Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspected Malaware - Unknown


  • Please log in to reply

#1
Ramkzoo

Ramkzoo

    Member

  • Member
  • PipPip
  • 27 posts
Good afternoon:

I have had an ongoing problem with a Dell Optiplex System (GX 270) - OS is XP SP2. The system is shutting down, or freezing at unexpected times, so that a hard reset (hold down power button for several seconds until power down, then press power button again to restart system) is needed to reboot. System starts normally.

I have been unable to run Mcafee VirusScan without the system shutting off.

System shuts off when running System File Checker.

I have not been able to view System Registry without system shutting off.

I was able to run Mcafee Online Virus Scan and no threats were detected.

I was able to run Mcafee SDat 4860 engine (Dos based Scan) and no threats were detected.

I have completed Disk Clean Up, including Prefetch files, cookies, temp internet files, and recycle bin.

I have completed a Defrag of the C drive.

I have completed a CheckDisk Scan. (No problems found.)

I have followed the steps on the Malaware Forum page entitled "You Must Read This Before Posting A Hijackthis Log."

I was able to complete all steps with the exception of the online Virus Scan using the scanning tools indicated. Eiwido Anti-Malaware has become AVG, which I downloaded and ran. The system shutdown and had to have a hard reset as described above. I attempted to use the Panda online scan, but it would not load. I had previously tried the Trend Micro scan, which ran but would turn off mid-scan.

I have not been able to identify a specific file that is causing an issue (shutdown or lockup). It seems to change each time.

Windows Update has already been run several times and is set to autmatically update regardless. It is considered up to date.

Of additional note, there is an Administrator password that I did not set. I am logged in as an administrator under the only user's name, but I have not been able log in as Administrator. (The default "blank" password to which Adminsitrator is supposedly set does not work.)

Below is my Hijack This log. I would appreciate any advice or assistance as I am on the verge of simply reinstalling XP with all of the headaches that entails.



Logfile of HijackThis v1.99.1
Scan saved at 3:08:26 PM, on 10/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Jennifer Luitje\Desktop\Downloaded Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\JENNIF~1\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.m...pdatePortal.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159367370859
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,20/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...861/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
  • 0

Advertisements


#2
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
sorry for the delay,
Lets see if anything is hiding on us

Download winpfind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.
  • 0

#3
Ramkzoo

Ramkzoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thank you for the time that you have taken to respond. I truly appreciate your help. Here is the scan information that you requested:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 10/9/2006 8:11:12 AM
WinPFind v1.5.0 Folder = C:\Documents and Settings\Jennifer Luitje\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/29/2002 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC ()
PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 9/11/2006 12:37:22 PM 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 9/11/2006 12:37:22 PM 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/4/2004 2:56:54 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 8/29/2002 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU ()
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts


Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\oldhosts\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/9/2006 8:03:34 AM S 2048 C:\WINDOWS\BOOTSTAT.DAT ()
10/9/2006 7:54:04 AM H 54156 C:\WINDOWS\QTFont.qfn ()
9/27/2006 10:08:54 AM RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme ()
9/27/2006 10:08:54 AM RH 0 C:\WINDOWS\assembly\pubpol1.dat ()
9/27/2006 10:15:44 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat ()
10/2/2006 9:20:34 AM S 64 C:\WINDOWS\CSC\00000001 ()
10/2/2006 9:20:34 AM S 64 C:\WINDOWS\CSC\00000002 ()
10/2/2006 9:48:04 AM H 0 C:\WINDOWS\INF\oem61.inf ()
10/9/2006 7:58:22 AM H 0 C:\WINDOWS\LastGood\INF\oem62.inf ()
10/9/2006 7:58:22 AM H 0 C:\WINDOWS\LastGood\INF\oem62.PNF ()
9/21/2006 5:40:54 PM H 1023792 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5b4fc36992d4aa37911376d5c1e0e6ff\BITE7.tmp (Microsoft Corporation)
8/21/2006 8:00:10 AM S 11749 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat ()
9/18/2006 9:40:26 AM S 8847 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486.cat ()
8/10/2006 10:49:10 AM S 16496 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT ()
10/9/2006 8:03:24 AM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG ()
10/9/2006 8:03:54 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG ()
10/9/2006 8:03:36 AM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG ()
10/9/2006 8:04:16 AM H 98304 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG ()
10/9/2006 8:03:40 AM H 1101824 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG ()
9/21/2006 5:39:56 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG ()
9/25/2006 12:22:12 PM S 688 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 ()
9/25/2006 12:22:12 PM S 37470 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 ()
9/25/2006 12:22:12 PM S 94 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 ()
9/25/2006 12:22:12 PM S 124 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 ()
9/11/2006 10:38:56 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\7166b012-9cd0-47fd-92ec-6ed43a102e79 ()
9/11/2006 10:38:56 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred ()
9/25/2006 12:55:28 PM H 284 C:\WINDOWS\Tasks\McDefragTask.job ()
9/25/2006 12:55:26 PM H 372 C:\WINDOWS\Tasks\McQcTask.job ()
10/9/2006 8:02:44 AM H 6 C:\WINDOWS\Tasks\SA.DAT ()
9/25/2006 1:36:22 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ()
9/25/2006 1:36:22 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\3VPMRMQW\desktop.ini ()
9/25/2006 1:36:22 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\47VF3BB8\desktop.ini ()
9/25/2006 1:36:22 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8PIZOXI3\desktop.ini ()
9/25/2006 1:36:22 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OPEZW1YN\desktop.ini ()

Checking for CPL files...
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
9/20/2005 9:35:12 AM 77824 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
8/29/2002 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL (Microsoft Corporation)
8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/29/2002 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL (Microsoft Corporation)
8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/29/2002 5:00:00 AM 36864 C:\WINDOWS\SYSTEM32\NWC.CPL (Microsoft Corporation)
8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
9/23/2004 5:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl (Apple Computer, Inc.)
8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/29/2002 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL (Microsoft Corporation)
8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\access.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\DLLCACHE\appwiz.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\DLLCACHE\bthprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\DLLCACHE\desk.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\DLLCACHE\firewall.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\DLLCACHE\hdwwiz.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\DLLCACHE\intl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\DLLCACHE\irprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\joy.cpl (Microsoft Corporation)
8/29/2002 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\DLLCACHE\main.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\DLLCACHE\mmsys.cpl (Microsoft Corporation)
8/29/2002 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\DLLCACHE\ncpa.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\DLLCACHE\netsetup.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\DLLCACHE\nusrmgr.cpl (Microsoft Corporation)
8/29/2002 5:00:00 AM 36864 C:\WINDOWS\SYSTEM32\DLLCACHE\nwc.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\DLLCACHE\odbccp32.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\DLLCACHE\powercfg.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155648 C:\WINDOWS\SYSTEM32\DLLCACHE\sapi.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\DLLCACHE\sysdm.cpl (Microsoft Corporation)
8/29/2002 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\DLLCACHE\telephon.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\DLLCACHE\timedate.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\DLLCACHE\wscui.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl (Microsoft Corporation)
1/23/2005 9:33:44 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl (Intel Corporation)

Checking for Downloaded Program Files...
{215B8138-A3CF-44C5-803F-8226143CFC0A} - Trend Micro ActiveX Scan Agent 6.5 - CodeBase = http://housecall65.t...ivex/hcImpl.cab
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.micros...ntent/opuc3.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - McAfee.com Operating System Class - CodeBase = http://download.mcaf...99/mcinsctl.cab
{5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} - McUpdatePortalFactory Class - CodeBase = http://amiuptodate.m...pdatePortal.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.micros...b?1159367370859
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - DwnldGroupMgr Class - CodeBase = http://bin.mcafee.co...,20/mcgdmgr.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.ma...ash/swflash.cab
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - McFreeScan Class - CodeBase = http://download.mcaf...861/mcfscan.cab
DirectAnimation Java Classes - - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
6/29/2003 8:18:24 PM 910 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk ()
9/3/2002 1:36:04 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI ()
12/29/2005 2:43:28 AM 1808 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ()
12/29/2005 2:48:56 AM 798 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk ()
7/10/2004 7:23:36 PM 1807 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk ()
6/20/2004 4:02:56 PM 1961 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 1:26:20 PM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI ()
12/29/2005 3:04:28 AM 3705 C:\Documents and Settings\All Users\Application Data\hpzinstall.log ()

Checking files in %USERPROFILE%\Startup folder...
9/3/2002 1:36:04 PM HS 84 C:\Documents and Settings\Jennifer Luitje\Start Menu\Programs\Startup\DESKTOP.INI ()
7/10/2004 6:45:26 PM 1711 C:\Documents and Settings\Jennifer Luitje\Start Menu\Programs\Startup\Event Reminder.lnk ()

Checking files in %USERPROFILE%\Application Data folder...
7/6/2003 11:38:34 AM 37541 C:\Documents and Settings\Jennifer Luitje\Application Data\Comma Separated Values (Windows).ADR ()
7/6/2003 11:42:44 AM 9348 C:\Documents and Settings\Jennifer Luitje\Application Data\Comma Separated Values (Windows).EML ()
9/3/2002 1:26:20 PM HS 62 C:\Documents and Settings\Jennifer Luitje\Application Data\DESKTOP.INI ()
11/18/2004 2:59:44 PM 65512 C:\Documents and Settings\Jennifer Luitje\Application Data\GDIPFONTCACHEV1.DAT ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://smbusiness.dellnet.com/
\\Search Page - http://www.microsoft...amp;ar=iesearch
\\Default_Page_URL - http://www.microsoft...p...&ar=msnhome
\\Default_Search_URL - http://www.microsoft...amp;ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://dell.com/
\\Default_Page_URL - http://smbusiness.dellnet.com/
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn...st/srchcust.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
\{089FD14D-132B-48FC-8861-0048AE113215} - = C:\Program Files\SiteAdvisor\SiteAdv.dll (McAfee, Inc.)
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - scriptproxy = c:\program files\mcafee\virusscan\scriptsn.dll (McAfee, Inc.)
\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - CPub Object = c:\program files\mcafee\mps\mcpopup.dll (McAfee, Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor = C:\Program Files\SiteAdvisor\SiteAdv.dll (McAfee, Inc.)
\\{BA52B914-B692-46c4-B683-905236F6F655} - = ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\NEXTID - 8197
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 = Windows Messenger
\\{cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - 8194 =
\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - 8195 =
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8196 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{5E44E225-A408-11CF-B581-008029601108} - Adaptec DirectCD Shell Extension = C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll (Roxio)
\\{acb4a560-3606-11d3-aef4-00104bd0f92d} - KodakShellExtension = ()
\\{acb4a560-3606-11d3-aef4-00104bd0f92d} - KodakShellExtension = C:\Program Files\Common Files\Kodak\ifscore\KodakShX.dll (Eastman Kodak Company)HKCU CLSID)
\\{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} - TrojanHunter Menu Shell Extension = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\MCVSRIGHTCLICKSCANNER - {162EFDC5-2957-465D-887B-590AF4A7E84D} = c:\program files\mcafee\virusscan\mcodsax.dll (McAfee, Inc.)
\TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\MCVSRIGHTCLICKSCANNER - {162EFDC5-2957-465D-887B-590AF4A7E84D} = c:\program files\mcafee\virusscan\mcodsax.dll (McAfee, Inc.)
\TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSKDetectorExe - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
MskAgentexe - C:\Program Files\McAfee\MSK\MskAgent.exe (McAfee Inc.)
UserFaultCheck - ()
RegistryMechanic - Reg Data missing or invalid ()
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MISAggregator - Reg Data missing or invalid ()
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
igfxtray - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
igfxpers - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
igfxhkcmd - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
HP Software Update - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
HP Component Manager - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
DVDSentry - C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
AdaptecDirectCD - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)
THGuard - C:\Program Files\TrojanHunter 4.6\THGuard.exe (Mischel Internet Security)
0169141160398714mcinstcleanup - C:\WINDOWS\TEMP\016914~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
DELDIR0.EXE - C:\DOCUME~1\JENNIF~1\LOCALS~1\Temp\DELDIR0.EXE ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
- Reg Data missing or invalid ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Jennifer Luitje\Start Menu\Programs\Startup\DESKTOP.INI ()
C:\Documents and Settings\Jennifer Luitje\Start Menu\Programs\Startup\Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\igfxcui - igfxdev.dll = (Intel Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{5E04BADF-9D67-4BBA-A343-0EEB352870D6} - (Intel® PRO/1000 MT Network Connection)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\cetihpz - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  • 0

#4
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
To this point everything is showing up clean, could you check Eiwido (AVG) for updates,

run the scan in safe mode not normal mode, It gives you the option to save the log please do so and post it back here for me please
  • 0

#5
Ramkzoo

Ramkzoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thank you for the prompt response. I have attempted to run Eiwido (AVG) scan; the machine crashes (HD shuts off or freezes) shortly into the scan. (Same as when I run McAfee Virus Scan) A hard reset (hold power button down) is required to get machine back up. Running System File Checker causes the same result. I scanned the hard drive for issues but the scan was clean.
  • 0

#6
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Could you clarify for me please if you had tried running Ewido in safe mode
  • 0

#7
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Let me ask one of the OS guys to have a peek here, Give me a bit
  • 0

#8
Ramkzoo

Ramkzoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thanks for your continued assistance. I'll keep my eyes peeled.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP