system32\serwvdrv.dll          5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll    5b0a0000    28672 C:\WINDOWS\system32\umdmxfrm.dll          5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
SYNCOR11.DLL    6bd00000    53248 C:\WINDOWS\system32\SYNCOR11.DLL          1.2.2                SynthCore R2.0 Midi Interface Driver
msi.dll        7d1e0000  2826240 C:\WINDOWS\system32\msi.dll              3.0.3790.2180        Windows Installer
wshtcpip.dll    71a90000    32768 C:\WINDOWS\System32\wshtcpip.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Sockets Helper DLL
idle.dll        60300000    28672 C:\Program Files\Yahoo!\Messenger\idle.dll  1, 0, 0, 2          idle
MSVCR71.dll    7c340000  352256 C:\Program Files\Yahoo!\Messenger\MSVCR71.dll  7.10.3052.4          Microsoft® C Runtime Library
msv1_0.dll      77c70000  143360 C:\WINDOWS\system32\msv1_0.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Authentication Package v1.0
iphlpapi.dll    76d60000  102400 C:\WINDOWS\system32\iphlpapi.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) IP Helper API
sensapi.dll    722b0000    20480 C:\WINDOWS\system32\sensapi.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SENS Connectivity API DLL
rsaenh.dll      ffd0000  163840 C:\WINDOWS\system32\rsaenh.dll            5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
DNSAPI.dll      76f20000  159744 C:\WINDOWS\system32\DNSAPI.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) DNS Client API DLL
rasadhlp.dll    76fc0000    24576 C:\WINDOWS\system32\rasadhlp.dll          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access AutoDial Helper
mshtml.dll      7d4a0000  3026944 C:\WINDOWS\System32\mshtml.dll            6.00.2900.2604 (xpsp_sp2_gdr.041130-1729) Microsoft ® HTML Viewer
msls31.dll      746c0000  159744 C:\WINDOWS\System32\msls31.dll            3.10.349.0          Microsoft Line Services library file
msimtf.dll      746f0000  172032 C:\WINDOWS\System32\msimtf.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Active IMM Server DLL
MSCTF.dll      74720000  307200 C:\WINDOWS\System32\MSCTF.dll            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MSCTF Server DLL
IMM32.DLL      76390000  118784 C:\WINDOWS\system32\IMM32.DLL            5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
OLEACC.dll      74c80000  180224 C:\WINDOWS\system32\OLEACC.dll            4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
MSVCP60.dll    76080000  413696 C:\WINDOWS\system32\MSVCP60.dll          6.02.3104.0          Microsoft ® C++ Runtime Library
PPBHO.dll        2170000  303104 C:\Program Files\Norton SystemWorks\Password Manager\PPBHO.dll  2004.1.127          Password Manager Browser Helper
MSXML4.dll      69b10000  1241088 C:\WINDOWS\system32\MSXML4.dll            4.20.9818.0          MSXML 4.0 SP 2
scrauth.dll      2110000  122880 C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll  1, 1, 1, 131        ScriptBlocking Authenticator
ScrBlock.dll    2140000  131072 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll  1, 1, 1, 131        ScriptBlocking
jscript.dll    75c50000  450560 c:\windows\system32\jscript.dll          5.6.0.8820          Microsoft ® JScript
iepeers.dll    66e50000  258048 C:\WINDOWS\System32\iepeers.dll          6.00.2900.2604 (xpsp_sp2_gdr.041130-1729) Internet Explorer Peer Objects
WINSPOOL.DRV    73000000  155648 C:\WINDOWS\System32\WINSPOOL.DRV          5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Spooler Driver
mshtmled.dll    76200000  462848 C:\WINDOWS\System32\mshtmled.dll          6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ® HTML Editing Component
jerryfr40
Apr 7 2005, 02:38 PM
Its 10:30 here in Fla and I have to head to work. Back at 6PM. hope I have given you something to go on. Again, thank you for your help. I would be lost without people like you who are willing to help computer dummies like me. Have a Great Day!

Jerry
Bobbi Flekman
Apr 8 2005, 11:28 AM
Hi jerryfr40,

I can see nothing wrong with these logs either. I will ask others if they have a clue what's going on here.

The files in the Temporary Internet Folders can be deleted through "Internet Options" in the Configuration Panel. You can find it on the "General" tab.

Something else... what is the problem? Is it spyfader? Or is it sysfader? I've just been googling sysfader, and that's a program from NVidia videocards... Like the one you use. Can you try this...

From a thread at Wilder's:
QUOTE
My display driver is provided by nVidia. It offers all kinds of options and one of them is the culprit. The solution is Go to START > CONTROL PANEL > DISPLAY > NVIDIA NVIEW DESKTOP MANAGER > tab DESKTOP MANAGEMENT > PROPERTIES > tab APPEARANCE > EFFECTS and uncheck the FADE EFFECT option. God knows what it does but unchecking it solves the problem.
jerryfr40
Apr 9 2005, 07:07 AM
I tried to follow the instructions but apparently the other person was not running XP because there is no properties tab under Display. I opened the properties for NVIDiA under the START > CONTROL PANEL > and went all through every tab and did not find SYSFADER anywhere. I even updated the program at their website but still no good.

Of all the postings on Google concerning SYSFADER this was the only one that claims it is a legitimate program. The rest are recognising it as a virus. It is just a very new one that no one has been able to figure out a solution for. The way that it acts, coming on for a couple seconds and then disappearing, does not suggest a normal program in action.

I do appreciate all of your help. I only hope that someone figures this one out soon. The hits on Google seem to increase daily as this one spreads out. Luckily it does not appear to be destructive at this time, just a major annoyance and CPU hog. The biggest problem is that there is no way to know exactly what it is doing. It could be sending out important private information for all I know.

I had seen one post on Google that said that it comes in as SYSFADER but then morphs into another file. Unfortunately I have not been able to find that post again to see what the name was in order to check it out.

If you come up with any more ideas I would greatly appreciate it. This one seems to have all of the experts stumped but I am confident that this will change very soon.

Sincerely,
Jerry Housh
Bobbi Flekman
Apr 12 2005, 10:02 AM
Hi jerryfr40,

Can you try this. Download Rootkit Revealer, and extract it. Double click on Rootkit Revealer and press "Scan". After the scan press "File"->"Save..." and copy/paste the contents in a new post.
jerryfr40
Apr 12 2005, 11:08 AM
Thanks for not giving up me yet. I hope this helps:

C:\Documents and Settings\Jerry Housh\Local Settings\Temporary Internet Files\Content.IE5\RK3F338X\ShowLetter[1].: 3/7/2003 6:08 PM 54.55 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000698. 2/17/2004 6:05 AM 574.49 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000856. 2/17/2004 6:05 AM 514.46 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000858. 2/17/2004 6:05 AM 537.84 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013541. 1/7/2003 11:32 AM 24.51 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013542. 1/7/2003 11:32 AM 18.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013543. 1/7/2003 11:32 AM 24.06 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013544. 1/7/2003 11:32 AM 29.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013545. 1/7/2003 11:32 AM 30.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013546. 1/7/2003 11:32 AM 29.65 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013547. 1/7/2003 11:32 AM 20.32 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013767. 1/8/2003 6:35 PM 20.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013768. 1/8/2003 6:35 PM 17.48 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013769. 1/8/2003 6:35 PM 10.21 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098397. 9/7/2004 12:54 AM 21.69 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098398. 9/7/2004 12:54 AM 15.94 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098399. 9/7/2004 12:54 AM 13.43 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098416. 9/7/2004 12:54 AM 21.69 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098417. 9/7/2004 12:54 AM 24.85 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098418. 9/7/2004 12:54 AM 12.16 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098431. 9/7/2004 12:54 AM 23.34 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098432. 9/7/2004 12:54 AM 25.75 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098433. 9/7/2004 12:54 AM 13.49 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098447. 9/7/2004 12:54 AM 24.95 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098448. 9/7/2004 12:54 AM 13.52 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232324. 3/28/2004 7:18 AM 40.67 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232325. 3/28/2004 7:18 AM 33.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232326. 3/28/2004 7:18 AM 29.92 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232327. 3/28/2004 7:18 AM 40.04 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232328. 3/28/2004 7:18 AM 26.40 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232329. 3/28/2004 7:18 AM 44.58 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232330. 3/28/2004 7:18 AM 31.97 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232419. 3/28/2004 7:18 AM 43.70 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232420. 3/28/2004 7:18 AM 34.29 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232421. 3/28/2004 7:18 AM 32.22 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232422. 3/28/2004 7:18 AM 32.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232423. 3/28/2004 7:18 AM 34.19 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232424. 3/28/2004 7:18 AM 44.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232425. 3/28/2004 7:18 AM 39.93 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232426. 3/28/2004 7:18 AM 34.51 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232427. 3/28/2004 7:18 AM 37.11 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232428. 3/28/2004 7:18 AM 37.10 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232429. 3/28/2004 7:18 AM 48.29 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232430. 3/28/2004 7:18 AM 34.77 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232431. 3/28/2004 7:18 AM 51.07 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232477. 3/28/2004 7:18 AM 40.35 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232478. 3/28/2004 7:18 AM 40.04 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232479. 3/28/2004 7:18 AM 32.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232480. 3/28/2004 7:18 AM 56.22 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232481. 3/28/2004 7:18 AM 35.93 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232482. 3/28/2004 7:18 AM 43.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232483. 3/28/2004 7:18 AM 32.27 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232484. 3/28/2004 7:18 AM 29.34 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241262. 1/17/2004 10:58 AM 506.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241263. 1/17/2004 10:58 AM 339.23 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241264. 1/17/2004 10:58 AM 446.93 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241265. 1/17/2004 10:58 AM 418.34 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241266. 1/17/2004 10:58 AM 368.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241267. 1/17/2004 10:58 AM 405.48 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241268. 1/17/2004 10:58 AM 528.85 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241269. 1/17/2004 10:58 AM 414.65 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241270. 1/17/2004 10:58 AM 431.65 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241271. 1/17/2004 10:58 AM 381.09 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241273. 1/17/2004 10:58 AM 466.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241274. 1/17/2004 10:58 AM 436.79 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241275. 1/17/2004 10:58 AM 430.86 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241276. 1/17/2004 10:58 AM 507.37 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241277. 1/17/2004 10:58 AM 484.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241278. 1/17/2004 10:58 AM 454.35 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241279. 1/17/2004 10:58 AM 440.19 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241280. 1/17/2004 10:58 AM 432.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241281. 1/17/2004 10:58 AM 459.59 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241282. 1/17/2004 10:58 AM 502.33 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241284. 1/17/2004 10:58 AM 460.45 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241285. 1/17/2004 10:58 AM 466.85 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241286. 1/17/2004 10:58 AM 425.34 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241287. 1/17/2004 10:58 AM 535.65 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241288. 1/17/2004 10:58 AM 470.23 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241289. 1/17/2004 10:58 AM 524.47 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241290. 1/17/2004 10:58 AM 582.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241291. 1/17/2004 10:58 AM 520.46 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241292. 1/17/2004 10:58 AM 445.67 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241293. 1/17/2004 10:58 AM 523.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241295. 1/17/2004 10:58 AM 557.46 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241296. 1/17/2004 10:58 AM 538.27 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241297. 1/17/2004 10:58 AM 494.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241298. 1/17/2004 10:58 AM 506.28 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241299. 1/17/2004 10:58 AM 613.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241300. 1/17/2004 10:58 AM 564.71 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241301. 1/17/2004 10:58 AM 548.32 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241302. 1/17/2004 10:58 AM 343.84 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241303. 1/17/2004 10:58 AM 574.49 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241304. 1/17/2004 10:58 AM 472.05 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241306. 1/17/2004 10:58 AM 526.11 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241307. 1/17/2004 10:58 AM 503.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241308. 1/17/2004 10:58 AM 505.52 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241309. 1/17/2004 10:58 AM 541.65 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241310. 1/17/2004 10:58 AM 492.24 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241311. 1/17/2004 10:58 AM 489.88 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241312. 1/17/2004 10:58 AM 516.36 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241313. 1/17/2004 10:58 AM 514.46 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241314. 1/17/2004 10:58 AM 546.86 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241315. 1/17/2004 10:58 AM 569.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241317. 1/17/2004 10:58 AM 2.00 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241317.:AFP_AfpInfo 1/17/2004 10:58 AM 60 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241318. 1/17/2004 10:58 AM 641.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241319. 1/17/2004 10:58 AM 634.60 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241320. 1/17/2004 10:58 AM 551.33 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241321. 1/17/2004 10:58 AM 734.30 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241322. 1/17/2004 10:58 AM 510.26 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241323. 1/17/2004 10:58 AM 580.23 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241324. 1/17/2004 10:58 AM 523.26 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241325. 1/17/2004 10:58 AM 516.19 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241326. 1/17/2004 10:58 AM 644.29 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241331. 1/17/2004 10:58 AM 493.69 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241332. 1/17/2004 10:58 AM 491.21 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241333. 1/17/2004 10:58 AM 522.42 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241334. 1/17/2004 10:58 AM 499.23 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241335. 1/17/2004 10:58 AM 519.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241336. 1/17/2004 10:58 AM 529.36 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241346. 1/17/2004 10:58 AM 661.89 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241347. 1/17/2004 10:58 AM 532.16 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241348. 1/17/2004 10:58 AM 496.95 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241349. 1/17/2004 10:58 AM 517.98 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241350. 1/17/2004 10:58 AM 531.37 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241351. 1/17/2004 10:58 AM 557.41 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241352. 1/17/2004 10:58 AM 647.64 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241353. 1/17/2004 10:58 AM 537.84 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241354. 1/17/2004 10:58 AM 647.52 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241355. 1/17/2004 10:58 AM 528.36 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241357. 1/17/2004 10:58 AM 589.07 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241358. 1/17/2004 10:58 AM 637.38 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241359. 1/17/2004 10:58 AM 555.15 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241360. 1/17/2004 10:58 AM 536.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241361. 1/17/2004 10:58 AM 513.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241362. 1/17/2004 10:58 AM 519.23 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241363. 1/17/2004 10:58 AM 569.06 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00242943. 1/17/2004 10:58 AM 546.86 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00243110. 1/17/2004 10:58 AM 546.86 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00274062. 1/23/2004 11:12 AM 546.86 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00274329. 1/23/2004 11:12 AM 503.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00274333. 1/23/2004 11:12 AM 517.98 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281442. 2/17/2004 6:05 AM 641.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281443. 2/17/2004 6:05 AM 529.36 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281444. 2/17/2004 6:05 AM 569.06 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281448. 2/17/2004 6:05 AM 516.19 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281449. 2/17/2004 6:05 AM 519.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281450. 2/17/2004 6:05 AM 513.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281456. 2/17/2004 6:05 AM 641.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281457. 2/17/2004 6:05 AM 555.15 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281465. 2/17/2004 6:05 AM 641.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281466. 2/17/2004 6:05 AM 493.69 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281467. 2/17/2004 6:05 AM 491.21 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281468. 2/17/2004 6:05 AM 589.07 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281472. 2/17/2004 6:05 AM 492.24 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281473. 2/17/2004 6:05 AM 557.41 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281484. 2/17/2004 6:05 AM 489.88 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281485. 2/17/2004 6:05 AM 647.64 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281490. 2/17/2004 6:05 AM 526.11 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281491. 2/17/2004 6:05 AM 557.41 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281498. 2/17/2004 6:05 AM 526.11 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281500. 2/17/2004 6:05 AM 496.95 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281815. 2/17/2004 6:05 AM 641.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281816. 2/17/2004 6:05 AM 529.36 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281817. 2/17/2004 6:05 AM 569.06 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281821. 2/17/2004 6:05 AM 516.19 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281822. 2/17/2004 6:05 AM 519.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281823. 2/17/2004 6:05 AM 513.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281829. 2/17/2004 6:05 AM 641.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281830. 2/17/2004 6:05 AM 555.15 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281838. 2/17/2004 6:05 AM 641.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281839. 2/17/2004 6:05 AM 493.69 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281840. 2/17/2004 6:05 AM 491.21 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281841. 2/17/2004 6:05 AM 589.07 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281845. 2/17/2004 6:05 AM 492.24 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281846. 2/17/2004 6:05 AM 557.41 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281856. 2/17/2004 6:05 AM 489.88 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281857. 2/17/2004 6:05 AM 647.64 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281862. 2/17/2004 6:05 AM 526.11 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281863. 2/17/2004 6:05 AM 557.41 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281870. 2/17/2004 6:05 AM 526.11 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281872. 2/17/2004 6:05 AM 496.95 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00289174. 2/8/2004 1:58 AM 639.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00289281. 2/8/2004 1:58 AM 639.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00296511. 9/7/2004 12:53 AM 3.50 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328180. 9/7/2004 12:55 AM 186 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328201. 9/7/2004 12:55 AM 223 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328203. 9/7/2004 12:55 AM 3.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328205. 9/7/2004 12:55 AM 812 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328207. 9/7/2004 12:55 AM 803 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328234. 9/7/2004 12:55 AM 63 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328285. 9/7/2004 12:55 AM 8.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328506. 9/7/2004 12:55 AM 152.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328507. 9/7/2004 12:55 AM 188.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328560. 9/7/2004 12:55 AM 152.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328561. 9/7/2004 12:55 AM 188.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328773. 9/7/2004 12:55 AM 186 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328794. 9/7/2004 12:55 AM 223 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328796. 9/7/2004 12:55 AM 3.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328798. 9/7/2004 12:55 AM 812 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328800. 9/7/2004 12:55 AM 803 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328825. 9/7/2004 12:55 AM 63 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328876. 9/7/2004 12:55 AM 8.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00442527. 4/3/2005 3:07 PM 242.28 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00442533. 4/3/2005 3:07 PM 212.77 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00442535. 4/3/2005 3:07 PM 264.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255307. 4/12/2005 5:38 AM 44.92 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255308. 4/12/2005 5:38 AM 35.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255309. 4/12/2005 5:38 AM 26.06 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255310. 4/12/2005 5:38 AM 43.17 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255311. 4/12/2005 5:38 AM 46.71 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255312. 4/12/2005 5:38 AM 75.80 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255313. 4/12/2005 5:38 AM 72.38 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255314. 4/12/2005 5:38 AM 55.47 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255315. 4/12/2005 5:38 AM 91.99 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255316. 4/12/2005 5:38 AM 84.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255317. 4/12/2005 5:38 AM 56.99 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255318. 4/12/2005 5:38 AM 41.42 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255319. 4/12/2005 5:38 AM 65.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255320. 4/12/2005 5:38 AM 45.40 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255321. 4/12/2005 5:38 AM 66.68 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255322. 4/12/2005 5:38 AM 55.84 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255323. 4/12/2005 5:38 AM 51.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255324. 4/12/2005 5:38 AM 43.76 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255325. 4/12/2005 5:38 AM 74.64 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255326. 4/12/2005 5:38 AM 77.35 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255327. 4/12/2005 5:38 AM 47.71 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255328. 4/12/2005 5:38 AM 43.96 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255329. 4/12/2005 5:38 AM 75.42 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255330. 4/12/2005 5:38 AM 34.97 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255331. 4/12/2005 5:38 AM 33.85 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255332. 4/12/2005 5:38 AM 39.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255333. 4/12/2005 5:38 AM 34.97 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255334. 4/12/2005 5:38 AM 38.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255335. 4/12/2005 5:38 AM 30.79 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255336. 4/12/2005 5:38 AM 42.97 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255337. 4/12/2005 5:38 AM 20.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255338. 4/12/2005 5:38 AM 38.74 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255339. 4/12/2005 5:38 AM 27.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255340. 4/12/2005 5:38 AM 62.70 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255341. 4/12/2005 5:38 AM 27.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255342. 4/12/2005 5:38 AM 42.89 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255343. 4/12/2005 5:38 AM 27.65 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255344. 4/12/2005 5:38 AM 52.03 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255345. 4/12/2005 5:38 AM 39.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255346. 4/12/2005 5:38 AM 41.58 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255347. 4/12/2005 5:38 AM 33.82 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255348. 4/12/2005 5:38 AM 58.93 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255349. 4/12/2005 5:38 AM 45.49 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255350. 4/12/2005 5:38 AM 45.31 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255351. 4/12/2005 5:38 AM 31.33 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255352. 4/12/2005 5:38 AM 52.17 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255353. 4/12/2005 5:38 AM 44.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255354. 4/12/2005 5:38 AM 73.98 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255355. 4/12/2005 5:38 AM 37.47 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255356. 4/12/2005 5:38 AM 75.42 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255357. 4/12/2005 5:38 AM 92.22 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255358. 4/12/2005 5:38 AM 27.10 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255359. 4/12/2005 5:38 AM 37.16 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255360. 4/12/2005 5:38 AM 70.75 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255361. 4/12/2005 5:38 AM 56.67 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255362. 4/12/2005 5:38 AM 42.77 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255363. 4/12/2005 5:38 AM 46.36 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255364. 4/12/2005 5:38 AM 30.23 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255365. 4/12/2005 5:38 AM 36.73 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255366. 4/12/2005 5:38 AM 46.73 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255367. 4/12/2005 5:38 AM 75.38 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255368. 4/12/2005 5:38 AM 29.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255369. 4/12/2005 5:38 AM 29.15 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255370. 4/12/2005 5:38 AM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255371. 4/12/2005 5:38 AM 76.75 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255372. 4/12/2005 5:38 AM 78.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255373. 4/12/2005 5:38 AM 65.88 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255374. 4/12/2005 5:38 AM 51.21 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255375. 4/12/2005 5:38 AM 65.49 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255376. 4/12/2005 5:38 AM 60.45 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255377. 4/12/2005 5:38 AM 59.33 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255378. 4/12/2005 5:38 AM 62.51 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255379. 4/12/2005 5:38 AM 64.61 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255380. 4/12/2005 5:38 AM 36.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255381. 4/12/2005 5:38 AM 77.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255418. 4/12/2005 5:51 AM 44.92 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255419. 4/12/2005 5:51 AM 35.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255420. 4/12/2005 5:51 AM 26.06 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255421. 4/12/2005 5:51 AM 39.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255422. 4/12/2005 5:51 AM 34.97 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255423. 4/12/2005 5:51 AM 38.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255424. 4/12/2005 5:51 AM 30.79 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255425. 4/12/2005 5:51 AM 42.97 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255426. 4/12/2005 5:51 AM 20.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255427. 4/12/2005 5:51 AM 38.74 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255428. 4/12/2005 5:51 AM 27.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255429. 4/12/2005 5:51 AM 62.70 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255430. 4/12/2005 5:51 AM 27.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255431. 4/12/2005 5:51 AM 42.89 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255432. 4/12/2005 5:51 AM 27.65 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255433. 4/12/2005 5:51 AM 52.03 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255434. 4/12/2005 5:51 AM 39.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255435. 4/12/2005 5:51 AM 41.58 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255436. 4/12/2005 5:51 AM 33.82 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255437. 4/12/2005 5:51 AM 58.93 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255438. 4/12/2005 5:51 AM 45.49 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255439. 4/12/2005 5:51 AM 45.31 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255440. 4/12/2005 5:51 AM 31.33 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255441. 4/12/2005 5:51 AM 52.17 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255442. 4/12/2005 5:51 AM 44.87 KB Hidden from Windows API.
Bobbi Flekman
Apr 13 2005, 09:02 AM
Is that all it lists?

By the way, you might want to empty the Norton Protected Recycle Bin LOL
Bobbi Flekman
Apr 13 2005, 01:05 PM
Hi jerryfr40,

How many programs do you use for the graphics? And which are they? It could be that one of them is the problem in you having that sysfader popup. Can you recall when it started? Did you install a new program?

I got redirected to the thread I posted earlier at Wilder's. You may want to read it for yourself, but a few of the new posts mention things that might of interest.

Post 63:
QUOTE
I had this problem awhile ago. I turned out that Sysfader.exe is a utility used by some NVidia graphic card packages. This can be verified by using a program such as QuickView to see the file's publisher or opening the Sysfader.exe file in a hex editor. To remove the file uninstall the NVida drivers then WITHOUT REBOOTING go into the registry and remove any references to NVidia. There were three if I remember correctly. Then reboot and reinstall the NVidia drivers. Be sure when reinstalling the drivers NOT to check any option that "speeds up opening and closing windows" or any of the window or taskbar transparency options. Sysfader is used to implement these options and if they are not used then Sysfader will not be installed. Apparently the Sysfader utility clashes with Windows 2000 and XP window display processes i.e. they both try to 'lock' the same memory in user space at the same time. Strangely this is an unintended side effect of user space memory protection that is intended to protect your computer from hijacking programs.


Post 100:
QUOTE
I HAVE FIXED THE PROBLEM!!!!

Start, Right click My Computer, Properties, Advanced Tab, Click the settings button under performance, Choose Adjust for best performance. Job Done!

I have been working on it all night, it was that simple.
Can you try these as well..
jerryfr40
Apr 14 2005, 11:31 AM
Good Morning,

I have tried the ideas offered in the other thread but it is still here. The only thing I did not try was to delete the Nvidia program and re-install it because I really am afraid that I would mess up the computer. I simply do not know that much about them. I can tell you that the Nvidia came with the computer and should probably be the only graphics program on it. I do not use any of the functions in the program because I do not know what any of them are or what they can do. I do know that this program has been a CPU hog and I have considered removing it over the past 2 years but decided not to because without knowing what it does I thought it was best to leave it alone. If I have more than one graphix program running I would be happy to remove what ever is not necessary.

As to any recent downloads, yes I did download an update to Java right around the same time that this started. Again, without knowing what it does I was afraid to remove the update from the computer. Basicaly I use the computer on the internet, I use MS Word, and limited usage of Excell. Beyond that I am computer illiterate. I am able to follow directions from the people on these boards worthy.gif and locate things to change or remove but I really do not know what I am doing when I do them.

Bottom line.... Sysfader is still present. I do not get pop-ups or error messages like most of the other posts are referring to. All I get is a blank windows icon opening up on my bottom task bar for a couple of seconds. If I have the Task Manager open to Applications when this happens I can see that the blank is listed as Sysfader.exe

I have emptied the Norton Protected and the recycle box (all that Norton Recyler stuff still shows on the log file though, I have ran CheckDisc, Defrag, rebooted, updated Nvidia on their site, ran Spybot, Adaware 6, RootKitRevealer, Stinger, About Buster, CWShreader, ADS Spy Utility, QwickNT-Home, RegSearch (Which I hadn't noticed until now was written by you worthy.gif ), BHO Zapper, PC Rescue, FileMon, and HijackThis so far. The only thing that I can think of that I have not tried to tossing this thing out the freaking window, but I am not against trying that....SOON. This is so frustrating, but I do have an online business, jerrysantiques.com, to help make ends meet so I guess I shouldn't try that one.

Anyway, enough venting, here are my newest RootKit Revealer and HJT logs.

C:\Documents and Settings\Jerry Housh\Local Settings\Temporary Internet Files\Content.IE5\RK3F338X\ShowLetter[1].: 3/7/2003 6:08 PM 54.55 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000698. 2/17/2004 6:05 AM 574.49 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000856. 2/17/2004 6:05 AM 514.46 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000858. 2/17/2004 6:05 AM 537.84 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013541. 1/7/2003 11:32 AM 24.51 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013542. 1/7/2003 11:32 AM 18.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013543. 1/7/2003 11:32 AM 24.06 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013544. 1/7/2003 11:32 AM 29.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013545. 1/7/2003 11:32 AM 30.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013546. 1/7/2003 11:32 AM 29.65 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013547. 1/7/2003 11:32 AM 20.32 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013767. 1/8/2003 6:35 PM 20.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013768. 1/8/2003 6:35 PM 17.48 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00013769. 1/8/2003 6:35 PM 10.21 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098397. 9/7/2004 12:54 AM 21.69 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098398. 9/7/2004 12:54 AM 15.94 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098399. 9/7/2004 12:54 AM 13.43 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098416. 9/7/2004 12:54 AM 21.69 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098417. 9/7/2004 12:54 AM 24.85 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098418. 9/7/2004 12:54 AM 12.16 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098431. 9/7/2004 12:54 AM 23.34 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098432. 9/7/2004 12:54 AM 25.75 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098433. 9/7/2004 12:54 AM 13.49 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098447. 9/7/2004 12:54 AM 24.95 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00098448. 9/7/2004 12:54 AM 13.52 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232324. 3/28/2004 7:18 AM 40.67 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232325. 3/28/2004 7:18 AM 33.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232326. 3/28/2004 7:18 AM 29.92 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232327. 3/28/2004 7:18 AM 40.04 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232328. 3/28/2004 7:18 AM 26.40 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232329. 3/28/2004 7:18 AM 44.58 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232330. 3/28/2004 7:18 AM 31.97 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232419. 3/28/2004 7:18 AM 43.70 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232420. 3/28/2004 7:18 AM 34.29 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232421. 3/28/2004 7:18 AM 32.22 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232422. 3/28/2004 7:18 AM 32.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232423. 3/28/2004 7:18 AM 34.19 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232424. 3/28/2004 7:18 AM 44.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232425. 3/28/2004 7:18 AM 39.93 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232426. 3/28/2004 7:18 AM 34.51 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232427. 3/28/2004 7:18 AM 37.11 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232428. 3/28/2004 7:18 AM 37.10 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232429. 3/28/2004 7:18 AM 48.29 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232430. 3/28/2004 7:18 AM 34.77 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232431. 3/28/2004 7:18 AM 51.07 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232477. 3/28/2004 7:18 AM 40.35 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232478. 3/28/2004 7:18 AM 40.04 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232479. 3/28/2004 7:18 AM 32.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232480. 3/28/2004 7:18 AM 56.22 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232481. 3/28/2004 7:18 AM 35.93 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232482. 3/28/2004 7:18 AM 43.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232483. 3/28/2004 7:18 AM 32.27 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00232484. 3/28/2004 7:18 AM 29.34 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241262. 1/17/2004 10:58 AM 506.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241263. 1/17/2004 10:58 AM 339.23 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241264. 1/17/2004 10:58 AM 446.93 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241265. 1/17/2004 10:58 AM 418.34 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241266. 1/17/2004 10:58 AM 368.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241267. 1/17/2004 10:58 AM 405.48 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241268. 1/17/2004 10:58 AM 528.85 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241269. 1/17/2004 10:58 AM 414.65 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241270. 1/17/2004 10:58 AM 431.65 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241271. 1/17/2004 10:58 AM 381.09 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241273. 1/17/2004 10:58 AM 466.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241274. 1/17/2004 10:58 AM 436.79 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241275. 1/17/2004 10:58 AM 430.86 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241276. 1/17/2004 10:58 AM 507.37 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241277. 1/17/2004 10:58 AM 484.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241278. 1/17/2004 10:58 AM 454.35 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241279. 1/17/2004 10:58 AM 440.19 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241280. 1/17/2004 10:58 AM 432.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241281. 1/17/2004 10:58 AM 459.59 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241282. 1/17/2004 10:58 AM 502.33 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241284. 1/17/2004 10:58 AM 460.45 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241285. 1/17/2004 10:58 AM 466.85 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241286. 1/17/2004 10:58 AM 425.34 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241287. 1/17/2004 10:58 AM 535.65 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241288. 1/17/2004 10:58 AM 470.23 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241289. 1/17/2004 10:58 AM 524.47 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241290. 1/17/2004 10:58 AM 582.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241291. 1/17/2004 10:58 AM 520.46 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241292. 1/17/2004 10:58 AM 445.67 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241293. 1/17/2004 10:58 AM 523.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241295. 1/17/2004 10:58 AM 557.46 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241296. 1/17/2004 10:58 AM 538.27 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241297. 1/17/2004 10:58 AM 494.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241298. 1/17/2004 10:58 AM 506.28 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241299. 1/17/2004 10:58 AM 613.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241300. 1/17/2004 10:58 AM 564.71 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241301. 1/17/2004 10:58 AM 548.32 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241302. 1/17/2004 10:58 AM 343.84 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241303. 1/17/2004 10:58 AM 574.49 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241304. 1/17/2004 10:58 AM 472.05 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241306. 1/17/2004 10:58 AM 526.11 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241307. 1/17/2004 10:58 AM 503.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241308. 1/17/2004 10:58 AM 505.52 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241309. 1/17/2004 10:58 AM 541.65 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241310. 1/17/2004 10:58 AM 492.24 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241311. 1/17/2004 10:58 AM 489.88 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241312. 1/17/2004 10:58 AM 516.36 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241313. 1/17/2004 10:58 AM 514.46 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241314. 1/17/2004 10:58 AM 546.86 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241315. 1/17/2004 10:58 AM 569.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241317. 1/17/2004 10:58 AM 2.00 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241317.:AFP_AfpInfo 1/17/2004 10:58 AM 60 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241318. 1/17/2004 10:58 AM 641.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241319. 1/17/2004 10:58 AM 634.60 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241320. 1/17/2004 10:58 AM 551.33 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241321. 1/17/2004 10:58 AM 734.30 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241322. 1/17/2004 10:58 AM 510.26 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241323. 1/17/2004 10:58 AM 580.23 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241324. 1/17/2004 10:58 AM 523.26 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241325. 1/17/2004 10:58 AM 516.19 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241326. 1/17/2004 10:58 AM 644.29 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241331. 1/17/2004 10:58 AM 493.69 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241332. 1/17/2004 10:58 AM 491.21 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241333. 1/17/2004 10:58 AM 522.42 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241334. 1/17/2004 10:58 AM 499.23 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241335. 1/17/2004 10:58 AM 519.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241336. 1/17/2004 10:58 AM 529.36 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241346. 1/17/2004 10:58 AM 661.89 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241347. 1/17/2004 10:58 AM 532.16 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241348. 1/17/2004 10:58 AM 496.95 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241349. 1/17/2004 10:58 AM 517.98 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241350. 1/17/2004 10:58 AM 531.37 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241351. 1/17/2004 10:58 AM 557.41 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241352. 1/17/2004 10:58 AM 647.64 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241353. 1/17/2004 10:58 AM 537.84 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241354. 1/17/2004 10:58 AM 647.52 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241355. 1/17/2004 10:58 AM 528.36 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241357. 1/17/2004 10:58 AM 589.07 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241358. 1/17/2004 10:58 AM 637.38 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241359. 1/17/2004 10:58 AM 555.15 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241360. 1/17/2004 10:58 AM 536.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241361. 1/17/2004 10:58 AM 513.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241362. 1/17/2004 10:58 AM 519.23 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00241363. 1/17/2004 10:58 AM 569.06 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00242943. 1/17/2004 10:58 AM 546.86 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00243110. 1/17/2004 10:58 AM 546.86 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00274062. 1/23/2004 11:12 AM 546.86 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00274329. 1/23/2004 11:12 AM 503.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00274333. 1/23/2004 11:12 AM 517.98 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281442. 2/17/2004 6:05 AM 641.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281443. 2/17/2004 6:05 AM 529.36 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281444. 2/17/2004 6:05 AM 569.06 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281448. 2/17/2004 6:05 AM 516.19 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281449. 2/17/2004 6:05 AM 519.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281450. 2/17/2004 6:05 AM 513.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281456. 2/17/2004 6:05 AM 641.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281457. 2/17/2004 6:05 AM 555.15 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281465. 2/17/2004 6:05 AM 641.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281466. 2/17/2004 6:05 AM 493.69 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281467. 2/17/2004 6:05 AM 491.21 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281468. 2/17/2004 6:05 AM 589.07 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281472. 2/17/2004 6:05 AM 492.24 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281473. 2/17/2004 6:05 AM 557.41 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281484. 2/17/2004 6:05 AM 489.88 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281485. 2/17/2004 6:05 AM 647.64 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281490. 2/17/2004 6:05 AM 526.11 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281491. 2/17/2004 6:05 AM 557.41 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281498. 2/17/2004 6:05 AM 526.11 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281500. 2/17/2004 6:05 AM 496.95 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281815. 2/17/2004 6:05 AM 641.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281816. 2/17/2004 6:05 AM 529.36 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281817. 2/17/2004 6:05 AM 569.06 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281821. 2/17/2004 6:05 AM 516.19 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281822. 2/17/2004 6:05 AM 519.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281823. 2/17/2004 6:05 AM 513.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281829. 2/17/2004 6:05 AM 641.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281830. 2/17/2004 6:05 AM 555.15 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281838. 2/17/2004 6:05 AM 641.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281839. 2/17/2004 6:05 AM 493.69 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281840. 2/17/2004 6:05 AM 491.21 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281841. 2/17/2004 6:05 AM 589.07 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281845. 2/17/2004 6:05 AM 492.24 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281846. 2/17/2004 6:05 AM 557.41 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281856. 2/17/2004 6:05 AM 489.88 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281857. 2/17/2004 6:05 AM 647.64 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281862. 2/17/2004 6:05 AM 526.11 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281863. 2/17/2004 6:05 AM 557.41 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281870. 2/17/2004 6:05 AM 526.11 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00281872. 2/17/2004 6:05 AM 496.95 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00289174. 2/8/2004 1:58 AM 639.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00289281. 2/8/2004 1:58 AM 639.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00296511. 9/7/2004 12:53 AM 3.50 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328180. 9/7/2004 12:55 AM 186 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328201. 9/7/2004 12:55 AM 223 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328203. 9/7/2004 12:55 AM 3.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328205. 9/7/2004 12:55 AM 812 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328207. 9/7/2004 12:55 AM 803 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328234. 9/7/2004 12:55 AM 63 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328285. 9/7/2004 12:55 AM 8.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328506. 9/7/2004 12:55 AM 152.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328507. 9/7/2004 12:55 AM 188.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328560. 9/7/2004 12:55 AM 152.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328561. 9/7/2004 12:55 AM 188.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328773. 9/7/2004 12:55 AM 186 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328794. 9/7/2004 12:55 AM 223 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328796. 9/7/2004 12:55 AM 3.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328798. 9/7/2004 12:55 AM 812 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328800. 9/7/2004 12:55 AM 803 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328825. 9/7/2004 12:55 AM 63 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00328876. 9/7/2004 12:55 AM 8.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00442527. 4/3/2005 3:07 PM 242.28 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00442533. 4/3/2005 3:07 PM 212.77 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00442535. 4/3/2005 3:07 PM 264.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255307. 4/12/2005 5:38 AM 44.92 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255308. 4/12/2005 5:38 AM 35.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255309. 4/12/2005 5:38 AM 26.06 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255310. 4/12/2005 5:38 AM 43.17 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255311. 4/12/2005 5:38 AM 46.71 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255312. 4/12/2005 5:38 AM 75.80 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255313. 4/12/2005 5:38 AM 72.38 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255314. 4/12/2005 5:38 AM 55.47 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255315. 4/12/2005 5:38 AM 91.99 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255316. 4/12/2005 5:38 AM 84.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255317. 4/12/2005 5:38 AM 56.99 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255318. 4/12/2005 5:38 AM 41.42 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255319. 4/12/2005 5:38 AM 65.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255320. 4/12/2005 5:38 AM 45.40 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255321. 4/12/2005 5:38 AM 66.68 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255322. 4/12/2005 5:38 AM 55.84 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255323. 4/12/2005 5:38 AM 51.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255324. 4/12/2005 5:38 AM 43.76 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255325. 4/12/2005 5:38 AM 74.64 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255326. 4/12/2005 5:38 AM 77.35 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255327. 4/12/2005 5:38 AM 47.71 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255328. 4/12/2005 5:38 AM 43.96 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255329. 4/12/2005 5:38 AM 75.42 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255330. 4/12/2005 5:38 AM 34.97 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255331. 4/12/2005 5:38 AM 33.85 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255332. 4/12/2005 5:38 AM 39.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255333. 4/12/2005 5:38 AM 34.97 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255334. 4/12/2005 5:38 AM 38.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255335. 4/12/2005 5:38 AM 30.79 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255336. 4/12/2005 5:38 AM 42.97 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255337. 4/12/2005 5:38 AM 20.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255338. 4/12/2005 5:38 AM 38.74 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255339. 4/12/2005 5:38 AM 27.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255340. 4/12/2005 5:38 AM 62.70 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255341. 4/12/2005 5:38 AM 27.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255342. 4/12/2005 5:38 AM 42.89 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255343. 4/12/2005 5:38 AM 27.65 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255344. 4/12/2005 5:38 AM 52.03 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255345. 4/12/2005 5:38 AM 39.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255346. 4/12/2005 5:38 AM 41.58 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255347. 4/12/2005 5:38 AM 33.82 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255348. 4/12/2005 5:38 AM 58.93 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255349. 4/12/2005 5:38 AM 45.49 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255350. 4/12/2005 5:38 AM 45.31 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255351. 4/12/2005 5:38 AM 31.33 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255352. 4/12/2005 5:38 AM 52.17 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255353. 4/12/2005 5:38 AM 44.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255354. 4/12/2005 5:38 AM 73.98 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255355. 4/12/2005 5:38 AM 37.47 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255356. 4/12/2005 5:38 AM 75.42 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255357. 4/12/2005 5:38 AM 92.22 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255358. 4/12/2005 5:38 AM 27.10 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255359. 4/12/2005 5:38 AM 37.16 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255360. 4/12/2005 5:38 AM 70.75 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255361. 4/12/2005 5:38 AM 56.67 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255362. 4/12/2005 5:38 AM 42.77 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255363. 4/12/2005 5:38 AM 46.36 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255364. 4/12/2005 5:38 AM 30.23 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255365. 4/12/2005 5:38 AM 36.73 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255366. 4/12/2005 5:38 AM 46.73 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255367. 4/12/2005 5:38 AM 75.38 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255368. 4/12/2005 5:38 AM 29.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255369. 4/12/2005 5:38 AM 29.15 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255370. 4/12/2005 5:38 AM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255371. 4/12/2005 5:38 AM 76.75 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255372. 4/12/2005 5:38 AM 78.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255373. 4/12/2005 5:38 AM 65.88 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255374. 4/12/2005 5:38 AM 51.21 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255375. 4/12/2005 5:38 AM 65.49 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255376. 4/12/2005 5:38 AM 60.45 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255377. 4/12/2005 5:38 AM 59.33 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255378. 4/12/2005 5:38 AM 62.51 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255379. 4/12/2005 5:38 AM 64.61 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255380. 4/12/2005 5:38 AM 36.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255381. 4/12/2005 5:38 AM 77.12 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255418. 4/12/2005 5:51 AM 44.92 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255419. 4/12/2005 5:51 AM 35.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255420. 4/12/2005 5:51 AM 26.06 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255421. 4/12/2005 5:51 AM 39.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255422. 4/12/2005 5:51 AM 34.97 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255423. 4/12/2005 5:51 AM 38.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255424. 4/12/2005 5:51 AM 30.79 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255425. 4/12/2005 5:51 AM 42.97 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255426. 4/12/2005 5:51 AM 20.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255427. 4/12/2005 5:51 AM 38.74 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255428. 4/12/2005 5:51 AM 27.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255429. 4/12/2005 5:51 AM 62.70 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255430. 4/12/2005 5:51 AM 27.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255431. 4/12/2005 5:51 AM 42.89 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255432. 4/12/2005 5:51 AM 27.65 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255433. 4/12/2005 5:51 AM 52.03 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255434. 4/12/2005 5:51 AM 39.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255435. 4/12/2005 5:51 AM 41.58 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255436. 4/12/2005 5:51 AM 33.82 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255437. 4/12/2005 5:51 AM 58.93 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255438. 4/12/2005 5:51 AM 45.49 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255439. 4/12/2005 5:51 AM 45.31 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255440. 4/12/2005 5:51 AM 31.33 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255441. 4/12/2005 5:51 AM 52.17 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\02255442. 4/12/2005 5:51 AM 44.87 KB Hidden from Windows API.








HJT:
Logfile of HijackThis v1.99.1
Scan saved at 6:09:49 AM, on 04/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\BHOZapper\BHOZapper.exe
C:\Program Files\PivX\Qwik-Fix Pro\qfui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\HistoryKill\histkill.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\HistoryKill\hkPopupKiller.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: BHOZapper Toolbar - {0A029144-6E5A-4F7E-A3B8-0B7F3F729049} - C:\Program Files\BHOZapper\BHOZapper Toolbar.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BHOZapper] C:\Program Files\BHOZapper\BHOZapper.exe
O4 - HKLM\..\Run: [Qwik-Fix Pro User Interface] "C:\Program Files\PivX\Qwik-Fix Pro\qfui.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094524592390
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Qwik-Fix Pro (qfcoresvc) - PivX Solutions, Inc. - C:\Program Files\PivX\Qwik-Fix Pro\qfloadsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



Thanks for your help,
Jerry Housh
http://www.jerrysantiques.com
Bobbi Flekman
Apr 15 2005, 05:52 AM
QUOTE (jerryfr40 @ Apr 14 2005, 12:31 PM)
Good Morning,

I have tried the ideas offered in the other thread but it is still here. The only thing I did not try was to delete the Nvidia program and re-install it because I really am afraid that I would mess up the computer. I simply do not know that much about them. I can tell you that the Nvidia came with the computer and should probably be the only graphics program on it. I do not use any of the functions in the program because I do not know what any of them are or what they can do. I do know that this program has been a CPU hog and I have considered removing it over the past 2 years but decided not to because without knowing what it does I thought it was best to leave it alone. If I have more than one graphix program running I would be happy to remove what ever is not necessary.
NVidia is your video card. And sysfader is a program that 'enhances' what you see (the shading effects, and all). So it isn't really necessary (sysfader, that is).

If I, or my esteemed collegues, have more ideas I will make a new post...
jerryfr40
Apr 17 2005, 09:15 AM
Final update:

There may well be a legit program called "Sysfader" but some sicko has decided it would be funny to create a virus with the same name. What I HAD was not legit, and it was not harmless. After fighting it for 14 days I lost the battle late Friday.

On Thursday my wife's Desktop shortcuts stopped functioning properly. No matter what she would click on it would open to an open HTML code notepad. That was easy enough to get around by telling the computer to open with IE. This was followed by programs disappearing and home page highjackings. I also lost all restore points as well as Norton's Go Back points. The points were still there but the system refused to restore to any of them. It said there was data missing from the files. It also began running Check Disc every time the computer was signed off. Each time it said that there was a problem with the C drive, but that it fixed it.

Early Friday my DSL was effected and I lost my link to this board and the help which you had been so graciously giving to me. I attempted to re-sync my modem and router for several hours with no luck. I finally decided to bite the bullet and send as much personal info and photos to CD and then re-format my hard drive.

When I put my restore discs in it would go through the motions but then it would come up with an error that it could not find the User Partition. It would attempt to create a new one but that would fail everytime. It was becoming apparent that I was not going to be able to format the hard drive.

Saturday morning I gave up and purchased a new hard drive and installed it. I have been working on getting it all set up since then. What ever this "Sysfader.exe" was, it grew and became destructive as time passed until it finally damaged my system beyond repair.

I do greatly appreciate all of your assistance in trying to identify this thing. What you do is is fantastic. I could never have gone through all of this without your help.

Sincerely,
Jerry Housh
Jerry's Antiques and Collectibles
http://www.jerrysantiques.com
Bobbi Flekman
Apr 17 2005, 11:29 AM
Hi jerryfr40,

Sorry to hear the final outcome of it.

This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....

Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.

Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.

This can be accessed by going to http://windowsupdate.microsoft.com/ and following the prompts. If you are running Windows XP get updated to SP-2

Please post back if you are still having any problems....
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.