Thanks....... here are the logs
ARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
PEC2 23/08/2001 12:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
winsync 23/08/2001 12:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
aspack 03/08/2004 22:56:38 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
UPX! 30/10/2005 20:49:02 42496 C:\WINDOWS\SYSTEM32\swreg.exe
UPX! 01/09/2004 14:49:56 284672 C:\WINDOWS\SYSTEM32\avisynth.dll
Umonitor 03/08/2004 22:56:46 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
PTech 10/04/2006 13:00:34 555824 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
UPX! 15/05/2004 16:10:42 75264 C:\WINDOWS\SYSTEM32\MACDec.dll
UPX! 19/06/2004 18:28:44 177152 C:\WINDOWS\SYSTEM32\MonkeySource.ax
PECompact2 06/04/2006 20:48:38 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 06/04/2006 20:48:38 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
06/05/2006 08:20:16 S 2048 C:\WINDOWS\bootstat.dat
06/05/2006 08:21:54 H 1024 C:\WINDOWS\system32\config\system.LOG
06/05/2006 08:32:46 H 1024 C:\WINDOWS\system32\config\software.LOG
06/05/2006 08:21:44 H 1024 C:\WINDOWS\system32\config\default.LOG
06/05/2006 08:20:18 H 1024 C:\WINDOWS\system32\config\SAM.LOG
06/05/2006 08:30:48 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
16/04/2006 18:43:26 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
03/05/2006 01:29:44 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\cf306f4a-1ec9-454d-b76d-e645ecb6284d
03/05/2006 01:29:44 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
17/03/2006 20:33:52 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
17/03/2006 20:33:52 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\89a53feb-7523-4607-8e79-58d81f9744fc
17/03/2006 10:24:26 S 12455 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911567.cat
30/03/2006 11:03:56 S 22339 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat
23/03/2006 07:15:38 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911562.cat
23/03/2006 00:17:30 S 14054 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat
13/03/2006 16:45:34 S 7898 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911565.cat
10/04/2006 13:01:22 S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
06/05/2006 08:20:20 H 6 C:\WINDOWS\Tasks\SA.DAT
05/05/2006 09:17:02 H 30 C:\WINDOWS\temp\CSA655EB9A-1741-4FD9-B7AD-70C52544E1E7.tmp
05/05/2006 09:17:02 H 0 C:\WINDOWS\temp\CSA0FACC1C-4AE3-4052-B148-84B03FC1783A.tmp
05/05/2006 09:17:02 H 0 C:\WINDOWS\temp\CS9542097D-B1B0-4752-9AFD-02E454AACB2E.tmp
05/05/2006 09:17:02 H 1898904 C:\WINDOWS\temp\CS445D907A-0947-45DC-9C7F-379525423D61.tmp
05/05/2006 09:17:02 H 1143806 C:\WINDOWS\temp\CS69CB00F5-42A1-4A3A-87A1-9199FD2976F1.tmp
05/05/2006 09:17:02 H 1474562 C:\WINDOWS\temp\CS936BAB1F-83A6-4D3A-8AA7-DB7C51EFBF4D.tmp
05/05/2006 09:17:02 H 80360 C:\WINDOWS\temp\CSCAFB020C-3515-44E4-B3BD-243FC78B6E6E.tmp
05/05/2006 09:17:02 H 292618 C:\WINDOWS\temp\CS21CE5929-A6DA-45DA-B681-8B5E52DDC633.tmp
05/05/2006 09:17:02 H 22032 C:\WINDOWS\temp\CS6A3465AE-6B87-4064-A085-21FA17F133D0.tmp
05/05/2006 09:17:02 H 0 C:\WINDOWS\temp\CSFEEFB0F0-71AE-4719-94EF-A9117A963FEB.tmp
05/05/2006 09:17:02 H 1193738 C:\WINDOWS\temp\CS5E6F9D5B-276E-4EB3-B5B6-6FA81A520528.tmp
05/05/2006 09:17:02 H 682 C:\WINDOWS\temp\CS45D87A9C-8018-4CC5-A5C6-F4F355439DD3.tmp
05/05/2006 09:17:02 H 228 C:\WINDOWS\temp\CSA3EB5E83-7AE7-4B4D-978E-B69163604315.tmp
05/05/2006 09:17:02 H 0 C:\WINDOWS\temp\CS54F3FDC1-45F8-4A8A-AA09-DC0509B05E29.tmp
05/05/2006 09:17:02 H 3249 C:\WINDOWS\temp\CSDCB86D5B-D6B0-4CB5-8360-6E6235615E1B.tmp
05/05/2006 09:17:02 H 160 C:\WINDOWS\temp\CS3C520FFD-8546-47BA-BB83-55CCC6115981.tmp
05/05/2006 09:17:02 H 5568 C:\WINDOWS\temp\CS316735B0-DCBA-4EF0-804C-F7D5DBA7F7C8.tmp
05/05/2006 09:17:02 H 63296 C:\WINDOWS\temp\CS6D60E116-142E-4234-B5F9-0705E88FB4C6.tmp
05/05/2006 09:17:02 H 180 C:\WINDOWS\temp\CS3DE8B1FB-2BD5-4D55-8E4B-783BADADABBB.tmp
05/05/2006 09:17:02 H 1062 C:\WINDOWS\temp\CS86C5FA2A-69E2-4252-9469-17F10BB0A97A.tmp
05/05/2006 09:17:02 H 126 C:\WINDOWS\temp\CSB4920EA8-7BD6-49C3-BD15-555466C5FB24.tmp
05/05/2006 09:17:02 H 32 C:\WINDOWS\temp\CSDE6B2179-A5D0-4FA4-BF79-F601C660EE4E.tmp
05/05/2006 09:17:02 H 934 C:\WINDOWS\temp\CS504ADCB3-2F93-4AD8-BEB2-DF12F6667BD9.tmp
05/05/2006 09:17:02 H 1276830 C:\WINDOWS\temp\CS1621564E-4087-45B4-806C-FE07131268DE.tmp
05/05/2006 09:17:02 H 591862 C:\WINDOWS\temp\CS217F2A73-9F76-4C9B-89D4-531A882BE7DD.tmp
05/05/2006 09:17:02 H 998134 C:\WINDOWS\temp\CS4331429A-1526-4FEF-A4E1-202C3AB7DE7A.tmp
05/05/2006 09:17:02 H 512876 C:\WINDOWS\temp\CS5D053DA9-93AD-4F6F-830F-785B1F9ACBF8.tmp
05/05/2006 09:17:02 H 35638 C:\WINDOWS\temp\CS971E0168-ED3E-41A7-A1F3-E86437FEE208.tmp
05/05/2006 09:17:02 H 91830 C:\WINDOWS\temp\CS991446FE-4C0C-47BA-AD4C-9F301E75D7D5.tmp
05/05/2006 09:17:02 H 35144 C:\WINDOWS\temp\CSB54CFB74-893A-46A7-9D8F-3594C8C24734.tmp
05/05/2006 09:17:02 H 5044 C:\WINDOWS\temp\CS7D991B51-0325-47D1-8CE6-1B71A6F0AC49.tmp
05/05/2006 09:17:02 H 32768 C:\WINDOWS\temp\CS23D8CEA0-51B6-4E25-977A-16295E2E3845.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS8E2FF7B4-96B8-437B-9CCC-66417FAF2727.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSCBFD8F97-DD4D-4C4E-937A-9AACEA3936EE.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS9074F273-5DA1-4E06-8082-CAEAE2526F62.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS98B4E1B6-AEDE-4EF2-8D3D-3A4719FA018E.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS5458B86A-B577-4E32-B3B9-2964D27212A6.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS4B3CA94C-7ABD-4E6F-AC94-E257A2E44977.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSF87A6F79-964A-471B-9FA1-9C734F180095.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS3681DE87-B65C-417A-A9FE-5CAB99C9C478.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS01B1BCA5-2939-4433-A4A7-37B8C2BE721C.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSE98A474F-372E-4E89-9DC3-0724DC5C844D.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSC2306184-0D42-4426-A7C7-3F3648FAF8C6.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSF806744B-5441-4937-B70E-E1D751835F2A.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSA7F9B0E9-1FB2-416A-9D6F-B7F4CA8970CF.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSE7B1F360-DBDF-43C8-BC74-0C7B4A9BF057.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS8395000D-509E-499F-910B-5E422BBA8879.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS83D396A3-2EF8-41F0-A234-06E6A2F2AF22.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSAA5B2154-3C3F-471C-8DE4-4F71CFFF173A.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS702E4EDF-5784-4FDD-9998-84113C917D8B.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS5BF99DF0-CD9C-4459-BAA9-00F8D5558847.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS6C592E8F-5C71-4F67-866B-035DE63971D7.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS6DB03FAD-F85C-49E8-86C5-B87BAB973FA3.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS15501712-50E1-4490-8836-26606855F1A6.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSCF49D468-49AF-450F-BB43-1CAC817A9119.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS3172B541-75A1-4D24-8D9B-024305D26D18.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS05E1B24E-468B-434C-8C69-D19DB23042DD.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSB018ACF8-9357-490E-9B78-12C753526DF3.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS74D14153-A308-4E12-9646-EAD84A6E33A2.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSB77D24E3-9E02-49BE-A774-D63EE5850EF7.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS6B3D79F1-00BF-4AEA-8851-D5152E05DA9A.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS5CDC6C94-BF79-441A-9E8A-B9621F929F41.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSEC520219-68C1-4422-9DB3-A8208780EE4A.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS96C976DF-1AE3-45E0-97CD-0953380E092C.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS228699F3-2284-4548-A121-506AA32FCFD4.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSA0133D72-FA0C-443F-A5C3-A2A7F7845E7E.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSDF092778-7099-469A-AD35-489AE2514FF1.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSBBA953E7-B0C1-4560-88C7-3EAFED218977.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSAE531043-C726-433C-9FE7-378C1E2BA1C4.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS28DDC135-DAB1-40A6-9F5E-185709F8CA57.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSA7302EA5-E352-4C05-8511-E9246DC3808A.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS3E3AB62D-7FBD-416F-8E52-FC6525A55B5F.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS8183D829-0866-47FC-A9C2-90C87AE92C95.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS6A5A30C2-80B4-4B8D-8965-BD3958704675.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS476977F0-350F-4F92-87CB-EC69993CCBBC.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS7E3A2C8D-90FC-4992-9C27-123CD8FD5E5C.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSC2179A03-E97C-4A68-B541-71BD70819EC1.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS46E0B56C-5BF2-41E4-A64C-D50465145F18.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS896D9ACB-AD13-4526-A78F-E0B6FC3B88B4.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSB9BE3801-1D2E-4B56-8C30-FDF878E35D9D.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS2882B85B-FF35-4242-8D33-B20D357205FF.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS99C66604-4130-45A5-9D55-C03EE1AADA9D.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSC6F42268-249D-4306-A1C9-1987F089FBE8.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS953374F6-F559-4072-AE46-DCAED9C0E6EA.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS6D0E38A8-3B4E-4682-A1C3-5FC803B47811.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS28BB3232-1780-4772-B276-DC58063BFBEE.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSDA592163-3C34-4BAE-B968-E0192F87DE58.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSBCE96297-F72D-451B-ACB4-E4763394969A.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS40EB4AFA-52C7-4688-A8D8-5F59927A327B.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSC16E0CB1-16AD-4229-8A7B-92B70415C215.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSB777FE0F-142D-42C0-8BCE-B44665ECA6DA.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS34217B75-7DA4-4FDF-A0E7-44B2A10788DA.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSCDD97BFB-6A99-4E97-A976-79C5FEF7A46D.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS670BC145-D49C-4845-A1D0-55DEB070114D.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS1940EAFA-DF36-44A6-B2ED-F560C953D68F.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS8928131A-9DAB-48E9-9099-F8658489BD67.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS22B891AB-D8B6-4288-8116-483EEB2A5D7B.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSEAB05F8D-FA58-4C04-A557-866D0EA2F699.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS855DDD2F-ADB4-45EE-9EE5-97B75C98282B.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS3B7F594D-F262-4056-86E8-428CB7B42820.tmp
05/05/2006 09:17:14 H 10 C:\WINDOWS\temp\CSE8E74FA4-EBC5-4342-ACAC-A5302CB5D7EA.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS3F004C9F-74DB-4D31-8CE1-5C9036501686.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS62E3CF05-1082-41FF-9D51-A1B76CD66F98.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSD214BDB4-9CF7-4A5B-85D5-86F76AEDFD7D.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSC68943C1-5E39-4977-BC9E-27EB7730D25C.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS1C428CAF-CA29-4AD3-B442-F6F632754814.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSD9A4F136-8175-49A2-A0AF-90D0271CC41B.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSFD1B54F8-5964-45A8-84E9-C09945FF5CC1.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSB9DB9627-7685-42E4-8C3C-B80FED41CC6D.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSF056EEBF-19E8-448B-9794-2F46CCA9027B.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS2BFCCF7E-B7DC-45D3-ADB3-B1A19F1CE760.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS7EB859EE-4113-48AE-8EF0-484427B6F463.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSC10E09BC-49CD-4579-8A4B-97467775A0BE.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSBF8495E3-282D-41E0-BC2A-8178FEB1DB19.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSF1539FC5-D964-4C86-8B8D-E189ED04E52E.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS5E8C589E-BFB0-4E3B-A8D5-56366C1B4ADF.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSCB64AC32-EC63-477C-8418-40A2A3967AAE.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS94D2652B-C0FA-4E06-B115-CAE69F53CFBB.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS905FB166-A89D-412C-92E7-DAB84AB7BC44.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSBD6CFD9D-0945-44F5-A35D-FE886D1FA788.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS5AF81497-7636-4258-B3F0-AED71C88911F.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSA96E57B4-80CE-4A5F-82AA-5DDF36935E33.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSE4F35CDF-AF86-4503-B004-563505AF5D0C.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS09368866-E068-4C7F-8E0C-B805A7776560.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS39E46F1F-2442-45B9-887D-C374078FEC84.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSC48CDB75-884E-4768-9724-05CD4F358018.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS569595CF-EE00-4BC7-9BCE-C9779640976A.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS28D24CC7-E120-4434-B421-C34553EF1D44.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS46223FBA-D1E6-4314-A658-1277F3914ADF.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSDCE7D4C6-9D8C-418E-BC05-5E2C66C8F42E.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS35DA085F-3C86-4FEA-B523-DA7223E134CD.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS7FA65842-1FC1-4BB8-BEB1-181A4332A9FC.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSB79AF9D0-6C5F-44F7-BA4E-27C83DA0E6DA.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS14538C31-313B-4EE9-A6DB-0D79D07E41B9.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS55681284-7E26-4DE2-A0DA-B67752760CF6.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS5783DFEE-D7AB-4015-8D05-9600F3F79506.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSC2EB6570-D7E2-4792-8B12-541A0F85A201.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSB8863114-633F-4AAE-A44C-623688585CC1.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS1306DD35-F83E-4D0A-8292-EDC757249F25.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS97F95F5B-6F18-4FC3-9163-AC06493B9121.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS59ED9849-B99F-4C3B-9449-03E9E14885E9.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSCE21B0D0-39C8-43AC-970E-84D6323A2557.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS8666C917-F2FA-4DFF-81E7-ED2ADD833D24.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSD365A835-BB36-4159-9519-3DDE82AE675A.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS288E5BB9-3F1D-4845-A8D3-418A17C689F6.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS8385471F-0F04-4289-8A41-088BEF1953F4.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS447F1934-5379-4FA5-9EB5-77B943BBFA3F.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS624559E3-39A0-4892-B7BC-7FD2624198D7.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS7A29FEB3-998A-46E2-88DF-21304CE79772.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS7752641E-5D6B-4C14-8141-3A6E1DF01E13.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS76CAC67A-FDF2-45C0-9C71-D1F45D20D246.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS7D47A2A8-F8B6-4F13-AEEB-1FD44C3E6A59.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSF12D79E2-2CC0-4BB9-A9C1-04EBB5DE304A.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS4EE7CF31-D95E-4363-88A9-26C96D3A0633.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSD881E394-235E-4004-A17E-FF12A348BB73.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSAD11CBA0-BB9F-4B41-8283-02F647F45B87.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS86F5F1EA-3E66-446B-83AB-3C478F7FF013.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS7954C33C-CEFE-415F-B06D-4571B6DE3F6C.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS5E0BD685-A9AB-4C74-AFB5-1F7F621E9264.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS85B51E04-6354-45D4-9240-4DF79EC3512C.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS35600332-A64C-4126-9D46-FABE07F8CFF9.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSEB3B5656-15F6-4042-B7E5-EF0E74366360.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS5CB813CF-0BE3-4567-A638-F0BB56D64448.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSE698111C-59FF-49A3-BA8B-1285ADD1B64A.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS15781F87-8F55-44E1-9509-CBA6808BAE56.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSE7B50537-BE9B-47CF-A08A-669BA97F4907.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS371378FF-3077-43C0-8F42-786F53443A31.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS48BE5BAC-AA80-4E1C-B1C4-EB56D5FE4FEB.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS700696EE-3D30-47D7-99E5-173E578CEDBB.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS8ADFAFF8-FCF7-409D-8F5C-65DDF105AAEA.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS77FFCE86-4409-4586-9D75-8DCE12668388.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS5FC826E3-F5E7-4708-9F5B-F715ADA49270.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSFB5421F3-5ED1-40D7-9D78-6A8E42E8E651.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS4D124F05-1563-4A86-AD9C-4EA995E8FB5D.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS9C2A6E2A-05F8-470F-96E2-A8FADB801EB7.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS1707B476-DAC7-410A-9E67-BB02E9C4DB8D.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSFBA727C6-B2CE-4E58-9CBB-0AC7D4DA655E.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSB85D6879-EF79-4C05-8D93-5D2618639B9F.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSC56B4101-04AD-4457-84E1-FCC163CCB222.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS2D16869D-7F6D-426D-88DF-63582293D716.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS49A9F617-20CB-44A2-B4B2-0CDC81F41866.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSD096A46A-4B86-409C-B250-B15C346ADFFD.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSF98F4421-61E8-434D-A0FC-A8C7584823CF.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS4F12F5E8-D5E4-4F5E-9DFC-CA7EE692B249.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSBB172F0A-F5D9-4735-A0A1-0FB63B79F891.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS9F7183E1-D502-4B9A-BE6E-7014AE7D7C47.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSA5CA97CE-F6EC-4A05-B22B-EC7DABEDA95E.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSE7BC1783-9D0B-4FAC-8721-21D9CD98E17D.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS19850C8E-2E73-43EC-903C-989724D74298.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS068B2F11-53AC-45CD-A847-1A33F04A32EF.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSC76E2A10-A602-48D8-94E3-586066574B0B.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS0CFECBB0-E174-4D19-9D97-6A3BABB0EEEA.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS84CF528D-3925-4A9F-AC4F-FB6CE348C9BE.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSA7E01F59-6B0A-4F67-A148-2EB1691D7D16.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS102E2892-68EA-47D3-BF08-7066D346AEDA.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS6C348771-E60F-4C41-85A4-32CBF5A3C58E.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSFF555648-E260-4668-AEF6-0CB590FFC241.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS9D036E93-D077-40C8-882F-68D6EB2B88AA.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSEA3C1717-0EC7-4047-AF13-DF00EEB952A6.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSDFCDC86D-6AC8-4D7F-B1DD-1183B00E1F2F.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS9DBDA080-45B0-4C7F-8956-6262B39716CF.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS2DF2790A-375A-4C1C-9686-FED60BD4011A.tmp
Checking for CPL files...
Microsoft Corporation 23/08/2001 12:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 23/08/2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 23/08/2001 12:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Sun Microsystems, Inc. 10/11/2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 03/08/2004 22:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 03/08/2004 22:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 03/08/2004 22:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 03/08/2004 22:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 03/08/2004 22:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 03/08/2004 22:56:58 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 03/08/2004 22:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 03/08/2004 22:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 03/08/2004 22:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 03/08/2004 22:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 03/08/2004 22:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 03/08/2004 22:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 03/08/2004 22:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 03/08/2004 22:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 03/08/2004 22:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 03/08/2004 22:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 03/08/2004 22:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 03/08/2004 22:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl
19/08/2003 09:20:04 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 03/08/2004 22:56:58 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 03/08/2004 22:56:58 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 03/08/2004 22:56:58 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 03/08/2004 22:56:58 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 03/08/2004 22:56:58 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 03/08/2004 22:56:58 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 03/08/2004 22:56:58 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 03/08/2004 22:56:58 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 03/08/2004 22:56:58 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 23/08/2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 03/08/2004 22:56:58 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 03/08/2004 22:56:58 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 03/08/2004 22:56:58 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 03/08/2004 22:56:58 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 23/08/2001 12:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 03/08/2004 22:56:58 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 03/08/2004 22:56:58 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 03/08/2004 22:56:58 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Microsoft Corporation 23/08/2001 12:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 03/08/2004 22:56:58 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
20/02/2006 11:34:12 1666 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
15/12/2005 19:24:42 603 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CorrectConnect.lnk
15/12/2005 13:28:04 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
16/12/2005 12:43:38 1634 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
15/12/2005 14:09:22 875 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
15/12/2005 13:04:04 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
Checking files in %USERPROFILE%\Startup folder...
15/12/2005 13:28:04 HS 84 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
15/12/2005 13:04:04 HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Common Files\KAV Shared Files\AvpShlEx.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Common Files\KAV Shared Files\AvpShlEx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
OfficeGuard RegChecker "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
AVPCC "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
SiSUSBRG C:\WINDOWS\SiSUSBrg.exe
SiSPower Rundll32.exe SiSPower.dll,ModeAgent
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
RemoteControl "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
PowerBar "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
backup C:\WINDOWS\pss\Utility Tray.lnkCommon Startup
location Common Startup
command C:\WINDOWS\system32\sistray.exe
item Utility Tray
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG7_CC
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item avgcc
hkey HKLM
command C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item avgcc
hkey HKLM
command C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 0
startup 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoActiveDesktopChanges 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoAddingComponents 0
NoComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoCloseDragDropBands 0
NoMovingBands 0
NoHTMLWallPaper 0
NoChangingWallPaper 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
NoSaveSettings 0
ClassicShell 0
NoThemesTab 0
ForceActiveDesktopOn 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
NoColorChoice 0
NoSizeChoice 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0
NoDispAppearancePage 0
NoDispBackgroundPage 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 06/05/2006 08:35:58
Logfile of HijackThis v1.99.1
Scan saved at 08:47:53, on 06/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\CConnect\CConnect.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.797\WinPFind\winpfind.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ntlworld.com/broadband/broadband.htm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search -
res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -
res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages -
res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 6308743187
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe