C:\WINDOWS\SYSTEM\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}

malachithree10 · 11-07-2003, 10:48 PM

C:\WINDOWS\SYSTEM\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}

Does anyone know anything about the above folder/file? I was wondering if this file is reason for my computer running slow, IE shutting down and performing illegal opps.

Thanks for any help.

Here are more suspicious folders/files I found on my pc when I ran a scan by SPYKILLER. Are these bad too or needed? Is there anyway for someone to highlight for me what I need to delete in order to get my pc up and running smoothly again?
Thank you.

WebPI HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs--1--c:\Program Files\Microsoft Works\msworks.exe
Spy - Softec Software
WebPI HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Components\8F4F491F5C6C2D1108B0000CF43A92AA--c?\Program Files\Microsoft Works\msworks.exe--4334636503592D11FBCF000CF43A92AA
Spy - Softec Software
Alexa HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping--8192--{c95fe080-8f5d-11d2-a20b-00aa003c157a}
SpyWare/Adware - Alexa
Registry scan result:
Suspicious keys found: 3

**jgvernonco** · 11-08-2003, 02:19 PM

(In his best baritone voice)...Oh Yeah.

From the little blurb that I post below so that I don't have to type so much, find the link for Spybot, download it, run it and have it fix everything in red.

Then, download Hijack this here , create, copy and paste a log here, and we'll look for stragglers.
-----------------------------------------------------------------------------------

jgvernonco’s
recommended
security
software

Zonealarm Firewall (free edition) Zone Labs:

http://www.zonelabs.com/store/conte...reeDownload.jsp

Free antivirus software

http://www.avast.com/i_idt_153.html

Spyware blocking programs (free):

Spyware Blaster and Spyware Guard (the link will take you to the Blaster page. The menu bar at the top will take you to the Guard page. These two programs, written by the same developer, work hand-in-hand to protect you from invasions).

http://www.javacoolsoftware.com/spywareblaster.html

Spyware Killers (free)!

Spybot Search & Destroy

http://download.com.com/3000-2144-1...&tag=button

Adaware
Ad-aware - Software - Lavasoft

http://www.lavasoftusa.com/software/adaware/

I run both of these, as they occasionally find something that the other did not.

Additionally, Microsoft has made some poor choices about default settings in the OSs, resulting in multiple security weaknesses. Gibson Research has a number of little programs that will help you close security holes without having to edit your registry, wander My Computer, etc., just to get secure. I highly recommend this resource.

Gibson Research Corporation Home Page

http://grc.com/default.htm

The secret to running these programs is to update at least weekly! Update Adaware and Spybot before you run a scan every time. Don’t forget to update Blaster and Guard when you are doing your maintenance. Make sure the antivirus software us up-to-date. Put a note on your computer reminding you to do it!

Last, but not least, if you are a Microsoft user, update, update, update! Put it on your list! The only Trojan that ever made it through my security did not take me down because I was current on my security patches, which limited what the Trojan could do. (It was still a big pain, though). Most of you will have a Windows Update selection when you click “start”, but if you do not, here’s a link:

Microsoft Windows Update

http://v4.windowsupdate.microsoft.com/en/default.asp

Stay safe! Enjoy the WWW!

malachithree10 · 11-08-2003, 02:54 PM

I ran Spybot S&D and Adaware and they both come up without finding any files or folders after I ran each of them a 2nd time.

But in running SpyKiller it still tells me I have the following, though Spybot S&D and Adaware tell me I have nothing.
Started registry scan
====================
WebPI HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr
entVersion\SharedDLLs--1--c:\Program Files\Microsoft Works\msworks.exe
Spy - Softec Software
WebPI HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr
entVersion\Installer\Components\8F4F491F5C6C2D1108
B0000CF43A92AA--c?\Program Files\Microsoft Works\msworks.exe--4334636503592D11FBCF000CF43A92AA
Spy - Softec Software
Alexa HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping--8192--{c95fe080-8f5d-11d2-a20b-00aa003c157a}
SpyWare/Adware - Alexa
Registry scan result:
Suspicious keys found: 3

Started folder scan
====================
BDE C:\WINDOWS\SYSTEM\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}
Adware - Brilliant Digital

So, which program would be correct? Spykiller does not let me clean up and redirects me to a "buy for discount " page.

I will take your advice and download all the other programs you suggested also. But the log that Spykiller pulls up, are those files/folders of any worry?

I was wondering if this file [C:\WINDOWS\SYSTEM\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}] is reason for my computer running slow, IE shutting down and performing illegal opps or is it needed?

Thank you again.
MalachiThree10

**jgvernonco** · 11-08-2003, 08:46 PM

The only thing that I know about Spywarekiller is my limited experience with it here. Because of that, I can't really trust it. I haven't had the time to research it.

Please download Hijack This, scan, save log, then paste it here. It's the quickest way to go.

malachithree10 · 11-08-2003, 09:18 PM

Logfile of HijackThis v1.97.3
Scan saved at 11:52:16 PM, on 11/6/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY.EXE
C:\WINDOWS\SYSTEM\3CMLNKW.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET G SERIES\FRU\REMIND32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\QZTEMP\6634293\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.netcenter.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard\Easykey.exe
O4 - HKLM\..\Run: [3Cmlink] c:\windows\SYSTEM\3cmlnkW.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\MY DOCUMENTS\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\stimon.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccProxy] c:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\RunServices: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\RunServices: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q
O4 - HKCU\..\RunServices: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\FRU\Remind32.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...7908.829837963
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

Ren of Heavens · 11-10-2003, 05:13 AM

Ignore me, the first time I viewed the thread only the first post loaded so my reply is useless >_< Why can't we delete our own posts here?

**jgvernonco** · 11-10-2003, 08:07 AM

O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL (file missing)

This is all I found, which is more "housekeeping" than the source of the problem.

Open an HJY log, check this for fixing, then, with all explorer and browser windows closed, have HJT fix it.

Reboot.

I would like to answer your question about why Spyware Killer found all that stuff and the otrhers did not, but I can tell you that a lot of experience tells me that both Adaware and Spybot are very thorough, though conservative in not IDing things that you might actually need.

See how you machine behaves, and let us know.

11-07-2003, 10:48 PM	#1 (permalink)
malachithree10 Registered User Join Date: Nov 2003 Posts: 6 OS: Win 98 2nd edition	C:\WINDOWS\SYSTEM\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} C:\WINDOWS\SYSTEM\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} Does anyone know anything about the above folder/file? I was wondering if this file is reason for my computer running slow, IE shutting down and performing illegal opps. Thanks for any help. Here are more suspicious folders/files I found on my pc when I ran a scan by SPYKILLER. Are these bad too or needed? Is there anyway for someone to highlight for me what I need to delete in order to get my pc up and running smoothly again? Thank you. WebPI HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs--1--c:\Program Files\Microsoft Works\msworks.exe Spy - Softec Software WebPI HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Components\8F4F491F5C6C2D1108B0000CF43A92AA--c?\Program Files\Microsoft Works\msworks.exe--4334636503592D11FBCF000CF43A92AA Spy - Softec Software Alexa HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping--8192--{c95fe080-8f5d-11d2-a20b-00aa003c157a} SpyWare/Adware - Alexa Registry scan result: Suspicious keys found: 3

11-08-2003, 02:19 PM	#2 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,958 OS: Vista Home Premium, SP 27	(In his best baritone voice)...Oh Yeah. From the little blurb that I post below so that I don't have to type so much, find the link for Spybot, download it, run it and have it fix everything in red. Then, download Hijack this here , create, copy and paste a log here, and we'll look for stragglers. ----------------------------------------------------------------------------------- jgvernonco’s recommended security software Zonealarm Firewall (free edition) Zone Labs: http://www.zonelabs.com/store/conte...reeDownload.jsp Free antivirus software http://www.avast.com/i_idt_153.html Spyware blocking programs (free): Spyware Blaster and Spyware Guard (the link will take you to the Blaster page. The menu bar at the top will take you to the Guard page. These two programs, written by the same developer, work hand-in-hand to protect you from invasions). http://www.javacoolsoftware.com/spywareblaster.html Spyware Killers (free)! Spybot Search & Destroy http://download.com.com/3000-2144-1...&tag=button Adaware Ad-aware - Software - Lavasoft http://www.lavasoftusa.com/software/adaware/ I run both of these, as they occasionally find something that the other did not. Additionally, Microsoft has made some poor choices about default settings in the OSs, resulting in multiple security weaknesses. Gibson Research has a number of little programs that will help you close security holes without having to edit your registry, wander My Computer, etc., just to get secure. I highly recommend this resource. Gibson Research Corporation Home Page http://grc.com/default.htm The secret to running these programs is to update at least weekly! Update Adaware and Spybot before you run a scan every time. Don’t forget to update Blaster and Guard when you are doing your maintenance. Make sure the antivirus software us up-to-date. Put a note on your computer reminding you to do it! Last, but not least, if you are a Microsoft user, update, update, update! Put it on your list! The only Trojan that ever made it through my security did not take me down because I was current on my security patches, which limited what the Trojan could do. (It was still a big pain, though). Most of you will have a Windows Update selection when you click “start”, but if you do not, here’s a link: Microsoft Windows Update http://v4.windowsupdate.microsoft.com/en/default.asp Stay safe! Enjoy the WWW! __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt

11-08-2003, 08:46 PM	#4 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,958 OS: Vista Home Premium, SP 27	The only thing that I know about Spywarekiller is my limited experience with it here. Because of that, I can't really trust it. I haven't had the time to research it. Please download Hijack This, scan, save log, then paste it here. It's the quickest way to go. __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt

11-08-2003, 09:18 PM	#5 (permalink)
malachithree10 Registered User Join Date: Nov 2003 Posts: 6 OS: Win 98 2nd edition	Hijack This log file here.... Logfile of HijackThis v1.97.3 Scan saved at 11:52:16 PM, on 11/6/03 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY.EXE C:\WINDOWS\SYSTEM\3CMLNKW.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET G SERIES\FRU\REMIND32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\TEMP\QZTEMP\6634293\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.netcenter.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard\Easykey.exe O4 - HKLM\..\Run: [3Cmlink] c:\windows\SYSTEM\3cmlnkW.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\MY DOCUMENTS\PANICWARE\POP-UP STOPPER\DPPS2.EXE" O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\stimon.exe O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccProxy] c:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\RunServices: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\RunServices: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q O4 - HKCU\..\RunServices: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\FRU\Remind32.exe O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...7908.829837963 O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - http://office.microsoft.com/officeup...ntent/opuc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

11-10-2003, 05:13 AM	#6 (permalink)
Ren of Heavens Member Join Date: Aug 2003 Location: England Posts: 42 OS: XP Professional	Re: C:\WINDOWS\SYSTEM\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} Ignore me, the first time I viewed the thread only the first post loaded so my reply is useless >_< Why can't we delete our own posts here? Last edited by Ren of Heavens; 11-10-2003 at 05:31 AM.

11-08-2003, 02:54 PM	#3 (permalink)
malachithree10 Registered User Join Date: Nov 2003 Posts: 6 OS: Win 98 2nd edition	I ran Spybot S&D and Adaware and they both come up without finding any files or folders after I ran each of them a 2nd time. But in running SpyKiller it still tells me I have the following, though Spybot S&D and Adaware tell me I have nothing. Started registry scan ==================== WebPI HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\SharedDLLs--1--c:\Program Files\Microsoft Works\msworks.exe Spy - Softec Software WebPI HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Installer\Components\8F4F491F5C6C2D1108 B0000CF43A92AA--c?\Program Files\Microsoft Works\msworks.exe--4334636503592D11FBCF000CF43A92AA Spy - Softec Software Alexa HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping--8192--{c95fe080-8f5d-11d2-a20b-00aa003c157a} SpyWare/Adware - Alexa Registry scan result: Suspicious keys found: 3 Started folder scan ==================== BDE C:\WINDOWS\SYSTEM\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} Adware - Brilliant Digital So, which program would be correct? Spykiller does not let me clean up and redirects me to a "buy for discount " page. I will take your advice and download all the other programs you suggested also. But the log that Spykiller pulls up, are those files/folders of any worry? I was wondering if this file [C:\WINDOWS\SYSTEM\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}] is reason for my computer running slow, IE shutting down and performing illegal opps or is it needed? Thank you again. MalachiThree10

11-10-2003, 08:07 AM	#7 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,958 OS: Vista Home Premium, SP 27	O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL (file missing) This is all I found, which is more "housekeeping" than the source of the problem. Open an HJY log, check this for fixing, then, with all explorer and browser windows closed, have HJT fix it. Reboot. I would like to answer your question about why Spyware Killer found all that stuff and the otrhers did not, but I can tell you that a lot of experience tells me that both Adaware and Spybot are very thorough, though conservative in not IDing things that you might actually need. See how you machine behaves, and let us know. __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt