jassuji
-
Content Count
42 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by jassuji
-
-
ok here's another HJT log ..............
Logfile of HijackThis v1.99.1
Scan saved at 6:08:45 PM, on 11/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\My Documents\Applications\utorrent.exe
C:\WINDOWS\system32\igfxsrvc.exe
c:\unzipped\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O11 - Options group: [iNTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
-
ok here's my new HJT log..............
Logfile of HijackThis v1.99.1
Scan saved at 12:58:05 AM, on 11/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\unzipped\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O11 - Options group: [iNTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
-
ok i've done what u've told me to do n here's the active scan report.............
Incident Status Location
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\lovee\Cookies\lovee@mediaplex[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\lovee\Cookies\lovee@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\lovee\Cookies\lovee@bluestreak[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\lovee\Cookies\lovee@doubleclick[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.overture.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[a.as-us.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[.bfast.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt[stat.onestat.com/]
Possible Virus. Not disinfected C:\Program Files\ewido anti-spyware 4.0\Patch.exe
Adware:Adware/IST.YourSiteBar Not disinfected C:\unzipped\HijackThis\backups\backup-20050628-095137-235.inf
Hacktool:Hacktool/PatchTCPSP2 Not disinfected D:\HCTS\HTS\appz\Cracks\HellLabs Proxy Checker v7.4.18\Parche Win XP-2000\patch211.zip[patch211/EvID4226Patch.exe]
Possible Virus. Not disinfected D:\My Documents\Applications\turbo-1.1.2.exe[²ÖÇ\Googlefox.exe]
Security Risk:Constructor/BVgen.A Not disinfected D:\My Documents\Applications\New Folder\bvgen.zip[sETINVAR.COM]
Virus:Univ.EP Disinfected D:\My Documents\Applications\New Folder\nrlg.zip[NUKE1.DAT]
Security Risk:Constructor/Polyengine.B Not disinfected D:\My Documents\Applications\New Folder\rme11.zip[RME11.OBJ]
Virus:W32/Tswsvk.Kit Disinfected D:\My Documents\Applications\New Folder\tswsvk.zip[TSWSVK.HLP]
Adware:Adware/WUpd Not disinfected D:\My Documents\Applications\Real-3D-Matrix.exe[¦&&\Zango\mg.exe]
Hacktool:HackTool/EvID Not disinfected D:\My Documents\Applications\EvID4226Patch223d-en.zip[EvID4226Patch.exe]
Possible Virus. Not disinfected D:\My Documents\Applications\Ewido ver 4\Ewido.Anti-Spyware4.0.0.172b.zip[Ewido.Anti-Spyware4.0.0.172b/Patch.exe]
Possible Virus. Not disinfected D:\My Documents\Applications\Ewido ver 4\Patch.exe
Virus:SymbOS/Skulls.D Not disinfected E:\My folder\nokia apps\SimworksAntivirusv116.zip[simworks_AnitiVirus_1.16_FULL_Dotsis.sis][]
Virus:Eicar.Mod Not disinfected E:\My folder\nokia apps\SimworksAntivirus12.zip[simworks_AntiVirus_1.12_Full_DotSiS.sis][]
Virus:Eicar.Mod Not disinfected E:\My folder\nokia apps\SimworksAntivirus12\Simworks_AntiVirus_1.12_Full_DotSiS.sis[]
Virus:SymbOS/Skulls.D Not disinfected E:\My folder\nokia apps\SimworksAntivirusv116\Simworks_AnitiVirus_1.16_FULL_Dotsis.sis[]
Virus:Trj/Clicker.LU Not disinfected E:\AIO DJ toolz\AIO-DJToolz[1]\AIO-DJToolz.exe[AutoPlay/Docs/DJ.Jukebox.6.0.CRK-FFF.zip][crack-inf.exe][adobemgr.exe]
Possible Virus. Not disinfected F:\Jaspal\Diablo2oo2 crackers\rlzer\PATCH\TASM32.EXE
-
Did you let AVG quarantine what it found?
yes i did let AVG quarantine what it found.....what do u think there should be in quarantine???
-
ok finally i've managed to do a full system scan.it took me 6 hours to complete it n now i'm postin its log as u said............................
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:38:11 PM 11/15/2006
+ Scan result:
G:\Software\HHv4\Hip.Hop.eJAY.1.04.00_No-CD_Crack.ZIP/hhejay_crk.exe -> Backdoor.Theef.111 : No action taken.
G:\Software\HHv4\Hip.Hop.eJAY.1.04.00_No-CD_Crack\hhejay_crk.exe -> Backdoor.Theef.111 : No action taken.
D:\My Documents\Applications\Cable_Modem_Uncapping_Kit.rar/Cable_Modem_Uncapping_Kit\Cable_Modem_Uncapping_Kit\Cable Modem Uncapping Kit V6.3\Step2.exe -> Dropper.Delf.vp : No action taken.
C:\Downloads\WCSRsetup\WCSRsetup.exe -> Dropper.Delf.yb : No action taken.
E:\My folder\nokia apps\7625c2edcad-kas[1].ringtone.editor.1.0.patch-icu.zip/patch.exe -> Logger.Agent.nbq : No action taken.
E:\My folder\nokia apps\RingtoneEditor.zip/patch.exe -> Logger.Agent.nbq : No action taken.
E:\My folder\nokia apps\RingtoneEditor\patch.exe -> Logger.Agent.nbq : No action taken.
C:\Program Files\ewido anti-spyware 4.0\Patch.exe -> Not-A-Virus.Hacktool.Crack : No action taken.
D:\My Documents\Applications\Ewido ver 4\Ewido.Anti-Spyware4.0.0.172b.zip/Ewido.Anti-Spyware4.0.0.172b/Patch.exe -> Not-A-Virus.Hacktool.Crack : No action taken.
D:\My Documents\Applications\Ewido ver 4\Patch.exe -> Not-A-Virus.Hacktool.Crack : No action taken.
D:\My Documents\Applications\EvID4226Patch223d-en.zip/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : No action taken.
C:\un\magic\Password Stealer.exe -> Not-A-Virus.PSWTool.Win32.PassViewer.PStealer : No action taken.
D:\My Documents\Applications\all_windows\WTK_Dp\UltimateWindows\RockXP v3\RockXP30.exe/keyms.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : No action taken.
E:\Bill_Gates_Toolkit_Reloaded%21%21%21\WTK_Dp\UltimateWindows\RockXP v3\RockXP30.exe/keyms.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : No action taken.
D:\My Documents\Applications\New Folder\vlc.zip/Htcapp.exe -> Not-A-Virus.VirTool.DOS.Htcapp : No action taken.
D:\My Documents\Applications\New Folder\rme11.zip/RME11.OBJ -> Not-A-Virus.VirTool.DOS.RME.11 : No action taken.
C:\Documents and Settings\lovee\My Documents\Download_Accelerator_Plus_v5.3.9.6_Multilanguage.zip/LS_DAP_v5.3.9.6_Multi-Language.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
C:\Documents and Settings\lovee\My Documents\RealOne_Player_Gold_v2.0_Multi_Feature_Activator_3_by_BetaMaster.zip/RealOne_v2_1.0_Multi_Feature_Patch_3_NoPath_BetaMaster/RealOnePatch_NoPath.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
C:\unzipped\Nero_Burning_Rom_SVCD_Plugin\LS_Nero_SVCD_Plugin.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
C:\unzipped\RealOne_Player_Gold_v2.0_Multi_Feature_Activator_3_by_BetaMaster\RealOne_v2_1.0_Multi_Feature_Patch_3_NoPath_BetaMaster\RealOnePatch_NoPath.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
C:\unzipped\Sonic_Foundry_SoundForge_v6.0a_build_150\rh-sf6b150.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
C:\unzipped\neroplugins\neroplugins\Nero_Burning_Rom_SVCD_Plugin.zip/LS_Nero_SVCD_Plugin.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
D:\My Documents\Applications\HidemyIP\Hide IP Platinum v1.4.rar/Hide IP Platinum v1.4.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
D:\My Documents\Applications\HidemyIP\Hide IP Platinum v1.4\Hide IP Platinum v1.4.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
D:\My Documents\Applications\Sonic_Foundry_SoundForge_v6.0a_build_150.zip/rh-sf6b150.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
D:\mIRC\download\CRACK-DFX.Plugins.All\CRACK-DFX.Plugins.All\DFXCrack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
D:\mIRC\download\neroplugins.zip/neroplugins/Nero_Burning_Rom_SVCD_Plugin.zip/LS_Nero_SVCD_Plugin.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
:mozilla.413:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.414:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.415:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.416:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.417:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.418:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.21:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.22:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.625:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.626:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.650:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.212:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.213:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.156:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.157:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.158:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.100:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\lovee\Cookies\lovee@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.511:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.66:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.68:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.69:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.67:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.70:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.71:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.72:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.73:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.77:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.79:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.330:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.172:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.173:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.245:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.246:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.244:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Cqcounter : No action taken.
:mozilla.345:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\lovee\Cookies\lovee@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.329:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Etracker : No action taken.
:mozilla.88:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.89:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.90:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.91:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.104:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.105:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.106:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.107:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.108:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.109:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.447:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.645:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.229:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.283:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.460:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.461:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.74:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.75:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.76:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.78:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.188:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.115:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\lovee\Cookies\lovee@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.549:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.550:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.203:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.379:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.380:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.381:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.382:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.377:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.378:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.358:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.359:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.305:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.306:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.187:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Spylog : No action taken.
:mozilla.252:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.253:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.254:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.255:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.256:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.257:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.258:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.259:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.260:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.261:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.262:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.263:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.264:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.265:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.266:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.267:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.268:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.269:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.270:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.271:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.272:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.302:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.303:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.304:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.439:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.375:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.180:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.217:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.218:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.219:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.220:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.221:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.222:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.202:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.84:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.85:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.86:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.424:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.425:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.426:C:\Documents and Settings\lovee\Application Data\Mozilla\Firefox\Profiles\cb2rb83t.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
::Report end
-
hiiii guys i'm back with a spyware problem (as told by my ISP ppl).when i'm tryin to download ne files from rapidshare or ne other website my speed goes down.i dunno y i'm having slow speeds on websites so i'm postin my HJT Log .if ne1 wants more info i'll be more then happy to give it to them..
here's my HJT log....................
Logfile of HijackThis v1.99.1
Scan saved at 5:05:16 PM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\unzipped\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O11 - Options group: [iNTERNATIONAL] International*
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
-
heyyyyyyyyyyyy GUESS WHAT??????????
i've finally solved my problem of certain websites not opening up in my computer thru my connection.for u newbies u can read the posts i've posted here before n this is the final verdict n SOLUTION to it......here's what i did........
ok now what i did was i opened up my browser n wrote "http://192.168.1.1" without the quotes then put "admin" in the username n "password" in the password place n pressed enter.
Now here comes the important part.i clicked on my "WAN" n edited my DSL settings n then at the page where it asks for PPP username n password, i had PPP IP extensions clicked on. so i just unticked it n as usual clicked on next, next n save n clicked on save reboot.
There u have it n WOILA my problem was solved.i'm now able to access microsoft, hotmail, msn, n any other site that i was'nt able to access before.
i hope this information will help ppl solve their problem.if it does'nt solve their problems then i'm sorry it worked for me tho..
THANX to whoever tried helping me on this problem.i hope this info would come in handy.........
-
heyyyyyyyy guess what???????? i've FINALLY solved my old problem of certain sites not openin up in my browser.well i'll tell exactly what i did. i hope it will help ne1 else whos havin the same problem.i'm gonna post this exact post in my earlier thread just incase.
ok now what i did was i opened up my browser n wrote "http://192.168.1.1" without the quotes then put "admin" in the username n "password" in the password place n pressed enter.
Now here comes the important part.i clicked on my "WAN" n edited my DSL settings n then at the page where it asks for PPP username n password, i had PPP IP extensions clicked on. so i just unticked it n as usual clicked on next, next n save n clicked on save reboot.
There u have it n WOILA my problem was solved.i'm now able to access microsoft, hotmail, msn, n any other site that i was'nt able to access before.
i hope this information will help ppl solve their problem.if it does'nt solve their problems then i'm sorry it worked for me tho..
THANX all of u guys who tried helpin me solve my website problem n now i really wanna solve this frequent link dropping problem.
-
I've put in a call to my Network Specialist friend and linked this to him, I'll see if I can get him in to look at this one.
He's a good friend of mine that I got to join our site awhile back to try helping with major Networking issues. He was a Network Specialist for 25 years and taught labs at the University on this stuff, so he knows it well.
He works mostly with Unix stuff, but he knows it all well. His handle is "Fearless".
thanx chappy i really appriciate ur help . i hope he can help with my earlier problem of websites i can't visit.i'm lookin forward to ur freind's reply as well as urs m8.
thanx
-
I am not up on networking issues. These problems can be due to bad configuration, XP not updated, bad hardware/software, malware or ther causes.
Network Address Translation Mapping Is Not Successful and an Event ID 32003 Is Logged
well i have autopatcher of august installed n all the previous updates for windows there could be. so i don't think that my XP is not updated.As far as BAD hardware/software is concerned, there can be an issue with nething.i'll talk to my ISP ppl to get another modem just to check if its a firmware problemor something.....
thanx for the links but i could'nt look at 2 of the 4 links coz they're frm microsoft.com n u know i can't open it.
neways thanx for ur efforts.
-
well thanx for ur reply m8 but i don't use Zonealarm as a firewall n i don't rememeber disabling ne services. if u can let me know which services r effecting my connection i'd really be glad.if that won't help then i'm only left with the last option to try my connection on a diffrent modem. i just wanted to ask u a question...
u said my onboard Ethernet could be bad right?? i've already tried connecting my modem with a USB cable been given with it but the problem persists.do u think i should go for a PCI ethernet just to make sure??????
i've also noticed another weird problem with my ethernet properties. i was looking at the properties of my LAN card n ISP ppl told me to manually put an IP n DNS server addresses n see what happens. so when i put the IP addresses n the DNS server addresses n click ok, the status of my LAN says it is manually configured but when i go to TCP/IP properties n check for the IPs they're gone.
its like when i manually configure my LAN to an IP, the IP n DNS server addresses don't get saved n i have trouble setting it back to auto assign.
so i go to cmd n do the netsh dump command ( this command is for reinstalling the TCP/IP configurations) n then it resets to auto assign.
can u tell me what all those errors i've posted mean????? i really wanna know n understand what's really causing them?????
plzz help
-
hiii guys,
i'm back with another weird problem with my ADSL modem.i have a BEETEL 220 BX ADSL2+ modem n i'm havin problem when i turn it off n on again. My link keeps dropping every 30-60 sec. its like my links drops atleast 20 times before stabilising on a IP. i tried looking at my event manager n found these errors.. i'm attachin their caps i hope u guys find it helpful. i've tried talking to my ISP people n all they could come up with is that there could be a faulty line so i've got it changed too but the problem still persists.i've even tried updating the firmware of the modem but it does'nt help at all. when my connection was new i had no trouble with the link but now i think that when i updated the firmware of my modem this problem started comin up.. .
i've even reinstalled winXP pro with SP2 installed.just to refresh everybody's memory i'm running a 2.8 P4 HT processor with an original intel 915GAV MOBO n 512MB of RAM @ 400Mhz n a 256MB nvidia 7300 GS graphics card.i have 2 HDDs, one is 80GB SATA samsung drive n another is 250GB SATA2 segate drive.
i connect my modem via my onboard ethernet n i've also tried connecting with a USB cord with the problem still persists.
The 3 error i'm attachin r the most common errors in my event manager.
i hope this info would help u understand my problem but if ne1 needs more info i'd be glad to reply....
P.S: speaking abt my last problem of not being able to open hotmail, microsoft, msn, etc is still there. i still have'nt found out clearly what's causing this .
if ne of u guys wanna know what was the problem i'm postin the direct link to the thread...
http://www.besttechie.net/forums/Problems-...ites-t9392.html
-
Logfile of HijackThis v1.99.1
Scan saved at 1:28:13 AM, on 8/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\VM_STI.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
c:\unzipped\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
-
i'm really sorry abt replyin soo late but i had to reinstall windows but that still did'nt helped me at all.
plzz guys help me out!!!!!!!!!
-
sorry m8 for replyin too late but i had to reinstall windows but i still can't open up hotmail,msn,microsoft n another new site i found messenger.yahoo.com.
all these sites say website found waiting for reply but never load at all???????
if u can help me with this problem i'd be really obliged
-
well i hope somebody does help me out with this cachin problem .......its really pissin me off
well Therock247uk is helpin me out with my Hijackthis log in the malware removal section n is doin a gud job helpin me
-
-
sorry abt the earlier post i did a fast reply n the whole log did'nt came thru so i'm postin it again.
sorry again..........
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
UPX! 7/5/2005 11:54:28 AM 184 C:\win.txt
PEC2 7/5/2005 11:54:28 AM 184 C:\win.txt
FSG! 7/5/2005 11:55:06 AM 30 C:\windows.txt
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Items found in C:\WINDOWS\hosts
Checking %System% folder...
PEC2 10/4/2001 7:13:42 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
aspack 7/7/2006 6:51:46 AM 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
PEC2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dll
PECompact2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dll
winsync 10/4/2001 7:16:34 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
aspack 6/20/2004 5:07:00 AM 61440 C:\WINDOWS\SYSTEM32\APCORE.DLL
aspack 2/2/2006 4:14:00 PM 53248 C:\WINDOWS\SYSTEM32\suppdll.dll
Umonitor 8/4/2004 1:26:44 PM 657408 C:\WINDOWS\SYSTEM32\rasdlg.dll
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack 12/5/2005 6:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll
aspack 2/3/2006 8:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll
aspack 3/31/2006 12:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll
aspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
aspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
aspack 8/4/2004 1:26:36 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
PTech 5/1/2006 4:57:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
UPX! 7/23/2001 8:29:32 AM 552960 C:\WINDOWS\SYSTEM32\saxzip.ocx
UPX! 12/19/2004 11:00:00 PM 111104 C:\WINDOWS\SYSTEM32\Uharc.exe
Checking %System%\Drivers folder and sub-folders...
PTech 6/10/2004 3:57:20 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/13/2006 11:26:10 PM S 2048 C:\WINDOWS\bootstat.dat
8/13/2006 11:24:18 PM H 1667072 C:\WINDOWS\system32\config\system.LOG
8/13/2006 11:24:16 PM H 147456 C:\WINDOWS\system32\config\software.LOG
8/13/2006 11:24:16 PM H 8192 C:\WINDOWS\system32\config\default.LOG
8/13/2006 11:26:30 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
8/13/2006 11:26:10 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
7/15/2006 3:01:42 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\ReinstallBackups\0030\DriverFiles\w810mdm.cat
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem55.CAT
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem56.CAT
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem57.CAT
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem58.CAT
7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem59.CAT
7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem60.CAT
7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem61.CAT
7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem63.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem64.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem65.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem66.CAT
7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem67.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem68.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem69.CAT
7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem70.CAT
7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem71.CAT
7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem72.CAT
7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem73.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem74.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem75.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem76.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem77.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem78.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem79.CAT
7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem80.CAT
7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem81.CAT
7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem82.CAT
7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem83.CAT
7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem84.CAT
7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem85.CAT
7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem86.CAT
7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem87.CAT
7/4/2006 8:59:14 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem88.CAT
7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem89.CAT
7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem90.CAT
7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem91.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem92.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem93.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem94.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem95.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem96.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem97.CAT
7/4/2006 8:59:16 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem98.CAT
7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem99.CAT
7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem100.CAT
7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem101.CAT
7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem102.CAT
7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem103.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem104.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem105.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem106.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem107.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem108.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem109.CAT
7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem110.CAT
7/4/2006 8:59:18 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem111.CAT
7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem112.CAT
7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem113.CAT
7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem114.CAT
7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem115.CAT
7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem116.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem117.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem118.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem119.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem120.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem121.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem122.CAT
7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem123.CAT
7/4/2006 8:59:18 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem124.CAT
7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem125.CAT
7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem126.CAT
7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem127.CAT
7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem128.CAT
7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem129.CAT
7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem130.CAT
7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem131.CAT
7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem132.CAT
7/4/2006 8:59:18 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem133.CAT
7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem134.CAT
7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem135.CAT
7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem136.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem137.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem138.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem139.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem140.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem141.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem142.CAT
7/4/2006 8:59:20 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem143.CAT
7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem144.CAT
7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem145.CAT
7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem146.CAT
7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem147.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem148.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem149.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem150.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem151.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem152.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem153.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem154.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem155.CAT
7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem156.CAT
7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem157.CAT
7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem158.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem159.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem160.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem161.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem162.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem163.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem164.CAT
7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem165.CAT
7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem166.CAT
7/4/2006 8:59:20 PM S 7415 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem167.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem168.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem169.CAT
7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem170.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem171.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem172.CAT
7/4/2006 8:59:22 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem173.CAT
7/4/2006 8:59:22 PM S 9712 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem174.CAT
7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem175.CAT
7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem176.CAT
7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem177.CAT
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem178.CAT
8/5/2006 9:59:16 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
8/5/2006 9:59:16 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\000f2e23-7d1d-40aa-894c-2b3773ddcf53
7/30/2006 12:37:44 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
7/30/2006 12:37:44 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3bb7f969-74cc-4395-bab3-1b9dcb42498e
8/13/2006 11:24:10 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
7/29/2004 12:56:00 PM 221184 C:\WINDOWS\SYSTEM32\cttune.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 230400 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 266240 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 1/18/2006 6:11:42 AM 3028992 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 10/4/2001 7:15:34 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
InstallShield Software Corporation8/9/2004 6:04:02 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 403968 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\powercfg.cpl
12/10/2004 10:47:44 AM 53248 C:\WINDOWS\SYSTEM32\vp6dec_settings.cpl
Microsoft Corporation 9/30/2004 3:47:14 PM 135168 C:\WINDOWS\SYSTEM32\directx.cpl
12/29/2002 4:44:38 AM 81920 C:\WINDOWS\SYSTEM32\startup.cpl
WIDCOMM, Inc. 10/15/2003 1:47:28 PM 245819 C:\WINDOWS\SYSTEM32\btcpl.cpl
Realtek Semiconductor Corp. 1/10/2006 1:58:40 PM 266240 C:\WINDOWS\SYSTEM32\RTSndMgr.Cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 471040 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 654848 C:\WINDOWS\SYSTEM32\appwiz.cpl
Realtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ALSndMgr.Cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 470528 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 205312 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 902656 C:\WINDOWS\SYSTEM32\mmsys.cpl
Intel Corporation 2/7/2006 8:38:52 AM 81920 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/7/2004 5:47:02 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/7/2004 5:47:26 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/7/2004 5:48:04 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
10/1/2003 1:00:00 AM 6151 C:\WINDOWS\SYSTEM32\txp3.cpl
9/4/2004 6:45:56 AM 172032 C:\WINDOWS\SYSTEM32\LClock.cpl
Sun Microsystems 4/20/2002 11:39:12 PM 45175 C:\WINDOWS\SYSTEM32\plugincpl140_01.cpl
Teleca Software Solutions AB 9/20/2004 1:09:04 PM 344064 C:\WINDOWS\SYSTEM32\ecsepm.cpl
?????????? ?????????? 8/17/2004 4:05:12 PM 138752 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 678912 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 136704 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 606208 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 403968 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 205824 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
?????????? ?????????? 10/20/2001 4:00:00 AM 964096 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 904704 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
?????????? ?????????? 10/20/2001 4:00:00 AM 303104 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 407040 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 380928 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
?????????? ?????????? 1/8/2006 1:57:44 PM 1007104 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
?????????? ?????????? 10/20/2001 4:00:00 AM 98816 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 93696 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Realtek Semiconductor Corp. 11/2/2005 2:54:08 PM 266240 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\RTSndMgr.CPL
Realtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\ALSNDMGR.CPL
Intel Corporation 9/20/2005 10:35:12 AM 77824 C:\WINDOWS\SYSTEM32\ReinstallBackups\0032\DriverFiles\igfxcpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
7/30/2006 10:57:58 PM 1661 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
8/5/2006 9:49:18 PM 681 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BTTray.lnk
12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini
2/28/2005 8:51:58 PM 797 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk
11/17/2005 10:12:40 PM 1547 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Phone Connection Monitor.lnk
6/17/2005 8:54:10 PM 1420 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\PowerMenu.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
12/29/2004 8:30:30 PM HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
6/8/2006 12:56:06 AM 1356 C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
Checking files in %USERPROFILE%\Startup folder...
12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\lovee\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
3/11/2006 10:31:26 PM 875 C:\Documents and Settings\lovee\Application Data\AdobeDLM.log
12/2/2004 5:30:26 PM HS 62 C:\Documents and Settings\lovee\Application Data\desktop.ini
3/11/2006 10:31:26 PM 0 C:\Documents and Settings\lovee\Application Data\dm.ini
7/23/2006 9:34:48 AM 110640 C:\Documents and Settings\lovee\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\RExpCtx
{D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CMenuExtender
{ABC70703-32AF-11d4-90C4-D483A70F4825} = F:\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\RExpCtx
{D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7A5117B0-B594-4DA8-829D-D15BF11996F2}
= C:\Program Files\DAEMON Tools\awxDTools.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
IeCatch5 Class = C:\PROGRA~1\FLASHGET\jccatch.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\SHDOCVW.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} = FlashGet Bar : C:\PROGRA~1\FLASHGET\fgiebar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA}
MenuText = Tri&xie Options... : C:\WINDOWS\system32\mscoree.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}
ButtonText = @btrez.dll,-4015 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
ButtonText = FlashGet : C:\PROGRA~1\FLASHGET\flashget.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
SoundMan SOUNDMAN.EXE
AlcWzrd ALCWZRD.EXE
Alcmtr ALCMTR.EXE
igfxtray C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd C:\WINDOWS\system32\hkcmd.exe
igfxpers C:\WINDOWS\system32\igfxpers.exe
Sunkist2k C:\Program Files\Multimedia Card Reader\shwicon2k.exe
NeroFilterCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Sony Ericsson PC Suite "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
BigDogPath C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk
backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup
location Common Startup
item InterVideo Scheduler server
backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup
location Common Startup
item InterVideo Scheduler server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk
backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE
item InterVideo WinCinema Manager
backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE
item InterVideo WinCinema Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
item Microsoft Office
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
item Microsoft Office
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 Detect.lnk
backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE
item PCSuiteForNokia6600 Detect
backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE
item PCSuiteForNokia6600 Detect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 TS.lnk
backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE
item PCSuiteForNokia6600 TS
backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE
item PCSuiteForNokia6600 TS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^lovee^Start Menu^Programs^Startup^Styler.exe.lnk
path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk
backup C:\WINDOWS\pss\Styler.exe.lnkStartup
location Startup
command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe
item Styler.exe
path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk
backup C:\WINDOWS\pss\Styler.exe.lnkStartup
location Startup
command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe
item Styler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alcmtr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ALCMTR
hkey HKLM
command ALCMTR.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ALCMTR
hkey HKLM
command ALCMTR.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcWzrd
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ALCWZRD
hkey HKLM
command ALCWZRD.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ALCWZRD
hkey HKLM
command ALCWZRD.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DataLayer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DATALA~1
hkey HKLM
command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DATALA~1
hkey HKLM
command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DirectX shell driver
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sammp32
hkey HKCU
command C:\WINDOWS\sammp32.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sammp32
hkey HKCU
command C:\WINDOWS\sammp32.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FastTVSync
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item FastTVSync
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item FastTVSync
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hkt
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkt
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkt
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Internet Optimizer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item optimize
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item optimize
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IST Service
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item istsvc
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item istsvc
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item isuspm
hkey HKLM
command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item isuspm
hkey HKLM
command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item issch
hkey HKLM
command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item issch
hkey HKLM
command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Kgmh
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gufbjg
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gufbjg
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Access
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaAccK
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaAccK
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\New.net Startup
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NEWDOT~1
hkey HKLM
command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NEWDOT~1
hkey HKLM
command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSuiteTrayApplication
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TRAYAP~1
hkey HKLM
command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TRAYAP~1
hkey HKLM
command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Scan
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item powerscan
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item powerscan
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\saap
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item saap
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item saap
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tSd6bm
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item oypjl
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item oypjl
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -u
hkey HKLM
command %systemroot%\system32\dumprep 0 -u
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -u
hkey HKLM
command %systemroot%\system32\dumprep 0 -u
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebRebates0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WebRebates0
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WebRebates0
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\zufo
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item zufom
hkey HKCU
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item zufom
hkey HKCU
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 2
bootini 2
services 0
startup 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
UseDesktopIniCache 1
NoCDBurning 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
UpdateManager C:\Program Files\Common Files\Microsoft Shared\MSEnv\vers_man.exe.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACH
-
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
UPX! 7/5/2005 11:54:28 AM 184 C:\win.txt
PEC2 7/5/2005 11:54:28 AM 184 C:\win.txt
FSG! 7/5/2005 11:55:06 AM 30 C:\windows.txt
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Items found in C:\WINDOWS\hosts
Checking %System% folder...
PEC2 10/4/2001 7:13:42 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
aspack 7/7/2006 6:51:46 AM 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
PEC2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dll
PECompact2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dll
winsync 10/4/2001 7:16:34 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
aspack 6/20/2004 5:07:00 AM 61440 C:\WINDOWS\SYSTEM32\APCORE.DLL
aspack 2/2/2006 4:14:00 PM 53248 C:\WINDOWS\SYSTEM32\suppdll.dll
Umonitor 8/4/2004 1:26:44 PM 657408 C:\WINDOWS\SYSTEM32\rasdlg.dll
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack 12/5/2005 6:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll
aspack 2/3/2006 8:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll
aspack 3/31/2006 12:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll
aspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
aspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
aspack 8/4/2004 1:26:36 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
PTech 5/1/2006 4:57:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
UPX! 7/23/2001 8:29:32 AM 552960 C:\WINDOWS\SYSTEM32\saxzip.ocx
UPX! 12/19/2004 11:00:00 PM 111104 C:\WINDOWS\SYSTEM32\Uharc.exe
Checking %System%\Drivers folder and sub-folders...
PTech 6/10/2004 3:57:20 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/13/2006 11:26:10 PM S 2048 C:\WINDOWS\bootstat.dat
8/13/2006 11:24:18 PM H 1667072 C:\WINDOWS\system32\config\system.LOG
8/13/2006 11:24:16 PM H 147456 C:\WINDOWS\system32\config\software.LOG
8/13/2006 11:24:16 PM H 8192 C:\WINDOWS\system32\config\default.LOG
8/13/2006 11:26:30 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
8/13/2006 11:26:10 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
7/15/2006 3:01:42 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\ReinstallBackups\0030\DriverFiles\w810mdm.cat
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem55.CAT
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem56.CAT
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem57.CAT
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem58.CAT
7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem59.CAT
7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem60.CAT
7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem61.CAT
7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem63.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem64.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem65.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem66.CAT
7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem67.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem68.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem69.CAT
7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem70.CAT
7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem71.CAT
7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem72.CAT
7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem73.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem74.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem75.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem76.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem77.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem78.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem79.CAT
7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem80.CAT
7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem81.CAT
7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem82.CAT
7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem83.CAT
7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem84.CAT
7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem85.CAT
7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem86.CAT
7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem87.CAT
7/4/2006 8:59:14 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem88.CAT
7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem89.CAT
7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem90.CAT
7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem91.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem92.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem93.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem94.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem95.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem96.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem97.CAT
7/4/2006 8:59:16 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem98.CAT
7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem99.CAT
7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem100.CAT
7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem101.CAT
7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem102.CAT
7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem103.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem104.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem105.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem106.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem107.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem108.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem109.CAT
7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem110.CAT
7/4/2006 8:59:18 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem111.CAT
7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem112.CAT
7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem113.CAT
7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem114.CAT
7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem115.CAT
7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem116.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem117.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem118.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem119.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem120.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem121.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem122.CAT
7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem123.CAT
7/4/2006 8:59:18 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem124.CAT
7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem125.CAT
7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem126.CAT
7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem127.CAT
7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem128.CAT
7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem129.CAT
7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem130.CAT
7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem131.CAT
7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem132.CAT
7/4/2006 8:59:18 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem133.CAT
7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem134.CAT
7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem135.CAT
7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem136.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem137.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem138.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem139.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem140.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem141.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem142.CAT
7/4/2006 8:59:20 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem143.CAT
7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem144.CAT
7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem145.CAT
7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem146.CAT
7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem147.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem148.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem149.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem150.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem151.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem152.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem153.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem154.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem155.CAT
7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem156.CAT
7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem157.CAT
7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem158.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem159.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem160.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem161.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem162.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem163.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem164.CAT
7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem165.CAT
7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem166.CAT
7/4/2006 8:59:20 PM S 7415 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem167.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem168.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem169.CAT
7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem170.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem171.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem172.CAT
7/4/2006 8:59:22 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem173.CAT
7/4/2006 8:59:22 PM S 9712 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem174.CAT
7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem175.CAT
7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem176.CAT
7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem177.CAT
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem178.CAT
8/5/2006 9:59:16 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
8/5/2006 9:59:16 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\000f2e23-7d1d-40aa-894c-2b3773ddcf53
7/30/2006 12:37:44 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
7/30/2006 12:37:44 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3bb7f969-74cc-4395-bab3-1b9dcb42498e
8/13/2006 11:24:10 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
7/29/2004 12:56:00 PM 221184 C:\WINDOWS\SYSTEM32\cttune.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 230400 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 266240 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 1/18/2006 6:11:42 AM 3028992 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 10/4/2001 7:15:34 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
InstallShield Software Corporation8/9/2004 6:04:02 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 403968 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\powercfg.cpl
12/10/2004 10:47:44 AM 53248 C:\WINDOWS\SYSTEM32\vp6dec_settings.cpl
Microsoft Corporation 9/30/2004 3:47:14 PM 135168 C:\WINDOWS\SYSTEM32\directx.cpl
12/29/2002 4:44:38 AM 81920 C:\WINDOWS\SYSTEM32\startup.cpl
WIDCOMM, Inc. 10/15/2003 1:47:28 PM 245819 C:\WINDOWS\SYSTEM32\btcpl.cpl
Realtek Semiconductor Corp. 1/10/2006 1:58:40 PM 266240 C:\WINDOWS\SYSTEM32\RTSndMgr.Cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 471040 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 654848 C:\WINDOWS\SYSTEM32\appwiz.cpl
Realtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ALSndMgr.Cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 470528 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 205312 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 902656 C:\WINDOWS\SYSTEM32\mmsys.cpl
Intel Corporation 2/7/2006 8:38:52 AM 81920 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/7/2004 5:47:02 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/7/2004 5:47:26 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/7/2004 5:48:04 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
10/1/2003 1:00:00 AM 6151 C:\WINDOWS\SYSTEM32\txp3.cpl
9/4/2004 6:45:56 AM 172032 C:\WINDOWS\SYSTEM32\LClock.cpl
Sun Microsystems 4/20/2002 11:39:12 PM 45175 C:\WINDOWS\SYSTEM32\plugincpl140_01.cpl
Teleca Software Solutions AB 9/20/2004 1:09:04 PM 344064 C:\WINDOWS\SYSTEM32\ecsepm.cpl
?????????? ?????????? 8/17/2004 4:05:12 PM 138752 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 678912 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 136704 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 606208 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 403968 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 205824 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
?????????? ?????????? 10/20/2001 4:00:00 AM 964096 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 904704 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
?????????? ?????????? 10/20/2001 4:00:00 AM 303104 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 407040 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 380928 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
?????????? ?????????? 1/8/2006 1:57:44 PM 1007104 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
?????????? ?????????? 10/20/2001 4:00:00 AM 98816 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 93696 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Realtek Semiconductor Corp. 11/2/2005 2:54:08 PM 266240 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\RTSndMgr.CPL
Realtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\ALSNDMGR.CPL
Intel Corporation 9/20/2005 10:35:12 AM 77824 C:\WINDOWS\SYSTEM32\ReinstallBackups\0032\DriverFiles\igfxcpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
7/30/2006 10:57:58 PM 1661 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
8/5/2006 9:49:18 PM 681 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BTTray.lnk
12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini
2/28/2005 8:51:58 PM 797 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk
11/17/2005 10:12:40 PM 1547 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Phone Connection Monitor.lnk
6/17/2005 8:54:10 PM 1420 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\PowerMenu.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
12/29/2004 8:30:30 PM HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
6/8/2006 12:56:06 AM 1356 C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
Checking files in %USERPROFILE%\Startup folder...
12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\lovee\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
3/11/2006 10:31:26 PM 875 C:\Documents and Settings\lovee\Application Data\AdobeDLM.log
12/2/2004 5:30:26 PM HS 62 C:\Documents and Settings\lovee\Application Data\desktop.ini
3/11/2006 10:31:26 PM 0 C:\Documents and Settings\lovee\Application Data\dm.ini
7/23/2006 9:34:48 AM 110640 C:\Documents and Settings\lovee\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\RExpCtx
{D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CMenuExtender
{ABC70703-32AF-11d4-90C4-D483A70F4825} = F:\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\RExpCtx
{D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7A5117B0-B594-4DA8-829D-D15BF11996F2}
= C:\Program Files\DAEMON Tools\awxDTools.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
IeCatch5 Class = C:\PROGRA~1\FLASHGET\jccatch.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\SHDOCVW.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} = FlashGet Bar : C:\PROGRA~1\FLASHGET\fgiebar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA}
MenuText = Tri&xie Options... : C:\WINDOWS\system32\mscoree.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}
ButtonText = @btrez.dll,-4015 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
ButtonText = FlashGet : C:\PROGRA~1\FLASHGET\flashget.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
SoundMan SOUNDMAN.EXE
AlcWzrd ALCWZRD.EXE
Alcmtr ALCMTR.EXE
igfxtray C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd C:\WINDOWS\system32\hkcmd.exe
igfxpers C:\WINDOWS\system32\igfxpers.exe
Sunkist2k C:\Program Files\Multimedia Card Reader\shwicon2k.exe
NeroFilterCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Sony Ericsson PC Suite "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
BigDogPath C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk
backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup
location Common Startup
item InterVideo Scheduler server
backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup
location Common Startup
item InterVideo Scheduler server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk
backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE
item InterVideo WinCinema Manager
backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE
item InterVideo WinCinema Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
item Microsoft Office
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
item Microsoft Office
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 Detect.lnk
backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE
item PCSuiteForNokia6600 Detect
backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE
item PCSuiteForNokia6600 Detect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 TS.lnk
backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE
item PCSuiteForNokia6600 TS
backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE
item PCSuiteForNokia6600 TS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^lovee^Start Menu^Programs^Startup^Styler.exe.lnk
path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk
backup C:\WINDOWS\pss\Styler.exe.lnkStartup
location Startup
command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe
item Styler.exe
path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk
backup C:\WINDOWS\pss\Styler.exe.lnkStartup
location Startup
command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe
item Styler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alcmtr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ALCMTR
hkey HKLM
command ALCMTR.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ALCMTR
hkey HKLM
command ALCMTR.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcWzrd
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ALCWZRD
hkey HKLM
command ALCWZRD.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ALCWZRD
hkey HKLM
command ALCWZRD.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DataLayer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DATALA~1
hkey HKLM
command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DATALA~1
hkey HKLM
command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DirectX shell driver
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sammp32
hkey HKCU
command C:\WINDOWS\sammp32.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sammp32
hkey HKCU
command C:\WINDOWS\sammp32.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FastTVSync
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item FastTVSync
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item FastTVSync
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hkt
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkt
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkt
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Internet Optimizer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item optimize
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item optimize
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IST Service
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item istsvc
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item istsvc
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item isuspm
hkey HKLM
command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item isuspm
hkey HKLM
command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item issch
hkey HKLM
command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item issch
hkey HKLM
command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Kgmh
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gufbjg
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gufbjg
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Access
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaAccK
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaAccK
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\New.net Startup
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NEWDOT~1
hkey HKLM
command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NEWDOT~1
hkey HKLM
command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSuiteTrayApplication
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TRAYAP~1
hkey HKLM
command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TRAYAP~1
hkey HKLM
command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Scan
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item powerscan
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item powerscan
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\saap
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item saap
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item saap
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tSd6bm
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item oypjl
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item oypjl
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -u
hkey HKLM
command %systemroot%\system32\dumprep 0 -u
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -u
hkey HKLM
command %systemroot%\system32\dumprep 0 -u
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebRebates0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WebRebates0
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WebRebates0
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\zufo
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item zufom
hkey HKCU
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item zufom
hkey HKCU
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 2
bootini 2
services 0
startup 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
UseDesktopIniCache 1
NoCDBurning 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
UpdateManager C:\Program Files\Common Files\Microsoft Shared\MSEnv\vers_man.exe.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legal
-
ok i've scanned with WinPfind n here's the log...........
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
UPX! 7/5/2005 11:54:28 AM 184 C:\win.txt
PEC2 7/5/2005 11:54:28 AM 184 C:\win.txt
FSG! 7/5/2005 11:55:06 AM 30 C:\windows.txt
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Items found in C:\WINDOWS\hosts
Checking %System% folder...
PEC2 10/4/2001 7:13:42 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
aspack 7/7/2006 6:51:46 AM 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
PEC2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dll
PECompact2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dll
winsync 10/4/2001 7:16:34 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
aspack 6/20/2004 5:07:00 AM 61440 C:\WINDOWS\SYSTEM32\APCORE.DLL
aspack 2/2/2006 4:14:00 PM 53248 C:\WINDOWS\SYSTEM32\suppdll.dll
Umonitor 8/4/2004 1:26:44 PM 657408 C:\WINDOWS\SYSTEM32\rasdlg.dll
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack 12/5/2005 6:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll
aspack 2/3/2006 8:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll
aspack 3/31/2006 12:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll
aspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
aspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
aspack 8/4/2004 1:26:36 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
PTech 5/1/2006 4:57:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
UPX! 7/23/2001 8:29:32 AM 552960 C:\WINDOWS\SYSTEM32\saxzip.ocx
UPX! 12/19/2004 11:00:00 PM 111104 C:\WINDOWS\SYSTEM32\Uharc.exe
Checking %System%\Drivers folder and sub-folders...
PTech 6/10/2004 3:57:20 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/13/2006 11:26:10 PM S 2048 C:\WINDOWS\bootstat.dat
8/13/2006 11:24:18 PM H 1667072 C:\WINDOWS\system32\config\system.LOG
8/13/2006 11:24:16 PM H 147456 C:\WINDOWS\system32\config\software.LOG
8/13/2006 11:24:16 PM H 8192 C:\WINDOWS\system32\config\default.LOG
8/13/2006 11:26:30 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
8/13/2006 11:26:10 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
7/15/2006 3:01:42 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\ReinstallBackups\0030\DriverFiles\w810mdm.cat
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem55.CAT
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem56.CAT
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem57.CAT
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem58.CAT
7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem59.CAT
7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem60.CAT
7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem61.CAT
7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem63.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem64.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem65.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem66.CAT
7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem67.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem68.CAT
7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem69.CAT
7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem70.CAT
7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem71.CAT
7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem72.CAT
7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem73.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem74.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem75.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem76.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem77.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem78.CAT
7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem79.CAT
7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem80.CAT
7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem81.CAT
7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem82.CAT
7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem83.CAT
7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem84.CAT
7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem85.CAT
7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem86.CAT
7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem87.CAT
7/4/2006 8:59:14 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem88.CAT
7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem89.CAT
7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem90.CAT
7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem91.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem92.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem93.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem94.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem95.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem96.CAT
7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem97.CAT
7/4/2006 8:59:16 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem98.CAT
7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem99.CAT
7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem100.CAT
7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem101.CAT
7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem102.CAT
7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem103.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem104.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem105.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem106.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem107.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem108.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem109.CAT
7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem110.CAT
7/4/2006 8:59:18 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem111.CAT
7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem112.CAT
7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem113.CAT
7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem114.CAT
7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem115.CAT
7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem116.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem117.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem118.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem119.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem120.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem121.CAT
7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem122.CAT
7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem123.CAT
7/4/2006 8:59:18 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem124.CAT
7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem125.CAT
7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem126.CAT
7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem127.CAT
7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem128.CAT
7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem129.CAT
7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem130.CAT
7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem131.CAT
7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem132.CAT
7/4/2006 8:59:18 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem133.CAT
7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem134.CAT
7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem135.CAT
7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem136.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem137.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem138.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem139.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem140.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem141.CAT
7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem142.CAT
7/4/2006 8:59:20 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem143.CAT
7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem144.CAT
7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem145.CAT
7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem146.CAT
7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem147.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem148.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem149.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem150.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem151.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem152.CAT
7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem153.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem154.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem155.CAT
7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem156.CAT
7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem157.CAT
7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem158.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem159.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem160.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem161.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem162.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem163.CAT
7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem164.CAT
7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem165.CAT
7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem166.CAT
7/4/2006 8:59:20 PM S 7415 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem167.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem168.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem169.CAT
7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem170.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem171.CAT
7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem172.CAT
7/4/2006 8:59:22 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem173.CAT
7/4/2006 8:59:22 PM S 9712 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem174.CAT
7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem175.CAT
7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem176.CAT
7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem177.CAT
7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem178.CAT
8/5/2006 9:59:16 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
8/5/2006 9:59:16 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\000f2e23-7d1d-40aa-894c-2b3773ddcf53
7/30/2006 12:37:44 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
7/30/2006 12:37:44 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3bb7f969-74cc-4395-bab3-1b9dcb42498e
8/13/2006 11:24:10 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
7/29/2004 12:56:00 PM 221184 C:\WINDOWS\SYSTEM32\cttune.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 230400 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 266240 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 1/18/2006 6:11:42 AM 3028992 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 10/4/2001 7:15:34 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
InstallShield Software Corporation8/9/2004 6:04:02 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 403968 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\powercfg.cpl
12/10/2004 10:47:44 AM 53248 C:\WINDOWS\SYSTEM32\vp6dec_settings.cpl
Microsoft Corporation 9/30/2004 3:47:14 PM 135168 C:\WINDOWS\SYSTEM32\directx.cpl
12/29/2002 4:44:38 AM 81920 C:\WINDOWS\SYSTEM32\startup.cpl
WIDCOMM, Inc. 10/15/2003 1:47:28 PM 245819 C:\WINDOWS\SYSTEM32\btcpl.cpl
Realtek Semiconductor Corp. 1/10/2006 1:58:40 PM 266240 C:\WINDOWS\SYSTEM32\RTSndMgr.Cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 471040 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 654848 C:\WINDOWS\SYSTEM32\appwiz.cpl
Realtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ALSndMgr.Cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 470528 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 205312 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/4/2004 1:26:58 PM 902656 C:\WINDOWS\SYSTEM32\mmsys.cpl
Intel Corporation 2/7/2006 8:38:52 AM 81920 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/7/2004 5:47:02 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/7/2004 5:47:26 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/7/2004 5:48:04 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
10/1/2003 1:00:00 AM 6151 C:\WINDOWS\SYSTEM32\txp3.cpl
9/4/2004 6:45:56 AM 172032 C:\WINDOWS\SYSTEM32\LClock.cpl
Sun Microsystems 4/20/2002 11:39:12 PM 45175 C:\WINDOWS\SYSTEM32\plugincpl140_01.cpl
Teleca Software Solutions AB 9/20/2004 1:09:04 PM 344064 C:\WINDOWS\SYSTEM32\ecsepm.cpl
?????????? ?????????? 8/17/2004 4:05:12 PM 138752 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 678912 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 136704 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 606208 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 403968 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 205824 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
?????????? ?????????? 10/20/2001 4:00:00 AM 964096 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 904704 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
?????????? ?????????? 10/20/2001 4:00:00 AM 303104 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 407040 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 380928 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
?????????? ?????????? 1/8/2006 1:57:44 PM 1007104 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
?????????? ?????????? 10/20/2001 4:00:00 AM 98816 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
?????????? ?????????? 8/17/2004 3:05:12 PM 93696 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Realtek Semiconductor Corp. 11/2/2005 2:54:08 PM 266240 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\RTSndMgr.CPL
Realtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\ALSNDMGR.CPL
Intel Corporation 9/20/2005 10:35:12 AM 77824 C:\WINDOWS\SYSTEM32\ReinstallBackups\0032\DriverFiles\igfxcpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
7/30/2006 10:57:58 PM 1661 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
8/5/2006 9:49:18 PM 681 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BTTray.lnk
12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini
2/28/2005 8:51:58 PM 797 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk
11/17/2005 10:12:40 PM 1547 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Phone Connection Monitor.lnk
6/17/2005 8:54:10 PM 1420 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\PowerMenu.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
12/29/2004 8:30:30 PM HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
6/8/2006 12:56:06 AM 1356 C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
Checking files in %USERPROFILE%\Startup folder...
12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\lovee\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
3/11/2006 10:31:26 PM 875 C:\Documents and Settings\lovee\Application Data\AdobeDLM.log
12/2/2004 5:30:26 PM HS 62 C:\Documents and Settings\lovee\Application Data\desktop.ini
3/11/2006 10:31:26 PM 0 C:\Documents and Settings\lovee\Application Data\dm.ini
7/23/2006 9:34:48 AM 110640 C:\Documents and Settings\lovee\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\RExpCtx
{D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CMenuExtender
{ABC70703-32AF-11d4-90C4-D483A70F4825} = F:\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\RExpCtx
{D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7A5117B0-B594-4DA8-829D-D15BF11996F2}
= C:\Program Files\DAEMON Tools\awxDTools.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
IeCatch5 Class = C:\PROGRA~1\FLASHGET\jccatch.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\SHDOCVW.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} = FlashGet Bar : C:\PROGRA~1\FLASHGET\fgiebar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA}
MenuText = Tri&xie Options... : C:\WINDOWS\system32\mscoree.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}
ButtonText = @btrez.dll,-4015 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
ButtonText = FlashGet : C:\PROGRA~1\FLASHGET\flashget.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
SoundMan SOUNDMAN.EXE
AlcWzrd ALCWZRD.EXE
Alcmtr ALCMTR.EXE
igfxtray C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd C:\WINDOWS\system32\hkcmd.exe
igfxpers C:\WINDOWS\system32\igfxpers.exe
Sunkist2k C:\Program Files\Multimedia Card Reader\shwicon2k.exe
NeroFilterCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Sony Ericsson PC Suite "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
BigDogPath C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk
backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup
location Common Startup
item InterVideo Scheduler server
backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup
location Common Startup
item InterVideo Scheduler server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk
backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE
item InterVideo WinCinema Manager
backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE
item InterVideo WinCinema Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
item Microsoft Office
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
item Microsoft Office
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 Detect.lnk
backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE
item PCSuiteForNokia6600 Detect
backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE
item PCSuiteForNokia6600 Detect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 TS.lnk
backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE
item PCSuiteForNokia6600 TS
backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE
item PCSuiteForNokia6600 TS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^lovee^Start Menu^Programs^Startup^Styler.exe.lnk
path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk
backup C:\WINDOWS\pss\Styler.exe.lnkStartup
location Startup
command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe
item Styler.exe
path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk
backup C:\WINDOWS\pss\Styler.exe.lnkStartup
location Startup
command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe
item Styler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alcmtr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ALCMTR
hkey HKLM
command ALCMTR.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ALCMTR
hkey HKLM
command ALCMTR.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcWzrd
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ALCWZRD
hkey HKLM
command ALCWZRD.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ALCWZRD
hkey HKLM
command ALCWZRD.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DataLayer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DATALA~1
hkey HKLM
command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DATALA~1
hkey HKLM
command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DirectX shell driver
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sammp32
hkey HKCU
command C:\WINDOWS\sammp32.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sammp32
hkey HKCU
command C:\WINDOWS\sammp32.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FastTVSync
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item FastTVSync
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item FastTVSync
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hkt
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkt
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkt
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Internet Optimizer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item optimize
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item optimize
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IST Service
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item istsvc
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item istsvc
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item isuspm
hkey HKLM
command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item isuspm
hkey HKLM
command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item issch
hkey HKLM
command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item issch
hkey HKLM
command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Kgmh
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gufbjg
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gufbjg
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Access
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaAccK
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaAccK
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\New.net Startup
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NEWDOT~1
hkey HKLM
command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NEWDOT~1
hkey HKLM
command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSuiteTrayApplication
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TRAYAP~1
hkey HKLM
command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TRAYAP~1
hkey HKLM
command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Scan
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item powerscan
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item powerscan
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\saap
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item saap
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item saap
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tSd6bm
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item oypjl
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item oypjl
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -u
hkey HKLM
command %systemroot%\system32\dumprep 0 -u
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -u
hkey HKLM
command %systemroot%\system32\dumprep 0 -u
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebRebates0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WebRebates0
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WebRebates0
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\zufo
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item zufom
hkey HKCU
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item zufom
hkey HKCU
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 2
bootini 2
services 0
startup 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
UseDesktopIniCache 1
NoCDBurning 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
UpdateManager C:\Program Files\Common Files\Microsoft Shared\MSEnv\vers_man.exe.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policie
-
i've googled abt my problem n found out abt something called DNS cache poisoning.it seemed being related with my problem a lot.if ne1 knows abt this problem then plz help me out with this.
i need to know what's the real reason behind my problem.i've also tried calling my ISP n asked the guys abt this problem n all they said is that they never heard abt this problem frm ne1 else except me so they said that they'll ask other customers abt it.
ne1 out there who can help me get over this problem???????
HELPPPPP!!!!!!!!!!!!!!!!!!!!!!
-
ok i've deleted these entries but a few of them r not gettin deleted.i think my log will tell u everything.i really apprieciate ur help but i need a lil more help with a bigger problem n that's what my topic headlines mean.plzz do help me with that too.
i've googled abt my problem n saw on few websites abt DNS cache poisoning which could be related to my prob(i think).just if u know abt this plzz let me know or if ne1 else does then plz let me if i'm indected too or not????????
here's my log
Logfile of HijackThis v1.99.1
Scan saved at 10:42:45 PM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP1 (7.00.5299.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
E:\VMware Workstation\vmware-authd.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\My Documents\Applications\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\unzipped\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O11 - Options group: [TABS] Tabbed Browsing
O14 - IERESET.INF: START_PAGE_URL=http://www.zdnetindia.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107144957275
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141296369281
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SuperProServer - Unknown owner - C:\Tally\spnsrvnt.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
-
thanx for the LSP fix problem.i've done what u've told me n here is my next log.........
Logfile of HijackThis v1.99.1
Scan saved at 3:18:58 PM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP1 (7.00.5299.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
E:\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
c:\unzipped\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O11 - Options group: [TABS] Tabbed Browsing
O14 - IERESET.INF: START_PAGE_URL=http://www.zdnetindia.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107144957275
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141296369281
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SuperProServer - Unknown owner - C:\Tally\spnsrvnt.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
-
yes i have posted my Hjt log in the malware removal section.i hope somebody finds me the answer as to y is this happenin??????
Slow Download Speeds On Direct Download
in Malware Removal
Posted
yes i'm aware of the cracks in my system n i know they're there for some reason.... i'd be really glad if u could help me neways....thanx for ur help tho..