Can't Open Ne Microsoft Related Website(hjt Log)


Recommended Posts

hii,

i'm not able to open up hotmail,microsoft,msn on my laptop n now as well as on my desktop.i've already posted everything abt my problem in the pc support section.if ne1 would like to know abt my problem n what ppl suggested me to do to go to this link below.so now i'm postin my Hjtlog if ne1 can help it would be apprieciated.

http://www.besttechie.net/forums/index.php?showtopic=9392

Logfile of HijackThis v1.99.1

Scan saved at 10:33:11 AM, on 8/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 SP1 (7.00.5299.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

E:\VMware Workstation\vmware-authd.exe

C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PowerMenu\PowerMenu.exe

C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Messenger\msmsgs.exe

c:\unzipped\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe

O4 - Global Startup: Phone Connection Monitor.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: START_PAGE_URL=http://www.zdnetindia.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107144957275

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141296369281

O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SuperProServer - Unknown owner - C:\Tally\spnsrvnt.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Link to post
Share on other sites

A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

1. Please download LSPFix from here.

2. Run the LSPFix.exe that you have just finished downloading.

3. Check the I know what I'm doing box.

4. In the Keep box you should see one or more instances of newdotnet6_38.dll.

5. Select every instance of newdotnet6_38.dll and move each one to the Remove box by clicking the >> button.

6. When you are done click Finish>>.

Then post a new Hijackthis log here in a reply.

Link to post
Share on other sites

thanx for the LSP fix problem.i've done what u've told me n here is my next log.........

Logfile of HijackThis v1.99.1

Scan saved at 3:18:58 PM, on 8/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 SP1 (7.00.5299.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

E:\VMware Workstation\vmware-authd.exe

C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PowerMenu\PowerMenu.exe

C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Messenger\msmsgs.exe

c:\unzipped\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe

O4 - Global Startup: Phone Connection Monitor.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: START_PAGE_URL=http://www.zdnetindia.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107144957275

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141296369281

O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SuperProServer - Unknown owner - C:\Tally\spnsrvnt.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Link to post
Share on other sites

Open Hijackthis and click scan. Then check mark the following entries

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab

Now close all open windows except Hijackthis and click fix checked

Then post a new Hijackthis log here in a reply.

Link to post
Share on other sites

ok i've deleted these entries but a few of them r not gettin deleted.i think my log will tell u everything.i really apprieciate ur help but i need a lil more help with a bigger problem n that's what my topic headlines mean.plzz do help me with that too.

i've googled abt my problem n saw on few websites abt DNS cache poisoning which could be related to my prob(i think).just if u know abt this plzz let me know or if ne1 else does then plz let me if i'm indected too or not????????

here's my log

Logfile of HijackThis v1.99.1

Scan saved at 10:42:45 PM, on 8/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 SP1 (7.00.5299.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PowerMenu\PowerMenu.exe

C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe

C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE

C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

E:\VMware Workstation\vmware-authd.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

D:\My Documents\Applications\utorrent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

c:\unzipped\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe

O4 - Global Startup: Phone Connection Monitor.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: START_PAGE_URL=http://www.zdnetindia.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107144957275

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141296369281

O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SuperProServer - Unknown owner - C:\Tally\spnsrvnt.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Link to post
Share on other sites

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe.

When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.

When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

Link to post
Share on other sites

ok i've scanned with WinPfind n here's the log...........

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600

Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

UPX! 7/5/2005 11:54:28 AM 184 C:\win.txt

PEC2 7/5/2005 11:54:28 AM 184 C:\win.txt

FSG! 7/5/2005 11:55:06 AM 30 C:\windows.txt

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Items found in C:\WINDOWS\hosts

Checking %System% folder...

PEC2 10/4/2001 7:13:42 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc

aspack 7/7/2006 6:51:46 AM 6757792 C:\WINDOWS\SYSTEM32\MRT.exe

PEC2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dll

PECompact2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dll

winsync 10/4/2001 7:16:34 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

aspack 6/20/2004 5:07:00 AM 61440 C:\WINDOWS\SYSTEM32\APCORE.DLL

aspack 2/2/2006 4:14:00 PM 53248 C:\WINDOWS\SYSTEM32\suppdll.dll

Umonitor 8/4/2004 1:26:44 PM 657408 C:\WINDOWS\SYSTEM32\rasdlg.dll

aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll

aspack 12/5/2005 6:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll

aspack 2/3/2006 8:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll

aspack 3/31/2006 12:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll

aspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll

aspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll

aspack 8/4/2004 1:26:36 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll

PTech 5/1/2006 4:57:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL

UPX! 7/23/2001 8:29:32 AM 552960 C:\WINDOWS\SYSTEM32\saxzip.ocx

UPX! 12/19/2004 11:00:00 PM 111104 C:\WINDOWS\SYSTEM32\Uharc.exe

Checking %System%\Drivers folder and sub-folders...

PTech 6/10/2004 3:57:20 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...

8/13/2006 11:26:10 PM S 2048 C:\WINDOWS\bootstat.dat

8/13/2006 11:24:18 PM H 1667072 C:\WINDOWS\system32\config\system.LOG

8/13/2006 11:24:16 PM H 147456 C:\WINDOWS\system32\config\software.LOG

8/13/2006 11:24:16 PM H 8192 C:\WINDOWS\system32\config\default.LOG

8/13/2006 11:26:30 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG

8/13/2006 11:26:10 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG

7/15/2006 3:01:42 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\ReinstallBackups\0030\DriverFiles\w810mdm.cat

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem55.CAT

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem56.CAT

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem57.CAT

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem58.CAT

7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem59.CAT

7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem60.CAT

7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem61.CAT

7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem63.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem64.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem65.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem66.CAT

7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem67.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem68.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem69.CAT

7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem70.CAT

7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem71.CAT

7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem72.CAT

7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem73.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem74.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem75.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem76.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem77.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem78.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem79.CAT

7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem80.CAT

7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem81.CAT

7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem82.CAT

7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem83.CAT

7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem84.CAT

7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem85.CAT

7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem86.CAT

7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem87.CAT

7/4/2006 8:59:14 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem88.CAT

7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem89.CAT

7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem90.CAT

7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem91.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem92.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem93.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem94.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem95.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem96.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem97.CAT

7/4/2006 8:59:16 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem98.CAT

7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem99.CAT

7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem100.CAT

7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem101.CAT

7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem102.CAT

7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem103.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem104.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem105.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem106.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem107.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem108.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem109.CAT

7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem110.CAT

7/4/2006 8:59:18 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem111.CAT

7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem112.CAT

7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem113.CAT

7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem114.CAT

7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem115.CAT

7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem116.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem117.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem118.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem119.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem120.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem121.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem122.CAT

7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem123.CAT

7/4/2006 8:59:18 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem124.CAT

7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem125.CAT

7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem126.CAT

7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem127.CAT

7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem128.CAT

7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem129.CAT

7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem130.CAT

7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem131.CAT

7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem132.CAT

7/4/2006 8:59:18 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem133.CAT

7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem134.CAT

7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem135.CAT

7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem136.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem137.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem138.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem139.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem140.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem141.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem142.CAT

7/4/2006 8:59:20 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem143.CAT

7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem144.CAT

7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem145.CAT

7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem146.CAT

7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem147.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem148.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem149.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem150.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem151.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem152.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem153.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem154.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem155.CAT

7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem156.CAT

7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem157.CAT

7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem158.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem159.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem160.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem161.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem162.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem163.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem164.CAT

7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem165.CAT

7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem166.CAT

7/4/2006 8:59:20 PM S 7415 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem167.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem168.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem169.CAT

7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem170.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem171.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem172.CAT

7/4/2006 8:59:22 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem173.CAT

7/4/2006 8:59:22 PM S 9712 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem174.CAT

7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem175.CAT

7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem176.CAT

7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem177.CAT

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem178.CAT

8/5/2006 9:59:16 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred

8/5/2006 9:59:16 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\000f2e23-7d1d-40aa-894c-2b3773ddcf53

7/30/2006 12:37:44 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred

7/30/2006 12:37:44 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3bb7f969-74cc-4395-bab3-1b9dcb42498e

8/13/2006 11:24:10 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...

7/29/2004 12:56:00 PM 221184 C:\WINDOWS\SYSTEM32\cttune.cpl

Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 230400 C:\WINDOWS\SYSTEM32\timedate.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 266240 C:\WINDOWS\SYSTEM32\intl.cpl

Microsoft Corporation 1/18/2006 6:11:42 AM 3028992 C:\WINDOWS\SYSTEM32\inetcpl.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl

Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl

Microsoft Corporation 10/4/2001 7:15:34 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl

InstallShield Software Corporation8/9/2004 6:04:02 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 403968 C:\WINDOWS\SYSTEM32\nusrmgr.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\powercfg.cpl

12/10/2004 10:47:44 AM 53248 C:\WINDOWS\SYSTEM32\vp6dec_settings.cpl

Microsoft Corporation 9/30/2004 3:47:14 PM 135168 C:\WINDOWS\SYSTEM32\directx.cpl

12/29/2002 4:44:38 AM 81920 C:\WINDOWS\SYSTEM32\startup.cpl

WIDCOMM, Inc. 10/15/2003 1:47:28 PM 245819 C:\WINDOWS\SYSTEM32\btcpl.cpl

Realtek Semiconductor Corp. 1/10/2006 1:58:40 PM 266240 C:\WINDOWS\SYSTEM32\RTSndMgr.Cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 471040 C:\WINDOWS\SYSTEM32\sysdm.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 654848 C:\WINDOWS\SYSTEM32\appwiz.cpl

Realtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ALSndMgr.Cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 470528 C:\WINDOWS\SYSTEM32\hdwwiz.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 205312 C:\WINDOWS\SYSTEM32\joy.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 902656 C:\WINDOWS\SYSTEM32\mmsys.cpl

Intel Corporation 2/7/2006 8:38:52 AM 81920 C:\WINDOWS\SYSTEM32\igfxcpl.cpl

Microsoft Corporation 8/7/2004 5:47:02 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl

Microsoft Corporation 8/7/2004 5:47:26 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl

Microsoft Corporation 8/7/2004 5:48:04 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl

10/1/2003 1:00:00 AM 6151 C:\WINDOWS\SYSTEM32\txp3.cpl

9/4/2004 6:45:56 AM 172032 C:\WINDOWS\SYSTEM32\LClock.cpl

Sun Microsystems 4/20/2002 11:39:12 PM 45175 C:\WINDOWS\SYSTEM32\plugincpl140_01.cpl

Teleca Software Solutions AB 9/20/2004 1:09:04 PM 344064 C:\WINDOWS\SYSTEM32\ecsepm.cpl

?????????? ?????????? 8/17/2004 4:05:12 PM 138752 C:\WINDOWS\SYSTEM32\dllcache\access.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 678912 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 136704 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 606208 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 403968 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 205824 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl

?????????? ?????????? 10/20/2001 4:00:00 AM 964096 C:\WINDOWS\SYSTEM32\dllcache\main.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 904704 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl

?????????? ?????????? 10/20/2001 4:00:00 AM 303104 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 407040 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 380928 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl

?????????? ?????????? 1/8/2006 1:57:44 PM 1007104 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl

?????????? ?????????? 10/20/2001 4:00:00 AM 98816 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 93696 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

Realtek Semiconductor Corp. 11/2/2005 2:54:08 PM 266240 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\RTSndMgr.CPL

Realtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\ALSNDMGR.CPL

Intel Corporation 9/20/2005 10:35:12 AM 77824 C:\WINDOWS\SYSTEM32\ReinstallBackups\0032\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

7/30/2006 10:57:58 PM 1661 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

8/5/2006 9:49:18 PM 681 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BTTray.lnk

12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini

2/28/2005 8:51:58 PM 797 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk

11/17/2005 10:12:40 PM 1547 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Phone Connection Monitor.lnk

6/17/2005 8:54:10 PM 1420 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\PowerMenu.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

12/29/2004 8:30:30 PM HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini

6/8/2006 12:56:06 AM 1356 C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...

12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\lovee\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...

3/11/2006 10:31:26 PM 875 C:\Documents and Settings\lovee\Application Data\AdobeDLM.log

12/2/2004 5:30:26 PM HS 62 C:\Documents and Settings\lovee\Application Data\desktop.ini

3/11/2006 10:31:26 PM 0 C:\Documents and Settings\lovee\Application Data\dm.ini

7/23/2006 9:34:48 AM 110640 C:\Documents and Settings\lovee\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware

{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files

{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With

{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu

{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\RExpCtx

{D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu

{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip

{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}

Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}

= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu

{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip

{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}

= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CMenuExtender

{ABC70703-32AF-11d4-90C4-D483A70F4825} = F:\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu

{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware

{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files

{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\RExpCtx

{D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing

{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip

{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7A5117B0-B594-4DA8-829D-D15BF11996F2}

= C:\Program Files\DAEMON Tools\awxDTools.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}

= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}

= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}

IeCatch5 Class = C:\PROGRA~1\FLASHGET\jccatch.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}

CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

&Tip of the Day = %SystemRoot%\system32\SHDOCVW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

{E0E899AB-F487-11D5-8D29-0050BA6940E3} = FlashGet Bar : C:\PROGRA~1\FLASHGET\fgiebar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA}

MenuText = Tri&xie Options... : C:\WINDOWS\system32\mscoree.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}

ButtonText = @btrez.dll,-4015 :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}

ButtonText = FlashGet : C:\PROGRA~1\FLASHGET\flashget.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}

ButtonText = Yahoo! Messenger : C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser

{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll

{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

SoundMan SOUNDMAN.EXE

AlcWzrd ALCWZRD.EXE

Alcmtr ALCMTR.EXE

igfxtray C:\WINDOWS\system32\igfxtray.exe

igfxhkcmd C:\WINDOWS\system32\hkcmd.exe

igfxpers C:\WINDOWS\system32\igfxpers.exe

Sunkist2k C:\Program Files\Multimedia Card Reader\shwicon2k.exe

NeroFilterCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Sony Ericsson PC Suite "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

BigDogPath C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)

QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

IMAIL Installed = 1

MAPI Installed = 1

MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk

backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup

location Common Startup

item InterVideo Scheduler server

backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup

location Common Startup

item InterVideo Scheduler server

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk

backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE

item InterVideo WinCinema Manager

backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE

item InterVideo WinCinema Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk

backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l

item Microsoft Office

backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l

item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 Detect.lnk

backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE

item PCSuiteForNokia6600 Detect

backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE

item PCSuiteForNokia6600 Detect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 TS.lnk

backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE

item PCSuiteForNokia6600 TS

backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE

item PCSuiteForNokia6600 TS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^lovee^Start Menu^Programs^Startup^Styler.exe.lnk

path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk

backup C:\WINDOWS\pss\Styler.exe.lnkStartup

location Startup

command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe

item Styler.exe

path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk

backup C:\WINDOWS\pss\Styler.exe.lnkStartup

location Startup

command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe

item Styler.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item

hkey HKLM

command

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alcmtr

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ALCMTR

hkey HKLM

command ALCMTR.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ALCMTR

hkey HKLM

command ALCMTR.EXE

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcWzrd

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ALCWZRD

hkey HKLM

command ALCWZRD.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ALCWZRD

hkey HKLM

command ALCWZRD.EXE

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DataLayer

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item DATALA~1

hkey HKLM

command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item DATALA~1

hkey HKLM

command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DirectX shell driver

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item sammp32

hkey HKCU

command C:\WINDOWS\sammp32.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item sammp32

hkey HKCU

command C:\WINDOWS\sammp32.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FastTVSync

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item FastTVSync

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item FastTVSync

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hkt

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item hkt

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item hkt

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Internet Optimizer

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item optimize

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item optimize

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IST Service

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item istsvc

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item istsvc

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item isuspm

hkey HKLM

command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item isuspm

hkey HKLM

command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item issch

hkey HKLM

command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item issch

hkey HKLM

command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Kgmh

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item gufbjg

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item gufbjg

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Access

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item MediaAccK

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item MediaAccK

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\New.net Startup

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item NEWDOT~1

hkey HKLM

command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item NEWDOT~1

hkey HKLM

command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSuiteTrayApplication

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item TRAYAP~1

hkey HKLM

command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item TRAYAP~1

hkey HKLM

command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Scan

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item powerscan

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item powerscan

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item qttask

hkey HKLM

command "C:\Program Files\QuickTime\qttask.exe" -atboottime

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item qttask

hkey HKLM

command "C:\Program Files\QuickTime\qttask.exe" -atboottime

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\saap

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item saap

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item saap

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item realsched

hkey HKLM

command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item realsched

hkey HKLM

command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tSd6bm

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item oypjl

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item oypjl

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item dumprep 0 -u

hkey HKLM

command %systemroot%\system32\dumprep 0 -u

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item dumprep 0 -u

hkey HKLM

command %systemroot%\system32\dumprep 0 -u

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebRebates0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item WebRebates0

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item WebRebates0

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\zufo

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item zufom

hkey HKCU

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item zufom

hkey HKCU

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

system.ini 0

win.ini 2

bootini 2

services 0

startup 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

UseDesktopIniCache 1

NoCDBurning 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

UpdateManager C:\Program Files\Common Files\Microsoft Shared\MSEnv\vers_man.exe.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID

{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL

{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =

{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policie

Link to post
Share on other sites

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600

Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

UPX! 7/5/2005 11:54:28 AM 184 C:\win.txt

PEC2 7/5/2005 11:54:28 AM 184 C:\win.txt

FSG! 7/5/2005 11:55:06 AM 30 C:\windows.txt

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Items found in C:\WINDOWS\hosts

Checking %System% folder...

PEC2 10/4/2001 7:13:42 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc

aspack 7/7/2006 6:51:46 AM 6757792 C:\WINDOWS\SYSTEM32\MRT.exe

PEC2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dll

PECompact2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dll

winsync 10/4/2001 7:16:34 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

aspack 6/20/2004 5:07:00 AM 61440 C:\WINDOWS\SYSTEM32\APCORE.DLL

aspack 2/2/2006 4:14:00 PM 53248 C:\WINDOWS\SYSTEM32\suppdll.dll

Umonitor 8/4/2004 1:26:44 PM 657408 C:\WINDOWS\SYSTEM32\rasdlg.dll

aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll

aspack 12/5/2005 6:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll

aspack 2/3/2006 8:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll

aspack 3/31/2006 12:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll

aspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll

aspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll

aspack 8/4/2004 1:26:36 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll

PTech 5/1/2006 4:57:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL

UPX! 7/23/2001 8:29:32 AM 552960 C:\WINDOWS\SYSTEM32\saxzip.ocx

UPX! 12/19/2004 11:00:00 PM 111104 C:\WINDOWS\SYSTEM32\Uharc.exe

Checking %System%\Drivers folder and sub-folders...

PTech 6/10/2004 3:57:20 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...

8/13/2006 11:26:10 PM S 2048 C:\WINDOWS\bootstat.dat

8/13/2006 11:24:18 PM H 1667072 C:\WINDOWS\system32\config\system.LOG

8/13/2006 11:24:16 PM H 147456 C:\WINDOWS\system32\config\software.LOG

8/13/2006 11:24:16 PM H 8192 C:\WINDOWS\system32\config\default.LOG

8/13/2006 11:26:30 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG

8/13/2006 11:26:10 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG

7/15/2006 3:01:42 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\ReinstallBackups\0030\DriverFiles\w810mdm.cat

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem55.CAT

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem56.CAT

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem57.CAT

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem58.CAT

7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem59.CAT

7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem60.CAT

7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem61.CAT

7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem63.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem64.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem65.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem66.CAT

7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem67.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem68.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem69.CAT

7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem70.CAT

7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem71.CAT

7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem72.CAT

7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem73.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem74.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem75.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem76.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem77.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem78.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem79.CAT

7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem80.CAT

7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem81.CAT

7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem82.CAT

7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem83.CAT

7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem84.CAT

7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem85.CAT

7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem86.CAT

7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem87.CAT

7/4/2006 8:59:14 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem88.CAT

7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem89.CAT

7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem90.CAT

7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem91.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem92.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem93.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem94.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem95.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem96.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem97.CAT

7/4/2006 8:59:16 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem98.CAT

7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem99.CAT

7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem100.CAT

7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem101.CAT

7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem102.CAT

7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem103.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem104.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem105.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem106.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem107.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem108.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem109.CAT

7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem110.CAT

7/4/2006 8:59:18 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem111.CAT

7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem112.CAT

7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem113.CAT

7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem114.CAT

7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem115.CAT

7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem116.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem117.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem118.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem119.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem120.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem121.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem122.CAT

7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem123.CAT

7/4/2006 8:59:18 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem124.CAT

7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem125.CAT

7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem126.CAT

7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem127.CAT

7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem128.CAT

7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem129.CAT

7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem130.CAT

7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem131.CAT

7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem132.CAT

7/4/2006 8:59:18 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem133.CAT

7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem134.CAT

7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem135.CAT

7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem136.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem137.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem138.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem139.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem140.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem141.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem142.CAT

7/4/2006 8:59:20 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem143.CAT

7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem144.CAT

7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem145.CAT

7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem146.CAT

7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem147.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem148.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem149.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem150.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem151.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem152.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem153.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem154.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem155.CAT

7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem156.CAT

7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem157.CAT

7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem158.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem159.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem160.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem161.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem162.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem163.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem164.CAT

7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem165.CAT

7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem166.CAT

7/4/2006 8:59:20 PM S 7415 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem167.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem168.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem169.CAT

7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem170.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem171.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem172.CAT

7/4/2006 8:59:22 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem173.CAT

7/4/2006 8:59:22 PM S 9712 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem174.CAT

7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem175.CAT

7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem176.CAT

7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem177.CAT

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem178.CAT

8/5/2006 9:59:16 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred

8/5/2006 9:59:16 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\000f2e23-7d1d-40aa-894c-2b3773ddcf53

7/30/2006 12:37:44 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred

7/30/2006 12:37:44 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3bb7f969-74cc-4395-bab3-1b9dcb42498e

8/13/2006 11:24:10 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...

7/29/2004 12:56:00 PM 221184 C:\WINDOWS\SYSTEM32\cttune.cpl

Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 230400 C:\WINDOWS\SYSTEM32\timedate.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 266240 C:\WINDOWS\SYSTEM32\intl.cpl

Microsoft Corporation 1/18/2006 6:11:42 AM 3028992 C:\WINDOWS\SYSTEM32\inetcpl.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl

Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl

Microsoft Corporation 10/4/2001 7:15:34 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl

InstallShield Software Corporation8/9/2004 6:04:02 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 403968 C:\WINDOWS\SYSTEM32\nusrmgr.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\powercfg.cpl

12/10/2004 10:47:44 AM 53248 C:\WINDOWS\SYSTEM32\vp6dec_settings.cpl

Microsoft Corporation 9/30/2004 3:47:14 PM 135168 C:\WINDOWS\SYSTEM32\directx.cpl

12/29/2002 4:44:38 AM 81920 C:\WINDOWS\SYSTEM32\startup.cpl

WIDCOMM, Inc. 10/15/2003 1:47:28 PM 245819 C:\WINDOWS\SYSTEM32\btcpl.cpl

Realtek Semiconductor Corp. 1/10/2006 1:58:40 PM 266240 C:\WINDOWS\SYSTEM32\RTSndMgr.Cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 471040 C:\WINDOWS\SYSTEM32\sysdm.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 654848 C:\WINDOWS\SYSTEM32\appwiz.cpl

Realtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ALSndMgr.Cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 470528 C:\WINDOWS\SYSTEM32\hdwwiz.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 205312 C:\WINDOWS\SYSTEM32\joy.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 902656 C:\WINDOWS\SYSTEM32\mmsys.cpl

Intel Corporation 2/7/2006 8:38:52 AM 81920 C:\WINDOWS\SYSTEM32\igfxcpl.cpl

Microsoft Corporation 8/7/2004 5:47:02 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl

Microsoft Corporation 8/7/2004 5:47:26 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl

Microsoft Corporation 8/7/2004 5:48:04 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl

10/1/2003 1:00:00 AM 6151 C:\WINDOWS\SYSTEM32\txp3.cpl

9/4/2004 6:45:56 AM 172032 C:\WINDOWS\SYSTEM32\LClock.cpl

Sun Microsystems 4/20/2002 11:39:12 PM 45175 C:\WINDOWS\SYSTEM32\plugincpl140_01.cpl

Teleca Software Solutions AB 9/20/2004 1:09:04 PM 344064 C:\WINDOWS\SYSTEM32\ecsepm.cpl

?????????? ?????????? 8/17/2004 4:05:12 PM 138752 C:\WINDOWS\SYSTEM32\dllcache\access.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 678912 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 136704 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 606208 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 403968 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 205824 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl

?????????? ?????????? 10/20/2001 4:00:00 AM 964096 C:\WINDOWS\SYSTEM32\dllcache\main.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 904704 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl

?????????? ?????????? 10/20/2001 4:00:00 AM 303104 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 407040 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 380928 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl

?????????? ?????????? 1/8/2006 1:57:44 PM 1007104 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl

?????????? ?????????? 10/20/2001 4:00:00 AM 98816 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 93696 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

Realtek Semiconductor Corp. 11/2/2005 2:54:08 PM 266240 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\RTSndMgr.CPL

Realtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\ALSNDMGR.CPL

Intel Corporation 9/20/2005 10:35:12 AM 77824 C:\WINDOWS\SYSTEM32\ReinstallBackups\0032\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

7/30/2006 10:57:58 PM 1661 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

8/5/2006 9:49:18 PM 681 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BTTray.lnk

12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini

2/28/2005 8:51:58 PM 797 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk

11/17/2005 10:12:40 PM 1547 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Phone Connection Monitor.lnk

6/17/2005 8:54:10 PM 1420 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\PowerMenu.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

12/29/2004 8:30:30 PM HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini

6/8/2006 12:56:06 AM 1356 C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...

12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\lovee\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...

3/11/2006 10:31:26 PM 875 C:\Documents and Settings\lovee\Application Data\AdobeDLM.log

12/2/2004 5:30:26 PM HS 62 C:\Documents and Settings\lovee\Application Data\desktop.ini

3/11/2006 10:31:26 PM 0 C:\Documents and Settings\lovee\Application Data\dm.ini

7/23/2006 9:34:48 AM 110640 C:\Documents and Settings\lovee\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware

{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files

{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With

{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu

{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\RExpCtx

{D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu

{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip

{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}

Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}

= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu

{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip

{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}

= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CMenuExtender

{ABC70703-32AF-11d4-90C4-D483A70F4825} = F:\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu

{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware

{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files

{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\RExpCtx

{D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing

{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip

{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7A5117B0-B594-4DA8-829D-D15BF11996F2}

= C:\Program Files\DAEMON Tools\awxDTools.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}

= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}

= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}

IeCatch5 Class = C:\PROGRA~1\FLASHGET\jccatch.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}

CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

&Tip of the Day = %SystemRoot%\system32\SHDOCVW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

{E0E899AB-F487-11D5-8D29-0050BA6940E3} = FlashGet Bar : C:\PROGRA~1\FLASHGET\fgiebar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA}

MenuText = Tri&xie Options... : C:\WINDOWS\system32\mscoree.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}

ButtonText = @btrez.dll,-4015 :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}

ButtonText = FlashGet : C:\PROGRA~1\FLASHGET\flashget.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}

ButtonText = Yahoo! Messenger : C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser

{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll

{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

SoundMan SOUNDMAN.EXE

AlcWzrd ALCWZRD.EXE

Alcmtr ALCMTR.EXE

igfxtray C:\WINDOWS\system32\igfxtray.exe

igfxhkcmd C:\WINDOWS\system32\hkcmd.exe

igfxpers C:\WINDOWS\system32\igfxpers.exe

Sunkist2k C:\Program Files\Multimedia Card Reader\shwicon2k.exe

NeroFilterCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Sony Ericsson PC Suite "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

BigDogPath C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)

QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

IMAIL Installed = 1

MAPI Installed = 1

MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk

backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup

location Common Startup

item InterVideo Scheduler server

backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup

location Common Startup

item InterVideo Scheduler server

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk

backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE

item InterVideo WinCinema Manager

backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE

item InterVideo WinCinema Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk

backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l

item Microsoft Office

backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l

item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 Detect.lnk

backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE

item PCSuiteForNokia6600 Detect

backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE

item PCSuiteForNokia6600 Detect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 TS.lnk

backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE

item PCSuiteForNokia6600 TS

backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE

item PCSuiteForNokia6600 TS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^lovee^Start Menu^Programs^Startup^Styler.exe.lnk

path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk

backup C:\WINDOWS\pss\Styler.exe.lnkStartup

location Startup

command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe

item Styler.exe

path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk

backup C:\WINDOWS\pss\Styler.exe.lnkStartup

location Startup

command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe

item Styler.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item

hkey HKLM

command

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alcmtr

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ALCMTR

hkey HKLM

command ALCMTR.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ALCMTR

hkey HKLM

command ALCMTR.EXE

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcWzrd

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ALCWZRD

hkey HKLM

command ALCWZRD.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ALCWZRD

hkey HKLM

command ALCWZRD.EXE

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DataLayer

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item DATALA~1

hkey HKLM

command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item DATALA~1

hkey HKLM

command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DirectX shell driver

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item sammp32

hkey HKCU

command C:\WINDOWS\sammp32.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item sammp32

hkey HKCU

command C:\WINDOWS\sammp32.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FastTVSync

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item FastTVSync

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item FastTVSync

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hkt

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item hkt

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item hkt

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Internet Optimizer

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item optimize

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item optimize

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IST Service

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item istsvc

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item istsvc

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item isuspm

hkey HKLM

command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item isuspm

hkey HKLM

command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item issch

hkey HKLM

command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item issch

hkey HKLM

command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Kgmh

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item gufbjg

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item gufbjg

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Access

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item MediaAccK

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item MediaAccK

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\New.net Startup

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item NEWDOT~1

hkey HKLM

command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item NEWDOT~1

hkey HKLM

command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSuiteTrayApplication

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item TRAYAP~1

hkey HKLM

command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item TRAYAP~1

hkey HKLM

command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Scan

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item powerscan

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item powerscan

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item qttask

hkey HKLM

command "C:\Program Files\QuickTime\qttask.exe" -atboottime

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item qttask

hkey HKLM

command "C:\Program Files\QuickTime\qttask.exe" -atboottime

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\saap

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item saap

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item saap

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item realsched

hkey HKLM

command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item realsched

hkey HKLM

command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tSd6bm

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item oypjl

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item oypjl

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item dumprep 0 -u

hkey HKLM

command %systemroot%\system32\dumprep 0 -u

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item dumprep 0 -u

hkey HKLM

command %systemroot%\system32\dumprep 0 -u

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebRebates0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item WebRebates0

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item WebRebates0

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\zufo

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item zufom

hkey HKCU

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item zufom

hkey HKCU

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

system.ini 0

win.ini 2

bootini 2

services 0

startup 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

UseDesktopIniCache 1

NoCDBurning 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

UpdateManager C:\Program Files\Common Files\Microsoft Shared\MSEnv\vers_man.exe.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID

{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL

{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =

{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

dontdisplaylastusername 0

legalnoticecaption

legal

Link to post
Share on other sites

sorry abt the earlier post i did a fast reply n the whole log did'nt came thru so i'm postin it again.

sorry again..........

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600

Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

UPX! 7/5/2005 11:54:28 AM 184 C:\win.txt

PEC2 7/5/2005 11:54:28 AM 184 C:\win.txt

FSG! 7/5/2005 11:55:06 AM 30 C:\windows.txt

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Items found in C:\WINDOWS\hosts

Checking %System% folder...

PEC2 10/4/2001 7:13:42 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc

aspack 7/7/2006 6:51:46 AM 6757792 C:\WINDOWS\SYSTEM32\MRT.exe

PEC2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dll

PECompact2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dll

winsync 10/4/2001 7:16:34 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

aspack 6/20/2004 5:07:00 AM 61440 C:\WINDOWS\SYSTEM32\APCORE.DLL

aspack 2/2/2006 4:14:00 PM 53248 C:\WINDOWS\SYSTEM32\suppdll.dll

Umonitor 8/4/2004 1:26:44 PM 657408 C:\WINDOWS\SYSTEM32\rasdlg.dll

aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll

aspack 12/5/2005 6:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll

aspack 2/3/2006 8:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll

aspack 3/31/2006 12:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll

aspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll

aspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll

aspack 8/4/2004 1:26:36 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll

PTech 5/1/2006 4:57:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL

UPX! 7/23/2001 8:29:32 AM 552960 C:\WINDOWS\SYSTEM32\saxzip.ocx

UPX! 12/19/2004 11:00:00 PM 111104 C:\WINDOWS\SYSTEM32\Uharc.exe

Checking %System%\Drivers folder and sub-folders...

PTech 6/10/2004 3:57:20 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...

8/13/2006 11:26:10 PM S 2048 C:\WINDOWS\bootstat.dat

8/13/2006 11:24:18 PM H 1667072 C:\WINDOWS\system32\config\system.LOG

8/13/2006 11:24:16 PM H 147456 C:\WINDOWS\system32\config\software.LOG

8/13/2006 11:24:16 PM H 8192 C:\WINDOWS\system32\config\default.LOG

8/13/2006 11:26:30 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG

8/13/2006 11:26:10 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG

7/15/2006 3:01:42 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\ReinstallBackups\0030\DriverFiles\w810mdm.cat

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem55.CAT

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem56.CAT

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem57.CAT

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem58.CAT

7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem59.CAT

7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem60.CAT

7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem61.CAT

7/4/2006 8:59:12 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem63.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem64.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem65.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem66.CAT

7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem67.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem68.CAT

7/4/2006 8:59:12 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem69.CAT

7/4/2006 8:59:12 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem70.CAT

7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem71.CAT

7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem72.CAT

7/4/2006 8:59:14 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem73.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem74.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem75.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem76.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem77.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem78.CAT

7/4/2006 8:59:14 PM S 10695 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem79.CAT

7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem80.CAT

7/4/2006 8:59:14 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem81.CAT

7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem82.CAT

7/4/2006 8:59:14 PM S 13221 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem83.CAT

7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem84.CAT

7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem85.CAT

7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem86.CAT

7/4/2006 8:59:14 PM S 12796 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem87.CAT

7/4/2006 8:59:14 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem88.CAT

7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem89.CAT

7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem90.CAT

7/4/2006 8:59:16 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem91.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem92.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem93.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem94.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem95.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem96.CAT

7/4/2006 8:59:16 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem97.CAT

7/4/2006 8:59:16 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem98.CAT

7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem99.CAT

7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem100.CAT

7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem101.CAT

7/4/2006 8:59:16 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem102.CAT

7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem103.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem104.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem105.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem106.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem107.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem108.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem109.CAT

7/4/2006 8:59:16 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem110.CAT

7/4/2006 8:59:18 PM S 9853 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem111.CAT

7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem112.CAT

7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem113.CAT

7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem114.CAT

7/4/2006 8:59:18 PM S 13223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem115.CAT

7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem116.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem117.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem118.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem119.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem120.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem121.CAT

7/4/2006 8:59:18 PM S 12798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem122.CAT

7/4/2006 8:59:14 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem123.CAT

7/4/2006 8:59:18 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem124.CAT

7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem125.CAT

7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem126.CAT

7/4/2006 8:59:18 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem127.CAT

7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem128.CAT

7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem129.CAT

7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem130.CAT

7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem131.CAT

7/4/2006 8:59:18 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem132.CAT

7/4/2006 8:59:18 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem133.CAT

7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem134.CAT

7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem135.CAT

7/4/2006 8:59:18 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem136.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem137.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem138.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem139.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem140.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem141.CAT

7/4/2006 8:59:18 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem142.CAT

7/4/2006 8:59:20 PM S 9720 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem143.CAT

7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem144.CAT

7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem145.CAT

7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem146.CAT

7/4/2006 8:59:20 PM S 13090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem147.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem148.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem149.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem150.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem151.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem152.CAT

7/4/2006 8:59:20 PM S 12665 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem153.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem154.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem155.CAT

7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem156.CAT

7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem157.CAT

7/4/2006 8:59:20 PM S 13215 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem158.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem159.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem160.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem161.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem162.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem163.CAT

7/4/2006 8:59:20 PM S 12790 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem164.CAT

7/4/2006 8:59:20 PM S 9845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem165.CAT

7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem166.CAT

7/4/2006 8:59:20 PM S 7415 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem167.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem168.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem169.CAT

7/4/2006 8:59:20 PM S 7417 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem170.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem171.CAT

7/4/2006 8:59:20 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem172.CAT

7/4/2006 8:59:22 PM S 7425 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem173.CAT

7/4/2006 8:59:22 PM S 9712 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem174.CAT

7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem175.CAT

7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem176.CAT

7/4/2006 8:59:22 PM S 13082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem177.CAT

7/4/2006 8:59:22 PM S 12657 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem178.CAT

8/5/2006 9:59:16 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred

8/5/2006 9:59:16 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\000f2e23-7d1d-40aa-894c-2b3773ddcf53

7/30/2006 12:37:44 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred

7/30/2006 12:37:44 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3bb7f969-74cc-4395-bab3-1b9dcb42498e

8/13/2006 11:24:10 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...

7/29/2004 12:56:00 PM 221184 C:\WINDOWS\SYSTEM32\cttune.cpl

Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 230400 C:\WINDOWS\SYSTEM32\timedate.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 266240 C:\WINDOWS\SYSTEM32\intl.cpl

Microsoft Corporation 1/18/2006 6:11:42 AM 3028992 C:\WINDOWS\SYSTEM32\inetcpl.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl

Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl

Microsoft Corporation 10/4/2001 7:15:34 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl

InstallShield Software Corporation8/9/2004 6:04:02 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 403968 C:\WINDOWS\SYSTEM32\nusrmgr.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 380416 C:\WINDOWS\SYSTEM32\powercfg.cpl

12/10/2004 10:47:44 AM 53248 C:\WINDOWS\SYSTEM32\vp6dec_settings.cpl

Microsoft Corporation 9/30/2004 3:47:14 PM 135168 C:\WINDOWS\SYSTEM32\directx.cpl

12/29/2002 4:44:38 AM 81920 C:\WINDOWS\SYSTEM32\startup.cpl

WIDCOMM, Inc. 10/15/2003 1:47:28 PM 245819 C:\WINDOWS\SYSTEM32\btcpl.cpl

Realtek Semiconductor Corp. 1/10/2006 1:58:40 PM 266240 C:\WINDOWS\SYSTEM32\RTSndMgr.Cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 471040 C:\WINDOWS\SYSTEM32\sysdm.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 654848 C:\WINDOWS\SYSTEM32\appwiz.cpl

Realtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ALSndMgr.Cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 470528 C:\WINDOWS\SYSTEM32\hdwwiz.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 205312 C:\WINDOWS\SYSTEM32\joy.cpl

Microsoft Corporation 8/4/2004 1:26:58 PM 902656 C:\WINDOWS\SYSTEM32\mmsys.cpl

Intel Corporation 2/7/2006 8:38:52 AM 81920 C:\WINDOWS\SYSTEM32\igfxcpl.cpl

Microsoft Corporation 8/7/2004 5:47:02 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl

Microsoft Corporation 8/7/2004 5:47:26 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl

Microsoft Corporation 8/7/2004 5:48:04 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl

10/1/2003 1:00:00 AM 6151 C:\WINDOWS\SYSTEM32\txp3.cpl

9/4/2004 6:45:56 AM 172032 C:\WINDOWS\SYSTEM32\LClock.cpl

Sun Microsystems 4/20/2002 11:39:12 PM 45175 C:\WINDOWS\SYSTEM32\plugincpl140_01.cpl

Teleca Software Solutions AB 9/20/2004 1:09:04 PM 344064 C:\WINDOWS\SYSTEM32\ecsepm.cpl

?????????? ?????????? 8/17/2004 4:05:12 PM 138752 C:\WINDOWS\SYSTEM32\dllcache\access.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 678912 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 136704 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 606208 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 403968 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 205824 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl

?????????? ?????????? 10/20/2001 4:00:00 AM 964096 C:\WINDOWS\SYSTEM32\dllcache\main.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 904704 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl

?????????? ?????????? 10/20/2001 4:00:00 AM 303104 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 407040 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 380928 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl

?????????? ?????????? 1/8/2006 1:57:44 PM 1007104 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl

?????????? ?????????? 10/20/2001 4:00:00 AM 98816 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

?????????? ?????????? 8/17/2004 3:05:12 PM 93696 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

Realtek Semiconductor Corp. 11/2/2005 2:54:08 PM 266240 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\RTSndMgr.CPL

Realtek Semiconductor Corp. 9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ReinstallBackups\0031\DriverFiles\ALSNDMGR.CPL

Intel Corporation 9/20/2005 10:35:12 AM 77824 C:\WINDOWS\SYSTEM32\ReinstallBackups\0032\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

7/30/2006 10:57:58 PM 1661 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

8/5/2006 9:49:18 PM 681 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BTTray.lnk

12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini

2/28/2005 8:51:58 PM 797 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk

11/17/2005 10:12:40 PM 1547 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Phone Connection Monitor.lnk

6/17/2005 8:54:10 PM 1420 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\PowerMenu.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

12/29/2004 8:30:30 PM HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini

6/8/2006 12:56:06 AM 1356 C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...

12/29/2004 8:37:34 PM HS 84 C:\Documents and Settings\lovee\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...

3/11/2006 10:31:26 PM 875 C:\Documents and Settings\lovee\Application Data\AdobeDLM.log

12/2/2004 5:30:26 PM HS 62 C:\Documents and Settings\lovee\Application Data\desktop.ini

3/11/2006 10:31:26 PM 0 C:\Documents and Settings\lovee\Application Data\dm.ini

7/23/2006 9:34:48 AM 110640 C:\Documents and Settings\lovee\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware

{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files

{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With

{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu

{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\RExpCtx

{D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu

{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip

{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}

Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}

= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu

{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip

{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}

= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CMenuExtender

{ABC70703-32AF-11d4-90C4-D483A70F4825} = F:\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu

{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware

{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files

{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\RExpCtx

{D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Program files\Resco\Pocket Encryption\RExpCtx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing

{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip

{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7A5117B0-B594-4DA8-829D-D15BF11996F2}

= C:\Program Files\DAEMON Tools\awxDTools.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}

= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}

= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}

IeCatch5 Class = C:\PROGRA~1\FLASHGET\jccatch.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}

CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

&Tip of the Day = %SystemRoot%\system32\SHDOCVW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

{E0E899AB-F487-11D5-8D29-0050BA6940E3} = FlashGet Bar : C:\PROGRA~1\FLASHGET\fgiebar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA}

MenuText = Tri&xie Options... : C:\WINDOWS\system32\mscoree.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}

ButtonText = @btrez.dll,-4015 :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}

ButtonText = FlashGet : C:\PROGRA~1\FLASHGET\flashget.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}

ButtonText = Yahoo! Messenger : C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser

{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll

{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

SoundMan SOUNDMAN.EXE

AlcWzrd ALCWZRD.EXE

Alcmtr ALCMTR.EXE

igfxtray C:\WINDOWS\system32\igfxtray.exe

igfxhkcmd C:\WINDOWS\system32\hkcmd.exe

igfxpers C:\WINDOWS\system32\igfxpers.exe

Sunkist2k C:\Program Files\Multimedia Card Reader\shwicon2k.exe

NeroFilterCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Sony Ericsson PC Suite "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

BigDogPath C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)

QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

IMAIL Installed = 1

MAPI Installed = 1

MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk

backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup

location Common Startup

item InterVideo Scheduler server

backup C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup

location Common Startup

item InterVideo Scheduler server

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk

backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE

item InterVideo WinCinema Manager

backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE

item InterVideo WinCinema Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk

backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l

item Microsoft Office

backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l

item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 Detect.lnk

backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE

item PCSuiteForNokia6600 Detect

backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE

item PCSuiteForNokia6600 Detect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PCSuiteForNokia6600 TS.lnk

backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE

item PCSuiteForNokia6600 TS

backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE

item PCSuiteForNokia6600 TS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^lovee^Start Menu^Programs^Startup^Styler.exe.lnk

path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk

backup C:\WINDOWS\pss\Styler.exe.lnkStartup

location Startup

command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe

item Styler.exe

path C:\Documents and Settings\lovee\Start Menu\Programs\Startup\Styler.exe.lnk

backup C:\WINDOWS\pss\Styler.exe.lnkStartup

location Startup

command C:\PROGRA~1\ALLEGA~1\Vista\Styler.exe

item Styler.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item

hkey HKLM

command

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alcmtr

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ALCMTR

hkey HKLM

command ALCMTR.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ALCMTR

hkey HKLM

command ALCMTR.EXE

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcWzrd

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ALCWZRD

hkey HKLM

command ALCWZRD.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ALCWZRD

hkey HKLM

command ALCWZRD.EXE

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DataLayer

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item DATALA~1

hkey HKLM

command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item DATALA~1

hkey HKLM

command C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DirectX shell driver

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item sammp32

hkey HKCU

command C:\WINDOWS\sammp32.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item sammp32

hkey HKCU

command C:\WINDOWS\sammp32.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FastTVSync

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item FastTVSync

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item FastTVSync

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hkt

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item hkt

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item hkt

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Internet Optimizer

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item optimize

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item optimize

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IST Service

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item istsvc

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item istsvc

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item isuspm

hkey HKLM

command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item isuspm

hkey HKLM

command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item issch

hkey HKLM

command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item issch

hkey HKLM

command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Kgmh

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item gufbjg

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item gufbjg

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Access

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item MediaAccK

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item MediaAccK

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\New.net Startup

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item NEWDOT~1

hkey HKLM

command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item NEWDOT~1

hkey HKLM

command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSuiteTrayApplication

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item TRAYAP~1

hkey HKLM

command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item TRAYAP~1

hkey HKLM

command C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Scan

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item powerscan

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item powerscan

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item qttask

hkey HKLM

command "C:\Program Files\QuickTime\qttask.exe" -atboottime

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item qttask

hkey HKLM

command "C:\Program Files\QuickTime\qttask.exe" -atboottime

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\saap

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item saap

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item saap

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item realsched

hkey HKLM

command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item realsched

hkey HKLM

command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tSd6bm

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item oypjl

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item oypjl

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item dumprep 0 -u

hkey HKLM

command %systemroot%\system32\dumprep 0 -u

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item dumprep 0 -u

hkey HKLM

command %systemroot%\system32\dumprep 0 -u

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebRebates0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item WebRebates0

hkey HKLM

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item WebRebates0

hkey HKLM

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\zufo

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item zufom

hkey HKCU

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item zufom

hkey HKCU

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

system.ini 0

win.ini 2

bootini 2

services 0

startup 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

UseDesktopIniCache 1

NoCDBurning 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

UpdateManager C:\Program Files\Common Files\Microsoft Shared\MSEnv\vers_man.exe.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID

{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL

{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =

{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACH

Edited by jassuji
Link to post
Share on other sites

sorry m8 for replyin too late but i had to reinstall windows but i still can't open up hotmail,msn,microsoft n another new site i found messenger.yahoo.com.

all these sites say website found waiting for reply but never load at all???????

if u can help me with this problem i'd be really obliged

Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 1:28:13 AM, on 8/19/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\VM_STI.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\system32\taskswitch.exe

C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\PowerMenu\PowerMenu.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Media Player\wmplayer.exe

c:\unzipped\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...