jassuji Posted August 11, 2006 Report Share Posted August 11, 2006 hii,i'm not able to open up hotmail,microsoft,msn on my laptop n now as well as on my desktop.i've already posted everything abt my problem in the pc support section.if ne1 would like to know abt my problem n what ppl suggested me to do to go to this link below.so now i'm postin my Hjtlog if ne1 can help it would be apprieciated.http://www.besttechie.net/forums/index.php?showtopic=9392Logfile of HijackThis v1.99.1Scan saved at 10:33:11 AM, on 8/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 SP1 (7.00.5299.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\svchost.exeE:\VMware Workstation\vmware-authd.exeC:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exeC:\WINDOWS\system32\vmnat.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\vmnetdhcp.exeC:\WINDOWS\ALCWZRD.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Multimedia Card Reader\shwicon2k.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\VM_STI.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\PowerMenu\PowerMenu.exeC:\Program Files\Sony Ericsson\Mobile\audevicemgr.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXEC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEC:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXEC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Messenger\msmsgs.exec:\unzipped\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepageR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dllO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXEO4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exeO4 - Global Startup: Phone Connection Monitor.lnk = ?O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: BTTray.lnk = ?O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLLO9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exeO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exeO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missingO11 - Options group: [TABS] Tabbed BrowsingO14 - IERESET.INF: START_PAGE_URL=http://www.zdnetindia.comO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cabO16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107144957275O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141296369281O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEO23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: SuperProServer - Unknown owner - C:\Tally\spnsrvnt.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\VMware Workstation\vmware-authd.exeO23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exeO23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exeO23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe Quote Link to post Share on other sites
therock247uk Posted August 11, 2006 Report Share Posted August 11, 2006 A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it. 1. Please download LSPFix from here. 2. Run the LSPFix.exe that you have just finished downloading. 3. Check the I know what I'm doing box. 4. In the Keep box you should see one or more instances of newdotnet6_38.dll. 5. Select every instance of newdotnet6_38.dll and move each one to the Remove box by clicking the >> button. 6. When you are done click Finish>>.Then post a new Hijackthis log here in a reply. Quote Link to post Share on other sites
jassuji Posted August 12, 2006 Author Report Share Posted August 12, 2006 thanx for the LSP fix problem.i've done what u've told me n here is my next log.........Logfile of HijackThis v1.99.1Scan saved at 3:18:58 PM, on 8/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 SP1 (7.00.5299.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\svchost.exeE:\VMware Workstation\vmware-authd.exeC:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exeC:\WINDOWS\system32\vmnat.exeC:\WINDOWS\system32\vmnetdhcp.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Multimedia Card Reader\shwicon2k.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\VM_STI.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\PowerMenu\PowerMenu.exeC:\Program Files\Sony Ericsson\Mobile\audevicemgr.exeC:\Program Files\Common Files\Teleca Shared\CapabilityManager.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXEC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXEC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exeC:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Messenger\msmsgs.exec:\unzipped\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepageR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dllO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXEO4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exeO4 - Global Startup: Phone Connection Monitor.lnk = ?O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: BTTray.lnk = ?O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLLO9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exeO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exeO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO11 - Options group: [TABS] Tabbed BrowsingO14 - IERESET.INF: START_PAGE_URL=http://www.zdnetindia.comO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cabO16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107144957275O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141296369281O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEO23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: SuperProServer - Unknown owner - C:\Tally\spnsrvnt.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\VMware Workstation\vmware-authd.exeO23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exeO23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exeO23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe Quote Link to post Share on other sites
therock247uk Posted August 12, 2006 Report Share Posted August 12, 2006 Open Hijackthis and click scan. Then check mark the following entriesR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepageR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cabNow close all open windows except Hijackthis and click fix checkedThen post a new Hijackthis log here in a reply. Quote Link to post Share on other sites
jassuji Posted August 12, 2006 Author Report Share Posted August 12, 2006 ok i've deleted these entries but a few of them r not gettin deleted.i think my log will tell u everything.i really apprieciate ur help but i need a lil more help with a bigger problem n that's what my topic headlines mean.plzz do help me with that too.i've googled abt my problem n saw on few websites abt DNS cache poisoning which could be related to my prob(i think).just if u know abt this plzz let me know or if ne1 else does then plz let me if i'm indected too or not????????here's my logLogfile of HijackThis v1.99.1Scan saved at 10:42:45 PM, on 8/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 SP1 (7.00.5299.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Multimedia Card Reader\shwicon2k.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\VM_STI.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\PowerMenu\PowerMenu.exeC:\Program Files\Sony Ericsson\Mobile\audevicemgr.exeC:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXEC:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXEC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\svchost.exeE:\VMware Workstation\vmware-authd.exeC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exeC:\WINDOWS\system32\vmnat.exeC:\WINDOWS\system32\vmnetdhcp.exeC:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeD:\My Documents\Applications\utorrent.exeC:\Program Files\Mozilla Firefox\firefox.exec:\unzipped\HijackThis\HijackThis.exeR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dllO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXEO4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exeO4 - Global Startup: Phone Connection Monitor.lnk = ?O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: BTTray.lnk = ?O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLLO9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exeO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exeO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO11 - Options group: [TABS] Tabbed BrowsingO14 - IERESET.INF: START_PAGE_URL=http://www.zdnetindia.comO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cabO16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107144957275O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141296369281O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEO23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: SuperProServer - Unknown owner - C:\Tally\spnsrvnt.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\VMware Workstation\vmware-authd.exeO23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exeO23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exeO23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe Quote Link to post Share on other sites
therock247uk Posted August 12, 2006 Report Share Posted August 12, 2006 Download WindPFindExtract WinPFind.zip to your c:\ folder.Reboot your computer into Safe ModeThen open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic. Quote Link to post Share on other sites
jassuji Posted August 13, 2006 Author Report Share Posted August 13, 2006 ok i've scanned with WinPfind n here's the log...........WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600Internet Explorer Version: 6.0.2900.2180»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»Checking %SystemDrive% folder...UPX! 7/5/2005 11:54:28 AM 184 C:\win.txtPEC2 7/5/2005 11:54:28 AM 184 C:\win.txtFSG! 7/5/2005 11:55:06 AM 30 C:\windows.txtChecking %ProgramFilesDir% folder...Checking %WinDir% folder...Items found in C:\WINDOWS\hostsChecking %System% folder...PEC2 10/4/2001 7:13:42 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.mscaspack 7/7/2006 6:51:46 AM 6757792 C:\WINDOWS\SYSTEM32\MRT.exePEC2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dllPECompact2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dllwinsync 10/4/2001 7:16:34 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deuaspack 6/20/2004 5:07:00 AM 61440 C:\WINDOWS\SYSTEM32\APCORE.DLLaspack 2/2/2006 4:14:00 PM 53248 C:\WINDOWS\SYSTEM32\suppdll.dllUmonitor 8/4/2004 1:26:44 PM 657408 C:\WINDOWS\SYSTEM32\rasdlg.dllaspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dllaspack 12/5/2005 6:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dllaspack 2/3/2006 8:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dllaspack 3/31/2006 12:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dllaspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dllaspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dllaspack 8/4/2004 1:26:36 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dllPTech 5/1/2006 4:57:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLLUPX! 7/23/2001 8:29:32 AM 552960 C:\WINDOWS\SYSTEM32\saxzip.ocxUPX! 12/19/2004 11:00:00 PM 111104 C:\WINDOWS\SYSTEM32\Uharc.exeChecking %System%\Drivers folder and sub-folders...PTech 6/10/2004 3:57:20 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sysItems found in C:\WINDOWS\SYSTEM32\drivers\etc\hostsChecking the Windows folder and sub-folders for system and hidden files within the last 60 days... 8/13/2006 11:26:10 PM S 2048 C:\WINDOWS\bootstat.dat 8/13/2006 11:24:18 PM H 1667072 C:\WINDOWS\system32\config\system.LOG 8/13/2006 11:24:16 PM H 147456 C:\WINDOWS\system32\config\software.LOG 8/13/2006 11:24:16 PM H 8192 C:\WINDOWS\system32\config\default.LOG 8/13/2006 11:26:30 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG 8/13/2006 11:26:10 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG 7/15/2006 3:01:42 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\ReinstallBackups\0030\DriverFiles\w810mdm.cat 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem55.CAT 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem56.CAT 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem57.CAT 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem58.CAT 7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem59.CAT 7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem60.CAT 7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem61.CAT 7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem63.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem64.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem65.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem66.CAT 7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem67.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem68.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem69.CAT 7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem70.CAT 7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem71.CAT 7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem72.CAT 7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem73.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem74.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem75.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem76.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem77.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem78.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem79.CAT 7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem80.CAT 7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem81.CAT 7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem82.CAT 7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem83.CAT 7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem84.CAT 7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem85.CAT 7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem86.CAT 7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem87.CAT 7/4/2006 8:59:14 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem88.CAT 7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem89.CAT 7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem90.CAT 7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem91.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem92.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem93.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem94.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem95.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem96.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem97.CAT 7/4/2006 8:59:16 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem98.CAT 7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem99.CAT 7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem100.CAT 7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem101.CAT 7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem102.CAT 7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem103.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem104.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem105.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem106.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem107.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem108.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem109.CAT 7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem110.CAT 7/4/2006 8:59:18 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem111.CAT 7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem112.CAT 7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem113.CAT 7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem114.CAT 7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem115.CAT 7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem116.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem117.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem118.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem119.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem120.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem121.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem122.CAT 7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem123.CAT 7/4/2006 8:59:18 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem124.CAT 7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem125.CAT 7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem126.CAT 7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem127.CAT 7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem128.CAT 7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem129.CAT 7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem130.CAT 7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem131.CAT 7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem132.CAT 7/4/2006 8:59:18 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem133.CAT 7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem134.CAT 7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem135.CAT 7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem136.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem137.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem138.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem139.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem140.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem141.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem142.CAT 7/4/2006 8:59:20 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem143.CAT 7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem144.CAT 7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem145.CAT 7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem146.CAT 7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem147.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem148.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem149.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem150.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem151.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem152.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem153.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem154.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem155.CAT 7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem156.CAT 7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem157.CAT 7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem158.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem159.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem160.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem161.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem162.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem163.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem164.CAT 7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem165.CAT 7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem166.CAT 7/4/2006 8:59:20 PM S 7415 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem167.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem168.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem169.CAT 7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem170.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem171.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem172.CAT 7/4/2006 8:59:22 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem173.CAT 7/4/2006 8:59:22 PM S 9712 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem174.CAT 7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem175.CAT 7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem176.CAT 7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem177.CAT 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem178.CAT 8/5/2006 9:59:16 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred 8/5/2006 9:59:16 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\000f2e23-7d1d-40aa-894c-2b3773ddcf53 7/30/2006 12:37:44 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 7/30/2006 12:37:44 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3bb7f969-74cc-4395-bab3-1b9dcb42498e 8/13/2006 11:24:10 PM H 6 C:\WINDOWS\Tasks\SA.DATChecking for CPL files... 7/29/2004 12:56:00 PM 221184 C:\WINDOWS\SYSTEM32\cttune.cplSun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 230400 C:\WINDOWS\SYSTEM32\timedate.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 266240 C:\WINDOWS\SYSTEM32\intl.cplMicrosoft Corporation 1/18/2006 6:11:42 AM 3028992 C:\WINDOWS\SYSTEM32\inetcpl.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cplMicrosoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cplMicrosoft Corporation 10/4/2001 7:15:34 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cplInstallShield Software Corporation8/9/2004 6:04:02 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 403968 C:\WINDOWS\SYSTEM32\nusrmgr.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\powercfg.cpl 12/10/2004 10:47:44 AM 53248 C:\WINDOWS\SYSTEM32\vp6dec_settings.cplMicrosoft Corporation 9/30/2004 3:47:14 PM 135168 C:\WINDOWS\SYSTEM32\directx.cpl 12/29/2002 4:44:38 AM 81920 C:\WINDOWS\SYSTEM32\startup.cplWIDCOMM, Inc. 10/15/2003 1:47:28 PM 245819 C:\WINDOWS\SYSTEM32\btcpl.cplRealtek Semiconductor Corp. 1/10/2006 1:58:40 PM 266240 C:\WINDOWS\SYSTEM32\RTSndMgr.CplMicrosoft Corporation 8/4/2004 1:26:58 PM 471040 C:\WINDOWS\SYSTEM32\sysdm.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 654848 C:\WINDOWS\SYSTEM32\appwiz.cplRealtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ALSndMgr.CplMicrosoft Corporation 8/4/2004 1:26:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 470528 C:\WINDOWS\SYSTEM32\hdwwiz.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 205312 C:\WINDOWS\SYSTEM32\joy.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 902656 C:\WINDOWS\SYSTEM32\mmsys.cplIntel Corporation 2/7/2006 8:38:52 AM 81920 C:\WINDOWS\SYSTEM32\igfxcpl.cplMicrosoft Corporation 8/7/2004 5:47:02 AM 187904 C:\WINDOWS\SYSTEM32\main.cplMicrosoft Corporation 8/7/2004 5:47:26 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cplMicrosoft Corporation 8/7/2004 5:48:04 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl 10/1/2003 1:00:00 AM 6151 C:\WINDOWS\SYSTEM32\txp3.cpl 9/4/2004 6:45:56 AM 172032 C:\WINDOWS\SYSTEM32\LClock.cplSun Microsystems 4/20/2002 11:39:12 PM 45175 C:\WINDOWS\SYSTEM32\plugincpl140_01.cplTeleca Software Solutions AB 9/20/2004 1:09:04 PM 344064 C:\WINDOWS\SYSTEM32\ecsepm.cpl?????????? ?????????? 8/17/2004 4:05:12 PM 138752 C:\WINDOWS\SYSTEM32\dllcache\access.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 678912 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 136704 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 606208 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 403968 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 205824 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl?????????? ?????????? 10/20/2001 4:00:00 AM 964096 C:\WINDOWS\SYSTEM32\dllcache\main.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 904704 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl?????????? ?????????? 10/20/2001 4:00:00 AM 303104 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 407040 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 380928 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl?????????? ?????????? 1/8/2006 1:57:44 PM 1007104 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl?????????? ?????????? 10/20/2001 4:00:00 AM 98816 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 93696 C:\WINDOWS\SYSTEM32\dllcache\timedate.cplRealtek Semiconductor Corp. 11/2/2005 2:54:08 PM 266240 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\RTSndMgr.CPLRealtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\ALSNDMGR.CPLIntel Corporation 9/20/2005 10:35:12 AM 77824 C:\WINDOWS\SYSTEM32\ReinstallBackups\0032\DriverFiles\igfxcpl.cpl»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»Checking files in %ALLUSERSPROFILE%\Startup folder... 7/30/2006 10:57:58 PM 1661 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk 8/5/2006 9:49:18 PM 681 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BTTray.lnk 12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini 2/28/2005 8:51:58 PM 797 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk 11/17/2005 10:12:40 PM 1547 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Phone Connection Monitor.lnk 6/17/2005 8:54:10 PM 1420 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\PowerMenu.lnkChecking files in %ALLUSERSPROFILE%\Application Data folder... 12/29/2004 8:30:30 PM HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini 6/8/2006 12:56:06 AM 1356 C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCacheChecking files in %USERPROFILE%\Startup folder... 12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\lovee\Start Menu\Programs\Startup\desktop.iniChecking files in %USERPROFILE%\Application Data folder... 3/11/2006 10:31:26 PM 875 C:\Documents and Settings\lovee\Application Data\AdobeDLM.log 12/2/2004 5:30:26 PM HS 62 C:\Documents and Settings\lovee\Application Data\desktop.ini 3/11/2006 10:31:26 PM 0 C:\Documents and Settings\lovee\Application Data\dm.ini 7/23/2006 9:34:48 AM 110640 C:\Documents and Settings\lovee\Application Data\GDIPFONTCACHEV1.DAT»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] = [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved][HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\RExpCtx {D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLLHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLLHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CMenuExtender {ABC70703-32AF-11d4-90C4-D483A70F4825} = F:\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\RExpCtx {D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7A5117B0-B594-4DA8-829D-D15BF11996F2} = C:\Program Files\DAEMON Tools\awxDTools.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882} = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} IeCatch5 Class = C:\PROGRA~1\FLASHGET\jccatch.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\system32\SHDOCVW.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} = FlashGet Bar : C:\PROGRA~1\FLASHGET\fgiebar.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dllHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} MenuText = Tri&xie Options... : C:\WINDOWS\system32\mscoree.DLLHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} ButtonText = @btrez.dll,-4015 : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} ButtonText = FlashGet : C:\PROGRA~1\FLASHGET\flashget.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} ButtonText = Yahoo! Messenger : C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dllHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" SoundMan SOUNDMAN.EXE AlcWzrd ALCWZRD.EXE Alcmtr ALCMTR.EXE igfxtray C:\WINDOWS\system32\igfxtray.exe igfxhkcmd C:\WINDOWS\system32\hkcmd.exe igfxpers C:\WINDOWS\system32\igfxpers.exe Sunkist2k C:\Program Files\Multimedia Card Reader\shwicon2k.exe NeroFilterCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot Sony Ericsson PC Suite "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent BigDogPath C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL) QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ctfmon.exe C:\WINDOWS\system32\ctfmon.exe[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\servicesHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolderHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup location Common Startup item InterVideo Scheduler server backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup location Common Startup item InterVideo Scheduler serverHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup location Common Startup command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE item InterVideo WinCinema Manager backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup location Common Startup command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE item InterVideo WinCinema ManagerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup location Common Startup command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l item Microsoft Office backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup location Common Startup command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l item Microsoft OfficeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 Detect.lnk backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup location Common Startup command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE item PCSuiteForNokia6600 Detect backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup location Common Startup command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE item PCSuiteForNokia6600 DetectHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 TS.lnk backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup location Common Startup command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE item PCSuiteForNokia6600 TS backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup location Common Startup command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE item PCSuiteForNokia6600 TSHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^lovee^Start Menu^Programs^Startup^Styler.exe.lnk path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk backup C:\WINDOWS\pss\Styler.exe.lnkStartup location Startup command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe item Styler.exe path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk backup C:\WINDOWS\pss\Styler.exe.lnkStartup location Startup command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe item Styler.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkey HKLM command inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alcmtr key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ALCMTR hkey HKLM command ALCMTR.EXE inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ALCMTR hkey HKLM command ALCMTR.EXE inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcWzrd key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ALCWZRD hkey HKLM command ALCWZRD.EXE inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ALCWZRD hkey HKLM command ALCWZRD.EXE inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DataLayer key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item DATALA~1 hkey HKLM command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item DATALA~1 hkey HKLM command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DirectX shell driver key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item sammp32 hkey HKCU command C:\WINDOWS\sammp32.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item sammp32 hkey HKCU command C:\WINDOWS\sammp32.exe inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FastTVSync key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item FastTVSync hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item FastTVSync hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hkt key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkt hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkt hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Internet Optimizer key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item optimize hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item optimize hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IST Service key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item istsvc hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item istsvc hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item isuspm hkey HKLM command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item isuspm hkey HKLM command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item issch hkey HKLM command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item issch hkey HKLM command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Kgmh key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item gufbjg hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item gufbjg hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Access key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MediaAccK hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MediaAccK hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\New.net Startup key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NEWDOT~1 hkey HKLM command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NEWDOT~1 hkey HKLM command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSuiteTrayApplication key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TRAYAP~1 hkey HKLM command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TRAYAP~1 hkey HKLM command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Scan key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item powerscan hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item powerscan hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item qttask hkey HKLM command "C:\Program Files\QuickTime\qttask.exe" -atboottime inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item qttask hkey HKLM command "C:\Program Files\QuickTime\qttask.exe" -atboottime inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\saap key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item saap hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item saap hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item realsched hkey HKLM command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item realsched hkey HKLM command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tSd6bm key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item oypjl hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item oypjl hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item dumprep 0 -u hkey HKLM command %systemroot%\system32\dumprep 0 -u inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item dumprep 0 -u hkey HKLM command %systemroot%\system32\dumprep 0 -u inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebRebates0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item WebRebates0 hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item WebRebates0 hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\zufo key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item zufom hkey HKCU inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item zufom hkey HKCU inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 2 bootini 2 services 0 startup 2[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer UseDesktopIniCache 1 NoCDBurning 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run UpdateManager C:\Program Files\Common Files\Microsoft Shared\MSEnv\vers_man.exe.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ExtHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID {17492023-C23A-453E-A040-C7C580BBF700} 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\RatingsHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policie Quote Link to post Share on other sites
jassuji Posted August 13, 2006 Author Report Share Posted August 13, 2006 WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600Internet Explorer Version: 6.0.2900.2180»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»Checking %SystemDrive% folder...UPX! 7/5/2005 11:54:28 AM 184 C:\win.txtPEC2 7/5/2005 11:54:28 AM 184 C:\win.txtFSG! 7/5/2005 11:55:06 AM 30 C:\windows.txtChecking %ProgramFilesDir% folder...Checking %WinDir% folder...Items found in C:\WINDOWS\hostsChecking %System% folder...PEC2 10/4/2001 7:13:42 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.mscaspack 7/7/2006 6:51:46 AM 6757792 C:\WINDOWS\SYSTEM32\MRT.exePEC2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dllPECompact2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dllwinsync 10/4/2001 7:16:34 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deuaspack 6/20/2004 5:07:00 AM 61440 C:\WINDOWS\SYSTEM32\APCORE.DLLaspack 2/2/2006 4:14:00 PM 53248 C:\WINDOWS\SYSTEM32\suppdll.dllUmonitor 8/4/2004 1:26:44 PM 657408 C:\WINDOWS\SYSTEM32\rasdlg.dllaspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dllaspack 12/5/2005 6:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dllaspack 2/3/2006 8:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dllaspack 3/31/2006 12:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dllaspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dllaspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dllaspack 8/4/2004 1:26:36 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dllPTech 5/1/2006 4:57:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLLUPX! 7/23/2001 8:29:32 AM 552960 C:\WINDOWS\SYSTEM32\saxzip.ocxUPX! 12/19/2004 11:00:00 PM 111104 C:\WINDOWS\SYSTEM32\Uharc.exeChecking %System%\Drivers folder and sub-folders...PTech 6/10/2004 3:57:20 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sysItems found in C:\WINDOWS\SYSTEM32\drivers\etc\hostsChecking the Windows folder and sub-folders for system and hidden files within the last 60 days... 8/13/2006 11:26:10 PM S 2048 C:\WINDOWS\bootstat.dat 8/13/2006 11:24:18 PM H 1667072 C:\WINDOWS\system32\config\system.LOG 8/13/2006 11:24:16 PM H 147456 C:\WINDOWS\system32\config\software.LOG 8/13/2006 11:24:16 PM H 8192 C:\WINDOWS\system32\config\default.LOG 8/13/2006 11:26:30 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG 8/13/2006 11:26:10 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG 7/15/2006 3:01:42 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\ReinstallBackups\0030\DriverFiles\w810mdm.cat 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem55.CAT 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem56.CAT 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem57.CAT 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem58.CAT 7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem59.CAT 7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem60.CAT 7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem61.CAT 7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem63.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem64.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem65.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem66.CAT 7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem67.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem68.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem69.CAT 7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem70.CAT 7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem71.CAT 7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem72.CAT 7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem73.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem74.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem75.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem76.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem77.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem78.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem79.CAT 7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem80.CAT 7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem81.CAT 7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem82.CAT 7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem83.CAT 7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem84.CAT 7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem85.CAT 7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem86.CAT 7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem87.CAT 7/4/2006 8:59:14 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem88.CAT 7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem89.CAT 7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem90.CAT 7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem91.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem92.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem93.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem94.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem95.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem96.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem97.CAT 7/4/2006 8:59:16 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem98.CAT 7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem99.CAT 7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem100.CAT 7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem101.CAT 7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem102.CAT 7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem103.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem104.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem105.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem106.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem107.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem108.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem109.CAT 7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem110.CAT 7/4/2006 8:59:18 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem111.CAT 7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem112.CAT 7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem113.CAT 7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem114.CAT 7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem115.CAT 7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem116.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem117.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem118.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem119.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem120.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem121.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem122.CAT 7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem123.CAT 7/4/2006 8:59:18 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem124.CAT 7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem125.CAT 7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem126.CAT 7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem127.CAT 7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem128.CAT 7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem129.CAT 7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem130.CAT 7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem131.CAT 7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem132.CAT 7/4/2006 8:59:18 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem133.CAT 7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem134.CAT 7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem135.CAT 7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem136.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem137.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem138.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem139.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem140.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem141.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem142.CAT 7/4/2006 8:59:20 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem143.CAT 7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem144.CAT 7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem145.CAT 7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem146.CAT 7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem147.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem148.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem149.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem150.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem151.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem152.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem153.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem154.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem155.CAT 7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem156.CAT 7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem157.CAT 7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem158.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem159.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem160.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem161.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem162.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem163.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem164.CAT 7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem165.CAT 7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem166.CAT 7/4/2006 8:59:20 PM S 7415 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem167.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem168.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem169.CAT 7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem170.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem171.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem172.CAT 7/4/2006 8:59:22 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem173.CAT 7/4/2006 8:59:22 PM S 9712 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem174.CAT 7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem175.CAT 7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem176.CAT 7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem177.CAT 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem178.CAT 8/5/2006 9:59:16 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred 8/5/2006 9:59:16 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\000f2e23-7d1d-40aa-894c-2b3773ddcf53 7/30/2006 12:37:44 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 7/30/2006 12:37:44 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3bb7f969-74cc-4395-bab3-1b9dcb42498e 8/13/2006 11:24:10 PM H 6 C:\WINDOWS\Tasks\SA.DATChecking for CPL files... 7/29/2004 12:56:00 PM 221184 C:\WINDOWS\SYSTEM32\cttune.cplSun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 230400 C:\WINDOWS\SYSTEM32\timedate.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 266240 C:\WINDOWS\SYSTEM32\intl.cplMicrosoft Corporation 1/18/2006 6:11:42 AM 3028992 C:\WINDOWS\SYSTEM32\inetcpl.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cplMicrosoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cplMicrosoft Corporation 10/4/2001 7:15:34 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cplInstallShield Software Corporation8/9/2004 6:04:02 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 403968 C:\WINDOWS\SYSTEM32\nusrmgr.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\powercfg.cpl 12/10/2004 10:47:44 AM 53248 C:\WINDOWS\SYSTEM32\vp6dec_settings.cplMicrosoft Corporation 9/30/2004 3:47:14 PM 135168 C:\WINDOWS\SYSTEM32\directx.cpl 12/29/2002 4:44:38 AM 81920 C:\WINDOWS\SYSTEM32\startup.cplWIDCOMM, Inc. 10/15/2003 1:47:28 PM 245819 C:\WINDOWS\SYSTEM32\btcpl.cplRealtek Semiconductor Corp. 1/10/2006 1:58:40 PM 266240 C:\WINDOWS\SYSTEM32\RTSndMgr.CplMicrosoft Corporation 8/4/2004 1:26:58 PM 471040 C:\WINDOWS\SYSTEM32\sysdm.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 654848 C:\WINDOWS\SYSTEM32\appwiz.cplRealtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ALSndMgr.CplMicrosoft Corporation 8/4/2004 1:26:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 470528 C:\WINDOWS\SYSTEM32\hdwwiz.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 205312 C:\WINDOWS\SYSTEM32\joy.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 902656 C:\WINDOWS\SYSTEM32\mmsys.cplIntel Corporation 2/7/2006 8:38:52 AM 81920 C:\WINDOWS\SYSTEM32\igfxcpl.cplMicrosoft Corporation 8/7/2004 5:47:02 AM 187904 C:\WINDOWS\SYSTEM32\main.cplMicrosoft Corporation 8/7/2004 5:47:26 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cplMicrosoft Corporation 8/7/2004 5:48:04 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl 10/1/2003 1:00:00 AM 6151 C:\WINDOWS\SYSTEM32\txp3.cpl 9/4/2004 6:45:56 AM 172032 C:\WINDOWS\SYSTEM32\LClock.cplSun Microsystems 4/20/2002 11:39:12 PM 45175 C:\WINDOWS\SYSTEM32\plugincpl140_01.cplTeleca Software Solutions AB 9/20/2004 1:09:04 PM 344064 C:\WINDOWS\SYSTEM32\ecsepm.cpl?????????? ?????????? 8/17/2004 4:05:12 PM 138752 C:\WINDOWS\SYSTEM32\dllcache\access.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 678912 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 136704 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 606208 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 403968 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 205824 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl?????????? ?????????? 10/20/2001 4:00:00 AM 964096 C:\WINDOWS\SYSTEM32\dllcache\main.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 904704 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl?????????? ?????????? 10/20/2001 4:00:00 AM 303104 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 407040 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 380928 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl?????????? ?????????? 1/8/2006 1:57:44 PM 1007104 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl?????????? ?????????? 10/20/2001 4:00:00 AM 98816 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 93696 C:\WINDOWS\SYSTEM32\dllcache\timedate.cplRealtek Semiconductor Corp. 11/2/2005 2:54:08 PM 266240 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\RTSndMgr.CPLRealtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\ALSNDMGR.CPLIntel Corporation 9/20/2005 10:35:12 AM 77824 C:\WINDOWS\SYSTEM32\ReinstallBackups\0032\DriverFiles\igfxcpl.cpl»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»Checking files in %ALLUSERSPROFILE%\Startup folder... 7/30/2006 10:57:58 PM 1661 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk 8/5/2006 9:49:18 PM 681 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BTTray.lnk 12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini 2/28/2005 8:51:58 PM 797 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk 11/17/2005 10:12:40 PM 1547 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Phone Connection Monitor.lnk 6/17/2005 8:54:10 PM 1420 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\PowerMenu.lnkChecking files in %ALLUSERSPROFILE%\Application Data folder... 12/29/2004 8:30:30 PM HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini 6/8/2006 12:56:06 AM 1356 C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCacheChecking files in %USERPROFILE%\Startup folder... 12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\lovee\Start Menu\Programs\Startup\desktop.iniChecking files in %USERPROFILE%\Application Data folder... 3/11/2006 10:31:26 PM 875 C:\Documents and Settings\lovee\Application Data\AdobeDLM.log 12/2/2004 5:30:26 PM HS 62 C:\Documents and Settings\lovee\Application Data\desktop.ini 3/11/2006 10:31:26 PM 0 C:\Documents and Settings\lovee\Application Data\dm.ini 7/23/2006 9:34:48 AM 110640 C:\Documents and Settings\lovee\Application Data\GDIPFONTCACHEV1.DAT»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] = [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved][HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\RExpCtx {D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLLHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLLHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CMenuExtender {ABC70703-32AF-11d4-90C4-D483A70F4825} = F:\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\RExpCtx {D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7A5117B0-B594-4DA8-829D-D15BF11996F2} = C:\Program Files\DAEMON Tools\awxDTools.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882} = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} IeCatch5 Class = C:\PROGRA~1\FLASHGET\jccatch.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\system32\SHDOCVW.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} = FlashGet Bar : C:\PROGRA~1\FLASHGET\fgiebar.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dllHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} MenuText = Tri&xie Options... : C:\WINDOWS\system32\mscoree.DLLHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} ButtonText = @btrez.dll,-4015 : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} ButtonText = FlashGet : C:\PROGRA~1\FLASHGET\flashget.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} ButtonText = Yahoo! Messenger : C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dllHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" SoundMan SOUNDMAN.EXE AlcWzrd ALCWZRD.EXE Alcmtr ALCMTR.EXE igfxtray C:\WINDOWS\system32\igfxtray.exe igfxhkcmd C:\WINDOWS\system32\hkcmd.exe igfxpers C:\WINDOWS\system32\igfxpers.exe Sunkist2k C:\Program Files\Multimedia Card Reader\shwicon2k.exe NeroFilterCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot Sony Ericsson PC Suite "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent BigDogPath C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL) QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ctfmon.exe C:\WINDOWS\system32\ctfmon.exe[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\servicesHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolderHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup location Common Startup item InterVideo Scheduler server backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup location Common Startup item InterVideo Scheduler serverHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup location Common Startup command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE item InterVideo WinCinema Manager backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup location Common Startup command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE item InterVideo WinCinema ManagerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup location Common Startup command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l item Microsoft Office backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup location Common Startup command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l item Microsoft OfficeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 Detect.lnk backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup location Common Startup command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE item PCSuiteForNokia6600 Detect backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup location Common Startup command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE item PCSuiteForNokia6600 DetectHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 TS.lnk backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup location Common Startup command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE item PCSuiteForNokia6600 TS backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup location Common Startup command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE item PCSuiteForNokia6600 TSHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^lovee^Start Menu^Programs^Startup^Styler.exe.lnk path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk backup C:\WINDOWS\pss\Styler.exe.lnkStartup location Startup command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe item Styler.exe path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk backup C:\WINDOWS\pss\Styler.exe.lnkStartup location Startup command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe item Styler.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkey HKLM command inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alcmtr key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ALCMTR hkey HKLM command ALCMTR.EXE inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ALCMTR hkey HKLM command ALCMTR.EXE inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcWzrd key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ALCWZRD hkey HKLM command ALCWZRD.EXE inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ALCWZRD hkey HKLM command ALCWZRD.EXE inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DataLayer key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item DATALA~1 hkey HKLM command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item DATALA~1 hkey HKLM command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DirectX shell driver key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item sammp32 hkey HKCU command C:\WINDOWS\sammp32.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item sammp32 hkey HKCU command C:\WINDOWS\sammp32.exe inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FastTVSync key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item FastTVSync hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item FastTVSync hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hkt key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkt hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkt hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Internet Optimizer key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item optimize hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item optimize hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IST Service key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item istsvc hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item istsvc hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item isuspm hkey HKLM command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item isuspm hkey HKLM command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item issch hkey HKLM command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item issch hkey HKLM command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Kgmh key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item gufbjg hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item gufbjg hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Access key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MediaAccK hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MediaAccK hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\New.net Startup key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NEWDOT~1 hkey HKLM command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NEWDOT~1 hkey HKLM command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSuiteTrayApplication key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TRAYAP~1 hkey HKLM command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TRAYAP~1 hkey HKLM command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Scan key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item powerscan hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item powerscan hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item qttask hkey HKLM command "C:\Program Files\QuickTime\qttask.exe" -atboottime inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item qttask hkey HKLM command "C:\Program Files\QuickTime\qttask.exe" -atboottime inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\saap key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item saap hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item saap hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item realsched hkey HKLM command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item realsched hkey HKLM command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tSd6bm key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item oypjl hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item oypjl hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item dumprep 0 -u hkey HKLM command %systemroot%\system32\dumprep 0 -u inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item dumprep 0 -u hkey HKLM command %systemroot%\system32\dumprep 0 -u inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebRebates0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item WebRebates0 hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item WebRebates0 hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\zufo key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item zufom hkey HKCU inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item zufom hkey HKCU inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 2 bootini 2 services 0 startup 2[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer UseDesktopIniCache 1 NoCDBurning 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run UpdateManager C:\Program Files\Common Files\Microsoft Shared\MSEnv\vers_man.exe.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ExtHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID {17492023-C23A-453E-A040-C7C580BBF700} 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\RatingsHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legal Quote Link to post Share on other sites
jassuji Posted August 13, 2006 Author Report Share Posted August 13, 2006 (edited) sorry abt the earlier post i did a fast reply n the whole log did'nt came thru so i'm postin it again.sorry again..........WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600Internet Explorer Version: 6.0.2900.2180»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»Checking %SystemDrive% folder...UPX! 7/5/2005 11:54:28 AM 184 C:\win.txtPEC2 7/5/2005 11:54:28 AM 184 C:\win.txtFSG! 7/5/2005 11:55:06 AM 30 C:\windows.txtChecking %ProgramFilesDir% folder...Checking %WinDir% folder...Items found in C:\WINDOWS\hostsChecking %System% folder...PEC2 10/4/2001 7:13:42 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.mscaspack 7/7/2006 6:51:46 AM 6757792 C:\WINDOWS\SYSTEM32\MRT.exePEC2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dllPECompact2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dllwinsync 10/4/2001 7:16:34 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deuaspack 6/20/2004 5:07:00 AM 61440 C:\WINDOWS\SYSTEM32\APCORE.DLLaspack 2/2/2006 4:14:00 PM 53248 C:\WINDOWS\SYSTEM32\suppdll.dllUmonitor 8/4/2004 1:26:44 PM 657408 C:\WINDOWS\SYSTEM32\rasdlg.dllaspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dllaspack 12/5/2005 6:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dllaspack 2/3/2006 8:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dllaspack 3/31/2006 12:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dllaspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dllaspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dllaspack 8/4/2004 1:26:36 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dllPTech 5/1/2006 4:57:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLLUPX! 7/23/2001 8:29:32 AM 552960 C:\WINDOWS\SYSTEM32\saxzip.ocxUPX! 12/19/2004 11:00:00 PM 111104 C:\WINDOWS\SYSTEM32\Uharc.exeChecking %System%\Drivers folder and sub-folders...PTech 6/10/2004 3:57:20 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sysItems found in C:\WINDOWS\SYSTEM32\drivers\etc\hostsChecking the Windows folder and sub-folders for system and hidden files within the last 60 days... 8/13/2006 11:26:10 PM S 2048 C:\WINDOWS\bootstat.dat 8/13/2006 11:24:18 PM H 1667072 C:\WINDOWS\system32\config\system.LOG 8/13/2006 11:24:16 PM H 147456 C:\WINDOWS\system32\config\software.LOG 8/13/2006 11:24:16 PM H 8192 C:\WINDOWS\system32\config\default.LOG 8/13/2006 11:26:30 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG 8/13/2006 11:26:10 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG 7/15/2006 3:01:42 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\ReinstallBackups\0030\DriverFiles\w810mdm.cat 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem55.CAT 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem56.CAT 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem57.CAT 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem58.CAT 7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem59.CAT 7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem60.CAT 7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem61.CAT 7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem63.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem64.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem65.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem66.CAT 7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem67.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem68.CAT 7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem69.CAT 7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem70.CAT 7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem71.CAT 7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem72.CAT 7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem73.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem74.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem75.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem76.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem77.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem78.CAT 7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem79.CAT 7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem80.CAT 7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem81.CAT 7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem82.CAT 7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem83.CAT 7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem84.CAT 7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem85.CAT 7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem86.CAT 7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem87.CAT 7/4/2006 8:59:14 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem88.CAT 7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem89.CAT 7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem90.CAT 7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem91.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem92.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem93.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem94.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem95.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem96.CAT 7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem97.CAT 7/4/2006 8:59:16 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem98.CAT 7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem99.CAT 7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem100.CAT 7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem101.CAT 7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem102.CAT 7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem103.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem104.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem105.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem106.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem107.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem108.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem109.CAT 7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem110.CAT 7/4/2006 8:59:18 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem111.CAT 7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem112.CAT 7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem113.CAT 7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem114.CAT 7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem115.CAT 7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem116.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem117.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem118.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem119.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem120.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem121.CAT 7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem122.CAT 7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem123.CAT 7/4/2006 8:59:18 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem124.CAT 7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem125.CAT 7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem126.CAT 7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem127.CAT 7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem128.CAT 7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem129.CAT 7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem130.CAT 7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem131.CAT 7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem132.CAT 7/4/2006 8:59:18 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem133.CAT 7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem134.CAT 7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem135.CAT 7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem136.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem137.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem138.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem139.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem140.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem141.CAT 7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem142.CAT 7/4/2006 8:59:20 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem143.CAT 7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem144.CAT 7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem145.CAT 7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem146.CAT 7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem147.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem148.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem149.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem150.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem151.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem152.CAT 7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem153.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem154.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem155.CAT 7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem156.CAT 7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem157.CAT 7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem158.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem159.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem160.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem161.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem162.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem163.CAT 7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem164.CAT 7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem165.CAT 7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem166.CAT 7/4/2006 8:59:20 PM S 7415 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem167.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem168.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem169.CAT 7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem170.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem171.CAT 7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem172.CAT 7/4/2006 8:59:22 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem173.CAT 7/4/2006 8:59:22 PM S 9712 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem174.CAT 7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem175.CAT 7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem176.CAT 7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem177.CAT 7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem178.CAT 8/5/2006 9:59:16 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred 8/5/2006 9:59:16 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\000f2e23-7d1d-40aa-894c-2b3773ddcf53 7/30/2006 12:37:44 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 7/30/2006 12:37:44 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3bb7f969-74cc-4395-bab3-1b9dcb42498e 8/13/2006 11:24:10 PM H 6 C:\WINDOWS\Tasks\SA.DATChecking for CPL files... 7/29/2004 12:56:00 PM 221184 C:\WINDOWS\SYSTEM32\cttune.cplSun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 230400 C:\WINDOWS\SYSTEM32\timedate.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 266240 C:\WINDOWS\SYSTEM32\intl.cplMicrosoft Corporation 1/18/2006 6:11:42 AM 3028992 C:\WINDOWS\SYSTEM32\inetcpl.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cplMicrosoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cplMicrosoft Corporation 10/4/2001 7:15:34 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cplInstallShield Software Corporation8/9/2004 6:04:02 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 403968 C:\WINDOWS\SYSTEM32\nusrmgr.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\powercfg.cpl 12/10/2004 10:47:44 AM 53248 C:\WINDOWS\SYSTEM32\vp6dec_settings.cplMicrosoft Corporation 9/30/2004 3:47:14 PM 135168 C:\WINDOWS\SYSTEM32\directx.cpl 12/29/2002 4:44:38 AM 81920 C:\WINDOWS\SYSTEM32\startup.cplWIDCOMM, Inc. 10/15/2003 1:47:28 PM 245819 C:\WINDOWS\SYSTEM32\btcpl.cplRealtek Semiconductor Corp. 1/10/2006 1:58:40 PM 266240 C:\WINDOWS\SYSTEM32\RTSndMgr.CplMicrosoft Corporation 8/4/2004 1:26:58 PM 471040 C:\WINDOWS\SYSTEM32\sysdm.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 654848 C:\WINDOWS\SYSTEM32\appwiz.cplRealtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ALSndMgr.CplMicrosoft Corporation 8/4/2004 1:26:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 470528 C:\WINDOWS\SYSTEM32\hdwwiz.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 205312 C:\WINDOWS\SYSTEM32\joy.cplMicrosoft Corporation 8/4/2004 1:26:58 PM 902656 C:\WINDOWS\SYSTEM32\mmsys.cplIntel Corporation 2/7/2006 8:38:52 AM 81920 C:\WINDOWS\SYSTEM32\igfxcpl.cplMicrosoft Corporation 8/7/2004 5:47:02 AM 187904 C:\WINDOWS\SYSTEM32\main.cplMicrosoft Corporation 8/7/2004 5:47:26 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cplMicrosoft Corporation 8/7/2004 5:48:04 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl 10/1/2003 1:00:00 AM 6151 C:\WINDOWS\SYSTEM32\txp3.cpl 9/4/2004 6:45:56 AM 172032 C:\WINDOWS\SYSTEM32\LClock.cplSun Microsystems 4/20/2002 11:39:12 PM 45175 C:\WINDOWS\SYSTEM32\plugincpl140_01.cplTeleca Software Solutions AB 9/20/2004 1:09:04 PM 344064 C:\WINDOWS\SYSTEM32\ecsepm.cpl?????????? ?????????? 8/17/2004 4:05:12 PM 138752 C:\WINDOWS\SYSTEM32\dllcache\access.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 678912 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 136704 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 606208 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 403968 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 205824 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl?????????? ?????????? 10/20/2001 4:00:00 AM 964096 C:\WINDOWS\SYSTEM32\dllcache\main.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 904704 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl?????????? ?????????? 10/20/2001 4:00:00 AM 303104 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 407040 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 380928 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl?????????? ?????????? 1/8/2006 1:57:44 PM 1007104 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl?????????? ?????????? 10/20/2001 4:00:00 AM 98816 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl?????????? ?????????? 8/17/2004 3:05:12 PM 93696 C:\WINDOWS\SYSTEM32\dllcache\timedate.cplRealtek Semiconductor Corp. 11/2/2005 2:54:08 PM 266240 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\RTSndMgr.CPLRealtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\ALSNDMGR.CPLIntel Corporation 9/20/2005 10:35:12 AM 77824 C:\WINDOWS\SYSTEM32\ReinstallBackups\0032\DriverFiles\igfxcpl.cpl»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»Checking files in %ALLUSERSPROFILE%\Startup folder... 7/30/2006 10:57:58 PM 1661 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk 8/5/2006 9:49:18 PM 681 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BTTray.lnk 12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini 2/28/2005 8:51:58 PM 797 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk 11/17/2005 10:12:40 PM 1547 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Phone Connection Monitor.lnk 6/17/2005 8:54:10 PM 1420 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\PowerMenu.lnkChecking files in %ALLUSERSPROFILE%\Application Data folder... 12/29/2004 8:30:30 PM HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini 6/8/2006 12:56:06 AM 1356 C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCacheChecking files in %USERPROFILE%\Startup folder... 12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\lovee\Start Menu\Programs\Startup\desktop.iniChecking files in %USERPROFILE%\Application Data folder... 3/11/2006 10:31:26 PM 875 C:\Documents and Settings\lovee\Application Data\AdobeDLM.log 12/2/2004 5:30:26 PM HS 62 C:\Documents and Settings\lovee\Application Data\desktop.ini 3/11/2006 10:31:26 PM 0 C:\Documents and Settings\lovee\Application Data\dm.ini 7/23/2006 9:34:48 AM 110640 C:\Documents and Settings\lovee\Application Data\GDIPFONTCACHEV1.DAT»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] = [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved][HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\RExpCtx {D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLLHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dllHKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLLHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CMenuExtender {ABC70703-32AF-11d4-90C4-D483A70F4825} = F:\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\RExpCtx {D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7A5117B0-B594-4DA8-829D-D15BF11996F2} = C:\Program Files\DAEMON Tools\awxDTools.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882} = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dllHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} IeCatch5 Class = C:\PROGRA~1\FLASHGET\jccatch.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\system32\SHDOCVW.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} = FlashGet Bar : C:\PROGRA~1\FLASHGET\fgiebar.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dllHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} MenuText = Tri&xie Options... : C:\WINDOWS\system32\mscoree.DLLHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} ButtonText = @btrez.dll,-4015 : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} ButtonText = FlashGet : C:\PROGRA~1\FLASHGET\flashget.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} ButtonText = Yahoo! Messenger : C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dllHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" SoundMan SOUNDMAN.EXE AlcWzrd ALCWZRD.EXE Alcmtr ALCMTR.EXE igfxtray C:\WINDOWS\system32\igfxtray.exe igfxhkcmd C:\WINDOWS\system32\hkcmd.exe igfxpers C:\WINDOWS\system32\igfxpers.exe Sunkist2k C:\Program Files\Multimedia Card Reader\shwicon2k.exe NeroFilterCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot Sony Ericsson PC Suite "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent BigDogPath C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL) QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ctfmon.exe C:\WINDOWS\system32\ctfmon.exe[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\servicesHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolderHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup location Common Startup item InterVideo Scheduler server backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup location Common Startup item InterVideo Scheduler serverHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup location Common Startup command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE item InterVideo WinCinema Manager backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup location Common Startup command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE item InterVideo WinCinema ManagerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup location Common Startup command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l item Microsoft Office backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup location Common Startup command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l item Microsoft OfficeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 Detect.lnk backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup location Common Startup command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE item PCSuiteForNokia6600 Detect backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup location Common Startup command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE item PCSuiteForNokia6600 DetectHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 TS.lnk backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup location Common Startup command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE item PCSuiteForNokia6600 TS backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup location Common Startup command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE item PCSuiteForNokia6600 TSHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^lovee^Start Menu^Programs^Startup^Styler.exe.lnk path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk backup C:\WINDOWS\pss\Styler.exe.lnkStartup location Startup command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe item Styler.exe path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk backup C:\WINDOWS\pss\Styler.exe.lnkStartup location Startup command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe item Styler.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkey HKLM command inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alcmtr key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ALCMTR hkey HKLM command ALCMTR.EXE inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ALCMTR hkey HKLM command ALCMTR.EXE inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcWzrd key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ALCWZRD hkey HKLM command ALCWZRD.EXE inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ALCWZRD hkey HKLM command ALCWZRD.EXE inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DataLayer key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item DATALA~1 hkey HKLM command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item DATALA~1 hkey HKLM command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DirectX shell driver key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item sammp32 hkey HKCU command C:\WINDOWS\sammp32.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item sammp32 hkey HKCU command C:\WINDOWS\sammp32.exe inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FastTVSync key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item FastTVSync hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item FastTVSync hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hkt key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkt hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkt hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Internet Optimizer key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item optimize hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item optimize hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IST Service key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item istsvc hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item istsvc hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item isuspm hkey HKLM command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item isuspm hkey HKLM command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item issch hkey HKLM command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item issch hkey HKLM command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Kgmh key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item gufbjg hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item gufbjg hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Access key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MediaAccK hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MediaAccK hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\New.net Startup key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NEWDOT~1 hkey HKLM command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NEWDOT~1 hkey HKLM command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSuiteTrayApplication key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TRAYAP~1 hkey HKLM command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TRAYAP~1 hkey HKLM command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Scan key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item powerscan hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item powerscan hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item qttask hkey HKLM command "C:\Program Files\QuickTime\qttask.exe" -atboottime inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item qttask hkey HKLM command "C:\Program Files\QuickTime\qttask.exe" -atboottime inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\saap key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item saap hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item saap hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item realsched hkey HKLM command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item realsched hkey HKLM command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tSd6bm key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item oypjl hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item oypjl hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item dumprep 0 -u hkey HKLM command %systemroot%\system32\dumprep 0 -u inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item dumprep 0 -u hkey HKLM command %systemroot%\system32\dumprep 0 -u inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebRebates0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item WebRebates0 hkey HKLM inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item WebRebates0 hkey HKLM inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\zufo key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item zufom hkey HKCU inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item zufom hkey HKCU inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 2 bootini 2 services 0 startup 2[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer UseDesktopIniCache 1 NoCDBurning 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run UpdateManager C:\Program Files\Common Files\Microsoft Shared\MSEnv\vers_man.exe.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ExtHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID {17492023-C23A-453E-A040-C7C580BBF700} 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\RatingsHKEY_LOCAL_MACH Edited August 13, 2006 by jassuji Quote Link to post Share on other sites
jassuji Posted August 13, 2006 Author Report Share Posted August 13, 2006 ok i hope this time it gets thru...........i'm attachin my WinPfind log fileWinPFind.Txt Quote Link to post Share on other sites
therock247uk Posted August 13, 2006 Report Share Posted August 13, 2006 Click start > run type msconfig check mark normal startup reboot and post a new Hijackthis log here in a reply... Quote Link to post Share on other sites
jassuji Posted August 17, 2006 Author Report Share Posted August 17, 2006 sorry m8 for replyin too late but i had to reinstall windows but i still can't open up hotmail,msn,microsoft n another new site i found messenger.yahoo.com.all these sites say website found waiting for reply but never load at all???????if u can help me with this problem i'd be really obliged Quote Link to post Share on other sites
therock247uk Posted August 17, 2006 Report Share Posted August 17, 2006 Follow my instructions in the above post... Quote Link to post Share on other sites
jassuji Posted August 18, 2006 Author Report Share Posted August 18, 2006 Logfile of HijackThis v1.99.1Scan saved at 1:28:13 AM, on 8/19/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\VM_STI.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\WINDOWS\system32\taskswitch.exeC:\Program Files\Java\jre1.5.0_08\bin\jusched.exeC:\Program Files\Multimedia Card Reader\shwicon2k.exeC:\WINDOWS\VM_STI.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\PowerMenu\PowerMenu.exeC:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exeC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exeC:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exeC:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Windows Media Player\wmplayer.exec:\unzipped\HijackThis\HijackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dllO2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noiconO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exeO4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exeO4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exeO4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exeO4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exeO4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exeO4 - Global Startup: BTTray.lnk = ?O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEO23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Quote Link to post Share on other sites
therock247uk Posted August 19, 2006 Report Share Posted August 19, 2006 Looks clean... Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.