Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer running very slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer running very slow

Unread postby toby1944 » May 4th, 2006, 6:46 pm

here is my log....any help greatly appreciated

Logfile of HijackThis v1.99.1
Scan saved at 23:40:27, on 04/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\CConnect\CConnect.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Owner\Desktop\utorrent.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/broadband/broadband.htm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6308743187
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
toby1944
Regular Member
 
Posts: 19
Joined: January 5th, 2006, 4:31 pm
Advertisement
Register to Remove

Unread postby Pollux.Castor » May 5th, 2006, 6:23 am

Hi Toby,

I'm Pollux.Castor; I'd be happy to look at your problem.

while I'm looking through your log, could you provide a few more details.

Is the internet access slow?
Does the computer take a long time to boot?
Is the computer itself slow (eg. local games more sluggish than before)?

Pollux.Castor
User avatar
Pollux.Castor
Regular Member
 
Posts: 444
Joined: December 28th, 2005, 12:01 pm

Unread postby toby1944 » May 5th, 2006, 8:26 am

Thanks for your response
In answer to your questions it is yes to them all....everything is sluggish....after checking i have no trojans or adaware problems
Hope this helps
toby1944
Regular Member
 
Posts: 19
Joined: January 5th, 2006, 4:31 pm

Unread postby Pollux.Castor » May 5th, 2006, 6:58 pm

Hi Toby,

I see nothing bad in your log. But I do see some things that do not need to autostart that we could remove.

First however, I'd like to investigate a little.

Download and run WinPFind

Follow the instructions on the bleepingcomputer website to download, extract and run WinPFind:
Pfind is a program that scans common locations on your hard drive for files that match certain patterns known to be used by malware. It will also provide exports of certain registry keys that are used by various malware.

Usage Instructions: Download WinPFind.zip and extract it to your C:\ folder. This will create a folder called C:\WinPFind. Inside c:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard as a reply to where you are receiving help.

Note: It is important to note that not all files found with this program are necessarily bad. Please use extreme caution when deleting these files as it may cause problems with applications running on your machine.


It will save a document in the folder from which it is run called WinPFind.txt. I will need this log.

Post this and a fresh log from Hijackthis.

Pollux.Castor
User avatar
Pollux.Castor
Regular Member
 
Posts: 444
Joined: December 28th, 2005, 12:01 pm

Unread postby toby1944 » May 6th, 2006, 3:48 am

Thanks....... here are the logs

ARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 23/08/2001 12:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
winsync 23/08/2001 12:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
aspack 03/08/2004 22:56:38 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
UPX! 30/10/2005 20:49:02 42496 C:\WINDOWS\SYSTEM32\swreg.exe
UPX! 01/09/2004 14:49:56 284672 C:\WINDOWS\SYSTEM32\avisynth.dll
Umonitor 03/08/2004 22:56:46 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
PTech 10/04/2006 13:00:34 555824 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
UPX! 15/05/2004 16:10:42 75264 C:\WINDOWS\SYSTEM32\MACDec.dll
UPX! 19/06/2004 18:28:44 177152 C:\WINDOWS\SYSTEM32\MonkeySource.ax
PECompact2 06/04/2006 20:48:38 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 06/04/2006 20:48:38 5143456 C:\WINDOWS\SYSTEM32\MRT.exe

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
06/05/2006 08:20:16 S 2048 C:\WINDOWS\bootstat.dat
06/05/2006 08:21:54 H 1024 C:\WINDOWS\system32\config\system.LOG
06/05/2006 08:32:46 H 1024 C:\WINDOWS\system32\config\software.LOG
06/05/2006 08:21:44 H 1024 C:\WINDOWS\system32\config\default.LOG
06/05/2006 08:20:18 H 1024 C:\WINDOWS\system32\config\SAM.LOG
06/05/2006 08:30:48 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
16/04/2006 18:43:26 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
03/05/2006 01:29:44 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\cf306f4a-1ec9-454d-b76d-e645ecb6284d
03/05/2006 01:29:44 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
17/03/2006 20:33:52 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
17/03/2006 20:33:52 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\89a53feb-7523-4607-8e79-58d81f9744fc
17/03/2006 10:24:26 S 12455 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911567.cat
30/03/2006 11:03:56 S 22339 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat
23/03/2006 07:15:38 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911562.cat
23/03/2006 00:17:30 S 14054 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat
13/03/2006 16:45:34 S 7898 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911565.cat
10/04/2006 13:01:22 S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
06/05/2006 08:20:20 H 6 C:\WINDOWS\Tasks\SA.DAT
05/05/2006 09:17:02 H 30 C:\WINDOWS\temp\CSA655EB9A-1741-4FD9-B7AD-70C52544E1E7.tmp
05/05/2006 09:17:02 H 0 C:\WINDOWS\temp\CSA0FACC1C-4AE3-4052-B148-84B03FC1783A.tmp
05/05/2006 09:17:02 H 0 C:\WINDOWS\temp\CS9542097D-B1B0-4752-9AFD-02E454AACB2E.tmp
05/05/2006 09:17:02 H 1898904 C:\WINDOWS\temp\CS445D907A-0947-45DC-9C7F-379525423D61.tmp
05/05/2006 09:17:02 H 1143806 C:\WINDOWS\temp\CS69CB00F5-42A1-4A3A-87A1-9199FD2976F1.tmp
05/05/2006 09:17:02 H 1474562 C:\WINDOWS\temp\CS936BAB1F-83A6-4D3A-8AA7-DB7C51EFBF4D.tmp
05/05/2006 09:17:02 H 80360 C:\WINDOWS\temp\CSCAFB020C-3515-44E4-B3BD-243FC78B6E6E.tmp
05/05/2006 09:17:02 H 292618 C:\WINDOWS\temp\CS21CE5929-A6DA-45DA-B681-8B5E52DDC633.tmp
05/05/2006 09:17:02 H 22032 C:\WINDOWS\temp\CS6A3465AE-6B87-4064-A085-21FA17F133D0.tmp
05/05/2006 09:17:02 H 0 C:\WINDOWS\temp\CSFEEFB0F0-71AE-4719-94EF-A9117A963FEB.tmp
05/05/2006 09:17:02 H 1193738 C:\WINDOWS\temp\CS5E6F9D5B-276E-4EB3-B5B6-6FA81A520528.tmp
05/05/2006 09:17:02 H 682 C:\WINDOWS\temp\CS45D87A9C-8018-4CC5-A5C6-F4F355439DD3.tmp
05/05/2006 09:17:02 H 228 C:\WINDOWS\temp\CSA3EB5E83-7AE7-4B4D-978E-B69163604315.tmp
05/05/2006 09:17:02 H 0 C:\WINDOWS\temp\CS54F3FDC1-45F8-4A8A-AA09-DC0509B05E29.tmp
05/05/2006 09:17:02 H 3249 C:\WINDOWS\temp\CSDCB86D5B-D6B0-4CB5-8360-6E6235615E1B.tmp
05/05/2006 09:17:02 H 160 C:\WINDOWS\temp\CS3C520FFD-8546-47BA-BB83-55CCC6115981.tmp
05/05/2006 09:17:02 H 5568 C:\WINDOWS\temp\CS316735B0-DCBA-4EF0-804C-F7D5DBA7F7C8.tmp
05/05/2006 09:17:02 H 63296 C:\WINDOWS\temp\CS6D60E116-142E-4234-B5F9-0705E88FB4C6.tmp
05/05/2006 09:17:02 H 180 C:\WINDOWS\temp\CS3DE8B1FB-2BD5-4D55-8E4B-783BADADABBB.tmp
05/05/2006 09:17:02 H 1062 C:\WINDOWS\temp\CS86C5FA2A-69E2-4252-9469-17F10BB0A97A.tmp
05/05/2006 09:17:02 H 126 C:\WINDOWS\temp\CSB4920EA8-7BD6-49C3-BD15-555466C5FB24.tmp
05/05/2006 09:17:02 H 32 C:\WINDOWS\temp\CSDE6B2179-A5D0-4FA4-BF79-F601C660EE4E.tmp
05/05/2006 09:17:02 H 934 C:\WINDOWS\temp\CS504ADCB3-2F93-4AD8-BEB2-DF12F6667BD9.tmp
05/05/2006 09:17:02 H 1276830 C:\WINDOWS\temp\CS1621564E-4087-45B4-806C-FE07131268DE.tmp
05/05/2006 09:17:02 H 591862 C:\WINDOWS\temp\CS217F2A73-9F76-4C9B-89D4-531A882BE7DD.tmp
05/05/2006 09:17:02 H 998134 C:\WINDOWS\temp\CS4331429A-1526-4FEF-A4E1-202C3AB7DE7A.tmp
05/05/2006 09:17:02 H 512876 C:\WINDOWS\temp\CS5D053DA9-93AD-4F6F-830F-785B1F9ACBF8.tmp
05/05/2006 09:17:02 H 35638 C:\WINDOWS\temp\CS971E0168-ED3E-41A7-A1F3-E86437FEE208.tmp
05/05/2006 09:17:02 H 91830 C:\WINDOWS\temp\CS991446FE-4C0C-47BA-AD4C-9F301E75D7D5.tmp
05/05/2006 09:17:02 H 35144 C:\WINDOWS\temp\CSB54CFB74-893A-46A7-9D8F-3594C8C24734.tmp
05/05/2006 09:17:02 H 5044 C:\WINDOWS\temp\CS7D991B51-0325-47D1-8CE6-1B71A6F0AC49.tmp
05/05/2006 09:17:02 H 32768 C:\WINDOWS\temp\CS23D8CEA0-51B6-4E25-977A-16295E2E3845.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS8E2FF7B4-96B8-437B-9CCC-66417FAF2727.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSCBFD8F97-DD4D-4C4E-937A-9AACEA3936EE.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS9074F273-5DA1-4E06-8082-CAEAE2526F62.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS98B4E1B6-AEDE-4EF2-8D3D-3A4719FA018E.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS5458B86A-B577-4E32-B3B9-2964D27212A6.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS4B3CA94C-7ABD-4E6F-AC94-E257A2E44977.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSF87A6F79-964A-471B-9FA1-9C734F180095.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS3681DE87-B65C-417A-A9FE-5CAB99C9C478.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS01B1BCA5-2939-4433-A4A7-37B8C2BE721C.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSE98A474F-372E-4E89-9DC3-0724DC5C844D.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSC2306184-0D42-4426-A7C7-3F3648FAF8C6.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSF806744B-5441-4937-B70E-E1D751835F2A.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSA7F9B0E9-1FB2-416A-9D6F-B7F4CA8970CF.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSE7B1F360-DBDF-43C8-BC74-0C7B4A9BF057.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS8395000D-509E-499F-910B-5E422BBA8879.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS83D396A3-2EF8-41F0-A234-06E6A2F2AF22.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSAA5B2154-3C3F-471C-8DE4-4F71CFFF173A.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS702E4EDF-5784-4FDD-9998-84113C917D8B.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS5BF99DF0-CD9C-4459-BAA9-00F8D5558847.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS6C592E8F-5C71-4F67-866B-035DE63971D7.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS6DB03FAD-F85C-49E8-86C5-B87BAB973FA3.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS15501712-50E1-4490-8836-26606855F1A6.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSCF49D468-49AF-450F-BB43-1CAC817A9119.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS3172B541-75A1-4D24-8D9B-024305D26D18.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS05E1B24E-468B-434C-8C69-D19DB23042DD.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSB018ACF8-9357-490E-9B78-12C753526DF3.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS74D14153-A308-4E12-9646-EAD84A6E33A2.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSB77D24E3-9E02-49BE-A774-D63EE5850EF7.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS6B3D79F1-00BF-4AEA-8851-D5152E05DA9A.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS5CDC6C94-BF79-441A-9E8A-B9621F929F41.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSEC520219-68C1-4422-9DB3-A8208780EE4A.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS96C976DF-1AE3-45E0-97CD-0953380E092C.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS228699F3-2284-4548-A121-506AA32FCFD4.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSA0133D72-FA0C-443F-A5C3-A2A7F7845E7E.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSDF092778-7099-469A-AD35-489AE2514FF1.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSBBA953E7-B0C1-4560-88C7-3EAFED218977.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSAE531043-C726-433C-9FE7-378C1E2BA1C4.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS28DDC135-DAB1-40A6-9F5E-185709F8CA57.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSA7302EA5-E352-4C05-8511-E9246DC3808A.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS3E3AB62D-7FBD-416F-8E52-FC6525A55B5F.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS8183D829-0866-47FC-A9C2-90C87AE92C95.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS6A5A30C2-80B4-4B8D-8965-BD3958704675.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS476977F0-350F-4F92-87CB-EC69993CCBBC.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS7E3A2C8D-90FC-4992-9C27-123CD8FD5E5C.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSC2179A03-E97C-4A68-B541-71BD70819EC1.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS46E0B56C-5BF2-41E4-A64C-D50465145F18.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS896D9ACB-AD13-4526-A78F-E0B6FC3B88B4.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSB9BE3801-1D2E-4B56-8C30-FDF878E35D9D.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS2882B85B-FF35-4242-8D33-B20D357205FF.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS99C66604-4130-45A5-9D55-C03EE1AADA9D.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSC6F42268-249D-4306-A1C9-1987F089FBE8.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS953374F6-F559-4072-AE46-DCAED9C0E6EA.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS6D0E38A8-3B4E-4682-A1C3-5FC803B47811.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS28BB3232-1780-4772-B276-DC58063BFBEE.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSDA592163-3C34-4BAE-B968-E0192F87DE58.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSBCE96297-F72D-451B-ACB4-E4763394969A.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS40EB4AFA-52C7-4688-A8D8-5F59927A327B.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSC16E0CB1-16AD-4229-8A7B-92B70415C215.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSB777FE0F-142D-42C0-8BCE-B44665ECA6DA.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS34217B75-7DA4-4FDF-A0E7-44B2A10788DA.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSCDD97BFB-6A99-4E97-A976-79C5FEF7A46D.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS670BC145-D49C-4845-A1D0-55DEB070114D.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS1940EAFA-DF36-44A6-B2ED-F560C953D68F.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS8928131A-9DAB-48E9-9099-F8658489BD67.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS22B891AB-D8B6-4288-8116-483EEB2A5D7B.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CSEAB05F8D-FA58-4C04-A557-866D0EA2F699.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS855DDD2F-ADB4-45EE-9EE5-97B75C98282B.tmp
05/05/2006 09:17:14 H 32768 C:\WINDOWS\temp\CS3B7F594D-F262-4056-86E8-428CB7B42820.tmp
05/05/2006 09:17:14 H 10 C:\WINDOWS\temp\CSE8E74FA4-EBC5-4342-ACAC-A5302CB5D7EA.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS3F004C9F-74DB-4D31-8CE1-5C9036501686.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS62E3CF05-1082-41FF-9D51-A1B76CD66F98.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSD214BDB4-9CF7-4A5B-85D5-86F76AEDFD7D.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSC68943C1-5E39-4977-BC9E-27EB7730D25C.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS1C428CAF-CA29-4AD3-B442-F6F632754814.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSD9A4F136-8175-49A2-A0AF-90D0271CC41B.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSFD1B54F8-5964-45A8-84E9-C09945FF5CC1.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSB9DB9627-7685-42E4-8C3C-B80FED41CC6D.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSF056EEBF-19E8-448B-9794-2F46CCA9027B.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS2BFCCF7E-B7DC-45D3-ADB3-B1A19F1CE760.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS7EB859EE-4113-48AE-8EF0-484427B6F463.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSC10E09BC-49CD-4579-8A4B-97467775A0BE.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSBF8495E3-282D-41E0-BC2A-8178FEB1DB19.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSF1539FC5-D964-4C86-8B8D-E189ED04E52E.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS5E8C589E-BFB0-4E3B-A8D5-56366C1B4ADF.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSCB64AC32-EC63-477C-8418-40A2A3967AAE.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS94D2652B-C0FA-4E06-B115-CAE69F53CFBB.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS905FB166-A89D-412C-92E7-DAB84AB7BC44.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSBD6CFD9D-0945-44F5-A35D-FE886D1FA788.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS5AF81497-7636-4258-B3F0-AED71C88911F.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSA96E57B4-80CE-4A5F-82AA-5DDF36935E33.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSE4F35CDF-AF86-4503-B004-563505AF5D0C.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS09368866-E068-4C7F-8E0C-B805A7776560.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS39E46F1F-2442-45B9-887D-C374078FEC84.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSC48CDB75-884E-4768-9724-05CD4F358018.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS569595CF-EE00-4BC7-9BCE-C9779640976A.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS28D24CC7-E120-4434-B421-C34553EF1D44.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS46223FBA-D1E6-4314-A658-1277F3914ADF.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSDCE7D4C6-9D8C-418E-BC05-5E2C66C8F42E.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS35DA085F-3C86-4FEA-B523-DA7223E134CD.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CS7FA65842-1FC1-4BB8-BEB1-181A4332A9FC.tmp
06/05/2006 08:21:20 H 0 C:\WINDOWS\temp\CSB79AF9D0-6C5F-44F7-BA4E-27C83DA0E6DA.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS14538C31-313B-4EE9-A6DB-0D79D07E41B9.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS55681284-7E26-4DE2-A0DA-B67752760CF6.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS5783DFEE-D7AB-4015-8D05-9600F3F79506.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSC2EB6570-D7E2-4792-8B12-541A0F85A201.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSB8863114-633F-4AAE-A44C-623688585CC1.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS1306DD35-F83E-4D0A-8292-EDC757249F25.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS97F95F5B-6F18-4FC3-9163-AC06493B9121.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS59ED9849-B99F-4C3B-9449-03E9E14885E9.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSCE21B0D0-39C8-43AC-970E-84D6323A2557.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS8666C917-F2FA-4DFF-81E7-ED2ADD833D24.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSD365A835-BB36-4159-9519-3DDE82AE675A.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS288E5BB9-3F1D-4845-A8D3-418A17C689F6.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS8385471F-0F04-4289-8A41-088BEF1953F4.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS447F1934-5379-4FA5-9EB5-77B943BBFA3F.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS624559E3-39A0-4892-B7BC-7FD2624198D7.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS7A29FEB3-998A-46E2-88DF-21304CE79772.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS7752641E-5D6B-4C14-8141-3A6E1DF01E13.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS76CAC67A-FDF2-45C0-9C71-D1F45D20D246.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS7D47A2A8-F8B6-4F13-AEEB-1FD44C3E6A59.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSF12D79E2-2CC0-4BB9-A9C1-04EBB5DE304A.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS4EE7CF31-D95E-4363-88A9-26C96D3A0633.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSD881E394-235E-4004-A17E-FF12A348BB73.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSAD11CBA0-BB9F-4B41-8283-02F647F45B87.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS86F5F1EA-3E66-446B-83AB-3C478F7FF013.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS7954C33C-CEFE-415F-B06D-4571B6DE3F6C.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS5E0BD685-A9AB-4C74-AFB5-1F7F621E9264.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS85B51E04-6354-45D4-9240-4DF79EC3512C.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS35600332-A64C-4126-9D46-FABE07F8CFF9.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSEB3B5656-15F6-4042-B7E5-EF0E74366360.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS5CB813CF-0BE3-4567-A638-F0BB56D64448.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSE698111C-59FF-49A3-BA8B-1285ADD1B64A.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS15781F87-8F55-44E1-9509-CBA6808BAE56.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSE7B50537-BE9B-47CF-A08A-669BA97F4907.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS371378FF-3077-43C0-8F42-786F53443A31.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS48BE5BAC-AA80-4E1C-B1C4-EB56D5FE4FEB.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS700696EE-3D30-47D7-99E5-173E578CEDBB.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS8ADFAFF8-FCF7-409D-8F5C-65DDF105AAEA.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS77FFCE86-4409-4586-9D75-8DCE12668388.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS5FC826E3-F5E7-4708-9F5B-F715ADA49270.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSFB5421F3-5ED1-40D7-9D78-6A8E42E8E651.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS4D124F05-1563-4A86-AD9C-4EA995E8FB5D.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS9C2A6E2A-05F8-470F-96E2-A8FADB801EB7.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS1707B476-DAC7-410A-9E67-BB02E9C4DB8D.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSFBA727C6-B2CE-4E58-9CBB-0AC7D4DA655E.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSB85D6879-EF79-4C05-8D93-5D2618639B9F.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSC56B4101-04AD-4457-84E1-FCC163CCB222.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS2D16869D-7F6D-426D-88DF-63582293D716.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS49A9F617-20CB-44A2-B4B2-0CDC81F41866.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSD096A46A-4B86-409C-B250-B15C346ADFFD.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSF98F4421-61E8-434D-A0FC-A8C7584823CF.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS4F12F5E8-D5E4-4F5E-9DFC-CA7EE692B249.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSBB172F0A-F5D9-4735-A0A1-0FB63B79F891.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS9F7183E1-D502-4B9A-BE6E-7014AE7D7C47.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSA5CA97CE-F6EC-4A05-B22B-EC7DABEDA95E.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSE7BC1783-9D0B-4FAC-8721-21D9CD98E17D.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS19850C8E-2E73-43EC-903C-989724D74298.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS068B2F11-53AC-45CD-A847-1A33F04A32EF.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSC76E2A10-A602-48D8-94E3-586066574B0B.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS0CFECBB0-E174-4D19-9D97-6A3BABB0EEEA.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS84CF528D-3925-4A9F-AC4F-FB6CE348C9BE.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSA7E01F59-6B0A-4F67-A148-2EB1691D7D16.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS102E2892-68EA-47D3-BF08-7066D346AEDA.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS6C348771-E60F-4C41-85A4-32CBF5A3C58E.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSFF555648-E260-4668-AEF6-0CB590FFC241.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS9D036E93-D077-40C8-882F-68D6EB2B88AA.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSEA3C1717-0EC7-4047-AF13-DF00EEB952A6.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CSDFCDC86D-6AC8-4D7F-B1DD-1183B00E1F2F.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS9DBDA080-45B0-4C7F-8956-6262B39716CF.tmp
06/05/2006 08:26:34 H 0 C:\WINDOWS\temp\CS2DF2790A-375A-4C1C-9686-FED60BD4011A.tmp

Checking for CPL files...
Microsoft Corporation 23/08/2001 12:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 23/08/2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 23/08/2001 12:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Sun Microsystems, Inc. 10/11/2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 03/08/2004 22:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 03/08/2004 22:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 03/08/2004 22:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 03/08/2004 22:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 03/08/2004 22:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 03/08/2004 22:56:58 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 03/08/2004 22:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 03/08/2004 22:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 03/08/2004 22:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 03/08/2004 22:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 03/08/2004 22:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 03/08/2004 22:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 03/08/2004 22:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 03/08/2004 22:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 03/08/2004 22:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 03/08/2004 22:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 03/08/2004 22:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 03/08/2004 22:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl
19/08/2003 09:20:04 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 03/08/2004 22:56:58 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 03/08/2004 22:56:58 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 03/08/2004 22:56:58 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 03/08/2004 22:56:58 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 03/08/2004 22:56:58 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 03/08/2004 22:56:58 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 03/08/2004 22:56:58 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 03/08/2004 22:56:58 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 03/08/2004 22:56:58 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 23/08/2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 03/08/2004 22:56:58 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 03/08/2004 22:56:58 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 03/08/2004 22:56:58 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 03/08/2004 22:56:58 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 23/08/2001 12:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 03/08/2004 22:56:58 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 03/08/2004 22:56:58 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 03/08/2004 22:56:58 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Microsoft Corporation 23/08/2001 12:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 03/08/2004 22:56:58 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
20/02/2006 11:34:12 1666 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
15/12/2005 19:24:42 603 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CorrectConnect.lnk
15/12/2005 13:28:04 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
16/12/2005 12:43:38 1634 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
15/12/2005 14:09:22 875 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
15/12/2005 13:04:04 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
15/12/2005 13:28:04 HS 84 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
15/12/2005 13:04:04 HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Common Files\KAV Shared Files\AvpShlEx.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Common Files\KAV Shared Files\AvpShlEx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
OfficeGuard RegChecker "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
AVPCC "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
SiSUSBRG C:\WINDOWS\SiSUSBrg.exe
SiSPower Rundll32.exe SiSPower.dll,ModeAgent
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
RemoteControl "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
PowerBar "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
backup C:\WINDOWS\pss\Utility Tray.lnkCommon Startup
location Common Startup
command C:\WINDOWS\system32\sistray.exe
item Utility Tray

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG7_CC
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item avgcc
hkey HKLM
command C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item avgcc
hkey HKLM
command C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoActiveDesktopChanges 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoAddingComponents 0
NoComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoCloseDragDropBands 0
NoMovingBands 0
NoHTMLWallPaper 0
NoChangingWallPaper 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
NoSaveSettings 0
ClassicShell 0
NoThemesTab 0
ForceActiveDesktopOn 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
NoColorChoice 0
NoSizeChoice 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0
NoDispAppearancePage 0
NoDispBackgroundPage 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 06/05/2006 08:35:58

Logfile of HijackThis v1.99.1
Scan saved at 08:47:53, on 06/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\CConnect\CConnect.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.797\WinPFind\winpfind.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/broadband/broadband.htm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6308743187
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
toby1944
Regular Member
 
Posts: 19
Joined: January 5th, 2006, 4:31 pm

Unread postby Pollux.Castor » May 6th, 2006, 1:38 pm

Hi Toby,

I see you once used AVG, did you uninstall that when you got Kaspersky Anti-Virus Personal Pro?

Let's do some cleaning up.

Here are some optional Items that do not need to run on startup.
The blue text is describes what the item does.
OSA9.EXE - Kick starts MS Office programs, makes the boot take longer.
PDVDServ.exe" - (Click link) http://www.bleepingcomputer.com/startup ... -4017.html.
PowerBar.exe" /AtBootTime - (Click link) http://www.bleepingcomputer.com/startup ... -4123.html.

Run Hijackthis, Press Do a system scan only (if that button is not available, press Scan)
Place a check (tick) beside each listed item below (as desired).
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
Then, with all other windows and apps closed, click Fix checked.

Download ATF-Cleaner.exe from here. Run it.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox and/or Opera browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

See if that helped.

Post a new HJT log.

Pollux.Castor
User avatar
Pollux.Castor
Regular Member
 
Posts: 444
Joined: December 28th, 2005, 12:01 pm

Unread postby toby1944 » May 6th, 2006, 7:33 pm

Once again thanks for your time and help....it is much appreciated

New Log

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\CConnect\CConnect.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Owner\Desktop\utorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/broadband/broadband.htm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6308743187
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
toby1944
Regular Member
 
Posts: 19
Joined: January 5th, 2006, 4:31 pm

Unread postby Pollux.Castor » May 7th, 2006, 10:05 am

Any better?
User avatar
Pollux.Castor
Regular Member
 
Posts: 444
Joined: December 28th, 2005, 12:01 pm

Unread postby toby1944 » May 8th, 2006, 4:34 am

Yes thanks....seems to be working a little faster
Maybe its time for a new PC
Once again thanks for your time and help ....its greatly appreciated
toby1944
Regular Member
 
Posts: 19
Joined: January 5th, 2006, 4:31 pm

Unread postby Pollux.Castor » May 8th, 2006, 12:13 pm

Hi Toby,

toby1944 wrote:Maybe its time for a new PC

PC Pitstop might be a better place to help you decide that. What speed processor and how much RAM does it have?

This should also help:
Use CCleaner again (http://forum.malwareremoval.com/viewtopic.php?p=44367#44367).
or
Download ATF-Cleaner.exe from here.
Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox and/or Opera browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Pollux.Castor
User avatar
Pollux.Castor
Regular Member
 
Posts: 444
Joined: December 28th, 2005, 12:01 pm

Unread postby toby1944 » May 8th, 2006, 5:19 pm

Ok....thanks again
toby1944
Regular Member
 
Posts: 19
Joined: January 5th, 2006, 4:31 pm

Unread postby 'KotaGuy » May 8th, 2006, 7:19 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link : Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware