Here are the requested scans: Thanks for your help.
WinPFindWARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
PEC2 8/4/2004 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PTech 8/3/2005 10:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 9/8/2005 11:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/8/2005 11:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 6:00:00 AM 708096 C:\WINDOWS\SYSTEM32\NTDLL.DLL
Umonitor 8/4/2004 6:00:00 AM 657920 C:\WINDOWS\SYSTEM32\RASDLG.DLL
winsync 8/4/2004 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/10/2005 5:49:00 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
9/20/2005 2:11:52 PM HS 422460 C:\WINDOWS\SYSTEM32\hkkkj.bak1
9/20/2005 5:01:28 PM HS 424242 C:\WINDOWS\SYSTEM32\hkkkj.ini
8/24/2005 8:18:16 PM HS 303 C:\WINDOWS\SYSTEM32\nqppo.ini
9/9/2005 5:04:24 PM HS 178780 C:\WINDOWS\SYSTEM32\qrtwa.bak2
9/10/2005 12:57:18 AM HS 178251 C:\WINDOWS\SYSTEM32\qrtwa.ini
10/10/2005 5:43:24 PM H 31767 C:\WINDOWS\SYSTEM32\vsconfig.xml
9/13/2005 12:59:20 AM H 4212 C:\WINDOWS\SYSTEM32\zllictbl.dat
10/10/2005 5:48:52 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
10/10/2005 5:49:12 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
10/10/2005 5:49:02 PM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
10/10/2005 5:49:14 PM H 77824 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
10/10/2005 5:49:08 PM H 1085440 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
9/14/2005 1:01:48 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
9/6/2005 6:05:40 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0R2HENCB\desktop.ini
9/6/2005 6:05:40 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\61IDW9WR\desktop.ini
9/6/2005 6:05:40 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\61QRYTO7\desktop.ini
9/6/2005 6:05:40 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CPE3ST67\desktop.ini
9/15/2005 9:01:04 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\3456661e-8e7a-42dd-80a5-af1c990b6dd9
9/15/2005 9:01:04 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
10/10/2005 5:48:00 PM H 6 C:\WINDOWS\Tasks\SA.DAT
10/3/2005 7:43:48 PM H 1890 C:\WINDOWS\Temp\CS01F9C0D6-A2BD-44CF-B08A-5FDED41A0FEE.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS0215739D-8127-4587-AFA8-2BF4FD815753.tmp
10/3/2005 7:46:54 PM H 30 C:\WINDOWS\Temp\CS02D73ED9-50A8-4599-A1D0-2F467D233432.tmp
10/3/2005 7:46:54 PM H 48 C:\WINDOWS\Temp\CS0725A901-8B20-4EE1-ADB4-24FE699DE872.tmp
10/3/2005 7:43:48 PM H 1503408 C:\WINDOWS\Temp\CS0762076C-3007-44B8-9B1D-EA3D5491A042.tmp
10/3/2005 7:43:48 PM H 2016 C:\WINDOWS\Temp\CS0A662BE7-1964-4E72-8BEB-952BC0304A0D.tmp
10/3/2005 7:46:54 PM H 96 C:\WINDOWS\Temp\CS0D397B3D-BE1F-4D07-98F8-4DD5C5A210D7.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS0FE384D4-2683-4220-B837-C32B7105A730.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS119ACB9C-C6BD-48C5-87D5-29C401C7031F.tmp
10/3/2005 7:46:54 PM H 42 C:\WINDOWS\Temp\CS170BA702-29C7-4744-A8E8-AA2D961A9CB9.tmp
10/3/2005 7:46:54 PM H 30 C:\WINDOWS\Temp\CS1E8C7748-E740-43E2-B048-44A86F3BBBBB.tmp
10/3/2005 7:46:58 PM H 1468862 C:\WINDOWS\Temp\CS200DCF6B-37AB-4BAF-94A6-22F20BEAC6E2.tmp
10/3/2005 7:43:48 PM H 71162 C:\WINDOWS\Temp\CS2368C7FB-23C0-4AD4-B297-1F5D8E810DC8.tmp
10/3/2005 7:46:54 PM H 100 C:\WINDOWS\Temp\CS245F5510-6AF3-45C0-B5F6-F69737970DED.tmp
10/3/2005 7:43:48 PM H 108598 C:\WINDOWS\Temp\CS27209024-EC14-48E7-8D47-24590B982A0B.tmp
10/3/2005 7:46:54 PM H 120 C:\WINDOWS\Temp\CS2759BFE9-A384-4E96-970D-AEC775562B58.tmp
10/3/2005 7:43:48 PM H 929272 C:\WINDOWS\Temp\CS28DE11F1-E8C0-4FC4-B3DD-62E3EE40FEFC.tmp
10/3/2005 7:43:46 PM H 0 C:\WINDOWS\Temp\CS28F0A3C5-9C6E-4134-B63F-2DC4E8EAA695.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS29034D1D-E619-4B1D-8025-57EE20896115.tmp
10/3/2005 7:43:46 PM H 0 C:\WINDOWS\Temp\CS29D7A2B7-553E-4719-A8FA-B42000D6DDD4.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS2A4BC839-7222-475E-8323-8BE8E6B17DB6.tmp
10/3/2005 7:43:48 PM H 369 C:\WINDOWS\Temp\CS2C0107BD-6346-4ED4-8320-9F514C19C0C0.tmp
10/3/2005 7:46:54 PM H 600 C:\WINDOWS\Temp\CS3C2F7F9E-2529-4AD5-9830-732D6E71994A.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS3CA82928-5E94-485F-BC92-26B326B6566E.tmp
10/3/2005 7:46:54 PM H 826 C:\WINDOWS\Temp\CS3CE2CD68-8628-4CE5-9AB5-4CB7B05880B4.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS3F3E5AF6-0D4E-49D1-A4E3-A08658B89C66.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS41710A5D-36C0-4240-9624-3423E7C8E908.tmp
10/3/2005 7:46:54 PM H 102 C:\WINDOWS\Temp\CS43AC8174-12D8-457D-BD93-73DCDF87B53A.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS440815A3-DE73-49B3-9597-3C91A44989BF.tmp
10/3/2005 7:46:54 PM H 510 C:\WINDOWS\Temp\CS453413EB-602E-4590-A9E1-1C4F44117694.tmp
10/3/2005 7:46:54 PM H 48 C:\WINDOWS\Temp\CS46D16309-51A6-494F-86A6-6642221FD52F.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS48E02C24-B968-413D-91F4-A9366D8C6FEE.tmp
10/3/2005 7:46:54 PM H 574 C:\WINDOWS\Temp\CS49AFA33D-22C4-475B-B4B3-252F543BD81B.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS4E782CF7-7EFD-42FC-887C-1CEC54EC8C14.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS4F5F17EC-4CEF-4654-A920-F17DD9C99F07.tmp
10/3/2005 7:43:48 PM H 3429 C:\WINDOWS\Temp\CS5054167E-737E-4118-83B8-6B8E3388A57E.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS50FFCBC2-2786-4157-869C-C2EEAD0352ED.tmp
10/3/2005 7:46:54 PM H 68 C:\WINDOWS\Temp\CS544AA950-6269-41FF-BB75-2B1FED5A3CAD.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS5EEF6415-0AD2-4D15-B1BF-646D67835F37.tmp
10/3/2005 7:46:54 PM H 506 C:\WINDOWS\Temp\CS5F9DDAB2-AAE1-4B1A-9749-C17C8ECFAC5C.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS64216693-DA7D-4D0F-81D1-82427F59ED86.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS6625877F-BCA1-4618-A677-9EC01370897E.tmp
10/3/2005 7:46:54 PM H 454 C:\WINDOWS\Temp\CS671C0129-8C65-437A-8A1B-0EA37A49C91D.tmp
10/3/2005 7:46:54 PM H 656 C:\WINDOWS\Temp\CS69081B2F-1DF9-488C-9F99-02E28DF31256.tmp
10/3/2005 7:43:48 PM H 569404 C:\WINDOWS\Temp\CS6D046EA4-189C-40EF-BDBE-239BC9A0DE11.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS6E705F93-6A03-496A-90BC-AC179490D65C.tmp
10/3/2005 7:46:54 PM H 438 C:\WINDOWS\Temp\CS733BD32F-4CCE-47B9-98AE-210116222FFF.tmp
10/3/2005 7:46:54 PM H 750 C:\WINDOWS\Temp\CS739378A6-3998-4463-9388-D0AB13B09C2D.tmp
10/3/2005 7:43:48 PM H 7166 C:\WINDOWS\Temp\CS73C3B5C0-0534-4FDA-A465-A5D12F5F38AA.tmp
10/3/2005 7:46:54 PM H 50 C:\WINDOWS\Temp\CS74941B3B-3107-4510-A80B-E93DE88A21C4.tmp
10/3/2005 7:43:48 PM H 748 C:\WINDOWS\Temp\CS7554FA56-FAE5-4CD3-8610-782446B410ED.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS769B8E77-D0E8-4E9B-92B9-78D4CBB8C905.tmp
10/3/2005 7:43:48 PM H 240 C:\WINDOWS\Temp\CS7792057A-6808-483E-B3BC-868C1BABC57B.tmp
10/3/2005 7:46:54 PM H 100 C:\WINDOWS\Temp\CS77AAFF23-13EA-4490-96E5-59089842AEE6.tmp
10/3/2005 7:43:48 PM H 42114 C:\WINDOWS\Temp\CS79D15A6E-927C-4455-BF22-719047D59505.tmp
10/3/2005 7:46:54 PM H 48 C:\WINDOWS\Temp\CS81D40738-5F0D-4C5A-816B-8C8F137CA50D.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS85B6D640-39F5-4B97-8CEA-DD2F9A376589.tmp
10/3/2005 7:43:48 PM H 1323504 C:\WINDOWS\Temp\CS87999362-7C07-4BC9-9C22-AA3ADA0AAC3C.tmp
10/3/2005 7:46:54 PM H 114 C:\WINDOWS\Temp\CS8C808C8C-7D25-4B48-9B5D-E11716A801EC.tmp
10/3/2005 7:46:54 PM H 196 C:\WINDOWS\Temp\CS901D74D2-5D76-45F2-970B-33BB43F34256.tmp
10/3/2005 7:43:48 PM H 0 C:\WINDOWS\Temp\CS93FF53D9-AC46-405C-8005-052EE67EE35A.tmp
10/3/2005 7:46:54 PM H 522 C:\WINDOWS\Temp\CS97E07851-2840-4139-9800-D61AA43F1EEB.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CS9DC9DC99-928F-4E0E-91B8-99DB9E93EDEC.tmp
10/3/2005 7:43:48 PM H 30 C:\WINDOWS\Temp\CS9DEE842B-249C-4900-AABC-292AC222C715.tmp
10/3/2005 7:43:48 PM H 2323146 C:\WINDOWS\Temp\CS9EE2DAA0-86A8-40FE-A3BB-C1199AED163F.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CSA1181A28-BAEF-44E1-A234-287ABB27FC7D.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CSA3503797-562F-4E32-8421-05266A7FFF7C.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CSA5084C19-5E70-49A6-A2DA-786251F518B4.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CSA853B5B4-6A99-4442-8686-BD6614D710F8.tmp
10/3/2005 7:46:58 PM H 1796504 C:\WINDOWS\Temp\CSAAF4BB94-7A8B-4A60-A823-D5AB96ED996C.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CSAD5458B7-D83D-4456-B72A-B8628F42AAC4.tmp
10/3/2005 7:46:54 PM H 430 C:\WINDOWS\Temp\CSAE58C8CF-80A3-4ADD-A82A-52F8ED33F878.tmp
10/3/2005 7:46:58 PM H 397872 C:\WINDOWS\Temp\CSAEF7952A-DB48-4417-ACED-BBF5489D504D.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CSB0D4D456-236F-49FA-B42F-54E727CA395B.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CSB1AB99B6-6292-49DC-90FA-8975609D55B8.tmp
10/3/2005 7:43:48 PM H 160 C:\WINDOWS\Temp\CSB5AC2B8E-5ADF-4937-BB04-BE72FA9BA67C.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CSB6D87A1A-FBAC-4163-8D2F-1AD88C1FCC41.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CSBD07ECAE-440B-4E31-9A94-3059293FD086.tmp
10/3/2005 7:43:48 PM H 1105702 C:\WINDOWS\Temp\CSCADF70C5-C3DF-4CA7-975B-BFFD2927D945.tmp
10/3/2005 7:46:54 PM H 162 C:\WINDOWS\Temp\CSCB2A9F34-E966-4016-BB3E-49B344DCB1C2.tmp
10/3/2005 7:46:54 PM H 120 C:\WINDOWS\Temp\CSD297F5B8-E23F-4940-A7DD-5156D9514959.tmp
10/3/2005 7:43:48 PM H 204 C:\WINDOWS\Temp\CSD2B0270C-614E-490F-B07A-5CC9B20E7737.tmp
10/3/2005 7:46:54 PM H 136 C:\WINDOWS\Temp\CSD529DF31-CD67-4C75-B47B-3AE1F9B537CC.tmp
10/3/2005 7:43:48 PM H 23820 C:\WINDOWS\Temp\CSD536A4A0-1B8D-44C4-80FC-6AEC458AB883.tmp
10/3/2005 7:46:54 PM H 118 C:\WINDOWS\Temp\CSD5EA58D6-C474-4B77-AB81-0BD9A90973D8.tmp
10/3/2005 7:43:48 PM H 32 C:\WINDOWS\Temp\CSD7457C4D-1A60-469E-953D-65E39E71C6E6.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CSDB9D45C4-0E58-4F58-AF8D-5A26E6C5EB29.tmp
10/3/2005 7:43:48 PM H 5464 C:\WINDOWS\Temp\CSDD8FAC98-81AC-47A3-A276-C838D6074B3A.tmp
10/3/2005 7:46:54 PM H 42 C:\WINDOWS\Temp\CSDEDCDB1B-F9E1-4692-9AE9-E1E211C809D6.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CSE0DFCDDA-2439-4597-B932-8E330559A1B7.tmp
10/3/2005 7:46:54 PM H 100 C:\WINDOWS\Temp\CSE12091B1-46A9-412E-927F-0A1142AB3F1A.tmp
10/3/2005 7:46:54 PM H 124 C:\WINDOWS\Temp\CSE4A0BFED-F7BD-4476-A29D-3773583B37FE.tmp
10/3/2005 7:43:48 PM H 38434 C:\WINDOWS\Temp\CSE56C1D7B-1160-4516-A975-7B8F3BFDE670.tmp
10/3/2005 7:46:54 PM H 414 C:\WINDOWS\Temp\CSEA8A53EF-C7E2-4ACD-8A2B-9511600904F8.tmp
10/3/2005 7:46:54 PM H 414 C:\WINDOWS\Temp\CSEAFFE758-7537-4F9A-AE49-C307A4EAA411.tmp
10/3/2005 7:43:48 PM H 0 C:\WINDOWS\Temp\CSF23CFF62-2E4A-4B96-BC61-B42A1C5C8079.tmp
10/3/2005 7:46:54 PM H 630 C:\WINDOWS\Temp\CSF2C02585-910A-4AF6-BF06-00C0C6E4AE4A.tmp
10/3/2005 7:46:58 PM H 81280 C:\WINDOWS\Temp\CSF616CD79-23D7-43C9-B49A-6C6570C15307.tmp
10/3/2005 7:46:54 PM H 14 C:\WINDOWS\Temp\CSF665E3DF-F238-40E0-A6D8-9DECA4BA6D56.tmp
10/3/2005 7:43:48 PM H 140 C:\WINDOWS\Temp\CSFDF24200-2A74-4B7B-BD19-EB604BBA4F85.tmp
10/3/2005 7:46:54 PM H 10 C:\WINDOWS\Temp\CSFE2F4DDD-192F-4DBC-8624-5BC68740F1BE.tmp
Checking for CPL files...
Microsoft Corporation 8/4/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\ACCESS.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 549888 C:\WINDOWS\SYSTEM32\APPWIZ.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 110592 C:\WINDOWS\SYSTEM32\BTHPROPS.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 135168 C:\WINDOWS\SYSTEM32\DESK.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 80384 C:\WINDOWS\SYSTEM32\FIREWALL.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 155136 C:\WINDOWS\SYSTEM32\HDWWIZ.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 358400 C:\WINDOWS\SYSTEM32\INETCPL.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 129536 C:\WINDOWS\SYSTEM32\INTL.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 380416 C:\WINDOWS\SYSTEM32\IRPROPS.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\JOY.CPL
Sun Microsystems 11/19/2003 7:48:12 PM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 618496 C:\WINDOWS\SYSTEM32\MMSYS.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 25600 C:\WINDOWS\SYSTEM32\NETSETUP.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 257024 C:\WINDOWS\SYSTEM32\NUSRMGR.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 36864 C:\WINDOWS\SYSTEM32\NWC.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 32768 C:\WINDOWS\SYSTEM32\ODBCCP32.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 114688 C:\WINDOWS\SYSTEM32\POWERCFG.CPL
SigmaTel Inc. 7/20/2004 11:14:06 AM 102481 C:\WINDOWS\SYSTEM32\stac97.cpl
12/29/2002 1:14:38 AM 81920 C:\WINDOWS\SYSTEM32\Startup.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 298496 C:\WINDOWS\SYSTEM32\SYSDM.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 94208 C:\WINDOWS\SYSTEM32\TIMEDATE.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 148480 C:\WINDOWS\SYSTEM32\WSCUI.CPL
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
6/18/2005 3:58:50 PM 890 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
8/11/2004 6:15:06 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/11/2004 6:07:12 PM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
Checking files in %USERPROFILE%\Startup folder...
8/11/2004 6:15:06 PM HS 84 C:\Documents and Settings\DONIHUE\Start Menu\Programs\Startup\DESKTOP.INI
Checking files in %USERPROFILE%\Application Data folder...
8/11/2004 6:07:12 PM HS 62 C:\Documents and Settings\DONIHUE\Application Data\DESKTOP.INI
9/25/2005 3:40:00 PM 1584 C:\Documents and Settings\DONIHUE\Application Data\wklnhst.dat
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IMMenuShellExt
{F8984111-38B6-11D5-8725-0050DA2761C4} = C:\PROGRA~1\INCRED~1\bin\ImShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{6F480F82-C3A6-4D35-96F7-B297AD49FBE8}
Copernic Agent Results = C:\Program Files\Copernic Agent\CopernicAgentExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}
Copernic Agent = C:\Program Files\Copernic Agent\CopernicAgentExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} = Copernic Agent : C:\Program Files\Copernic Agent\CopernicAgentExt.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} = Copernic Agent : C:\Program Files\Copernic Agent\CopernicAgentExt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
IntelWireless C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
DVDLauncher "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
dla C:\WINDOWS\system32\dla\tfswctrl.exe
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
MMTray C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IncrediMail C:\Program Files\IncrediMail\bin\IncMail.exe /c
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~4\Office10\OSA.EXE -b -l
item Microsoft Office
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MMTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mm_tray
hkey HKLM
command C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mm_tray
hkey HKLM
command C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MoneyAgent
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mnyexpr
hkey HKCU
command "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mnyexpr
hkey HKCU
command "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key c·̀ë‚yêáè¾?©Û8e
Hint dogcode
FileName0 C:\WINDOWS\system32\RSACi.rat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 1
PleaseMom 0
Enabled 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\
http://www.rsac.org/ratingsv01.html l 2
n 3
s 3
v 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
NumSys 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
NoDispAppearancePage 0
NoDispBackgroundPage 0
DisableTaskMgr 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/10/2005 5:55:53 PM
AboutBusterScanned at: 6:54:40 PM on: 10/10/2005
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
HJT logLogfile of HijackThis v1.99.1
Scan saved at 7:04:32 PM, on 10/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe "Why is this still here? Problem?"C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DONIHUE\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybizO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1106082410672O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\DONIHUE\My Documents\Computer tools\CWShredder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe