[Solved]Extremely slow; HJT log

BostonBoy1019 · July 2006

Hey guys, I have found myself running into some trouble with my computer. For a while the internet would not work and now my computer just seems to be going real slow with online speeds less than dial up (I have DSL). The slowness problems are not limited to online as my whole computer takes a long time to do anything whether it is write a paper for school or open a game of hearts. This has gone on for a good 2 to 3 months and I finally remembered what good friends I have at Short-Media because you guys always find a way to come through! Thanks for everything!

PS. I included a HJT log too incase you wanted it. My Nortons scans turn up clean and Ad-Aware runs every couple days.

BostonBoy1019 · July 2006

Sorry...i forgot to include the scan log
Logfile of HijackThis v1.99.1
Scan saved at 6:38:48 PM, on 7/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Frank\Desktop\Download\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.minorleaguebaseball.com/app/index.jsp?cid=milb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C5E3147690AF75760EA83FA5EF80752B94E3D87C587546203EC1 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Frank\Desktop\Download\Ares\Ares.exe" -h
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144795608984
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BostonBoy1019 · August 2006

Just a bump so you guys don't forget about me

Trogan · August 2006

Hi BostonBoy1019,

I would like to see another log from HijackThis.

Run Hijackthis.
Click on Open the Misc Tools section.
Next click on Open uninstall manager.
Press the Save list button. It will open a Notepad file.
Copy & Paste the entire contents of that file in your in your next post.

Also post a new HijackThis log.

BostonBoy1019 · August 2006

Here's the save list file thingy...
56Kbps Internal Modem
Ad-Aware SE Personal
Adobe Acrobat 5.0
AnyDVD
AOL Instant Messenger
Ares 1.9.0
AVIcodec (remove only)
Baseball Mogul 2007
BigFix
BitLord 1.1
ccCommon
DivX
DVD X Rescue
DVDXCopy Platinum 3.2.1
Easy CD Creator 5 Basic
ESPN RunTime
fifa02 Screen Saver
Google Earth Pro
HijackThis 1.99.1
ICQ
InterActual Player
Internet Worm Protection
Java 2 Runtime Environment Standard Edition v1.3.1_02
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
middle_man
MLB.com Shuffle (remove only)
MSN Music Assistant
Multimedia Keyboard Driver Ver1.0 (KB-0108)
NAVShortcut
NETGEAR MA111v2 802.11b Wireless USB Adapter
Netscape 6 (6.2.1)
NFL Head Coach
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
PowerDVD
ProSavageDDR and Utilities
QuickTime
RealPlayer
Realtek AC'97 Audio
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
Roxio Easy Media Creator 7.5 Trial
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
SPBBC
Symantec
The Core Media Player 4.0
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Verizon Online
Viewpoint Media Player
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
XviD 1.1 final uninstall

Here's the new HJT log...
Logfile of HijackThis v1.99.1
Scan saved at 10:51:48 PM, on 8/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\aim\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Frank\Desktop\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.minorleaguebaseball.com/app/index.jsp?cid=milb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C5E3147690AF75760EA83FA5EF80752B94E3D87C587546203EC1 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Frank\Desktop\Download\Ares\Ares.exe" -h
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144795608984
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Trogan · August 2006

Can you do the following...

Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:

Ares 1.9.0 << OPTIONAL
BitLord 1.1 << OPTIONAL
Viewpoint Media Player
Java 2 Runtime Environment Standard Edition v1.3.1_02

Then...

Go here
Scroll down to Java Runtime Environment (JRE) 5.0 Update 7 and click on the Download button
Seelct the "Accept" option for the license agreement
Click on Windows Online Installation (typical download size is ~7.1MB), Multi-language and download it to your Desktop. You may need to click on the link once more after accepting the license agreement
Open the Java file on your Desktop and follow the instructions until Java has fully been installed.

Once Java has been installed, continue below:

Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C5E3147690AF75760EA83FA5EF80752B94E3 D87C587546203EC1 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll (file missing)

- Close ALL open windows (especially Internet Explorer!)
Click Fix Checked

Find and delete the following folder:

C:\program files\seekmo << this folder

=====

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu

=====

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

Install Ewido by double clicking the installer.
Follow the prompts. Make sure that Launch Ewido is checked.
On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
  Note: If the Update now option is grayed out, follow the steps below.
  - Click on Update on the toolbar.
  - Under Manual update, click on the Start Update button.
  - Wait until you see the Update succesfull message.
Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.

Click on Scanner on the toolbar.
Click on the Settings tab.
- Under How to act?
  - Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
  - All checkboxes should be ticked.
- Under Possibly unwanted software:
  - All checkboxes should be ticked.
- Under Reports:
  - Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
  - Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
When done, click the Save Scan Report button.
- Click the Save Report as button.
- Save the report to your Desktop.
Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

Reboot back into Normal Mode, and run this online scan:

Panda ActiveScan

- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Please post the following:

Ewido Log
Panda Report
New HijackThis
New Uninstall List

Trogan · August 2006

Hi BostonBoy1019,

I'm going away for a week and will not be able to post until I get back. I'l be able to help you when I get back.

BostonBoy1019 · August 2006

I had a couple problems when I tried to do what you said. #1...I couldn't find the C:\program files\seekmo which you told me to delete...I searched for it too and it wasn't there. #2...I had to run the Ewido scan in normal mode because in safe mode, I couldn't see the whole screen of it and so I couldn't check off the boxes that I needed to. I hope that doesn't cause any problems. Anyways...here's the logs you asked for...thanks again!

Ewido-

ewido anti-spyware - Scan Report

+ Created at: 9:56:48 AM 8/2/2006

+ Scan result:

HKU\S-1-5-21-3671180217-1141420128-3686876213-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Downloads\MLBcomShuffleSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@lsfnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@sportingnews.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@ads15.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Frank\Cookies\frank@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).

::Report end

Pandasoft Activescan-

Incident Status Location

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Frank\Cookies\frank@apmebf[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Frank\Cookies\frank@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Frank\Cookies\frank@belnk[1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Frank\Cookies\frank@cdfreaks[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Frank\Cookies\frank@club.cdfreaks[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Frank\Cookies\frank@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Frank\Cookies\frank@go[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Frank\Cookies\frank@go[4].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Frank\Cookies\frank@go[7].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Frank\Cookies\frank@go[8].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Frank\Cookies\frank@maxserving[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Frank\Cookies\frank@realmedia[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Frank\Cookies\frank@tickle[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Frank\Cookies\frank@tucows[1].txt
Uninstall List-
56Kbps Internal Modem
Ad-Aware SE Personal
Adobe Acrobat 5.0
AnyDVD
AOL Instant Messenger
AVIcodec (remove only)
Baseball Mogul 2007
BigFix
BitLord 1.1
ccCommon
DivX
DVD X Rescue
DVDXCopy Platinum 3.2.1
Easy CD Creator 5 Basic
ESPN RunTime
ewido anti-spyware 4.0
fifa02 Screen Saver
Google Earth Pro
HijackThis 1.99.1
ICQ
InterActual Player
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 7
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
middle_man
MSN Music Assistant
Multimedia Keyboard Driver Ver1.0 (KB-0108)
NAVShortcut
NETGEAR MA111v2 802.11b Wireless USB Adapter
Netscape 6 (6.2.1)
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
Panda ActiveScan
PowerDVD
ProSavageDDR and Utilities
QuickTime
RealPlayer
Realtek AC'97 Audio
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
Roxio Easy Media Creator 7.5 Trial
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
SPBBC
Symantec
The Core Media Player 4.0
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Verizon Online
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
XviD 1.1 final uninstall

HJT Log-
Logfile of HijackThis v1.99.1
Scan saved at 10:45:36 AM, on 8/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Documents and Settings\Frank\Desktop\Download\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\aim\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Frank\Desktop\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.minorleaguebaseball.com/app/index.jsp?cid=milb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Frank\Desktop\Download\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Frank\Desktop\Download\Ares\Ares.exe" -h
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144795608984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Documents and Settings\Frank\Desktop\Download\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks again for everything...enjoy your time off!

Trogan · August 2006

Hi, I'm back!

Your logs look clean to me. Are you still having problems?

BostonBoy1019 · August 2006

yes...I don't know quite what the problem is, but everything is running slow for some reason. There are some good times where things go as expected, but for the most part things take a while to load. I had this problem a while ago (late winter/spring time) and I reformatted my computer, but that didn't really make an improvement. I guess I'm about out of your jurisdiction now though. Thanks again for everything!

Trogan · August 2006

What are your computer specs?

I see you have Norton AvtiVirus 2006. I'm betting this is one of the main reasons why your computer is slowing down. Try this please:

- Go to Start > Run > type: msconfig
- Go to the Startup tab
- Expand the Command line so you can see what each entry is
- Uncheck everything to do with Norton (it will be ccApp and others similar to it, just read the command lines)
- Click Apply and OK to reboot
- Do 2-3 reboots afterwards

Let me know if that improves things or not.

BostonBoy1019 · August 2006

I did that and I restarted. When it restarted a message popped up from System Configuration. It said...
"You have used the System Configuration Utlility to make changes to the way Windows starts.

The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.

Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility."
Then there is a box that I can check that says "Don't show this message or launch the System Configuration Utility when Windows starts."
I don't know what to do (yea, I may be this stupid with computers sorry). Anyways, it is my 1st restart and I haven't restarted since because I didn't want to press anything on that box. Thanks for your help!

Trogan · August 2006

Sorry, I forgot to mention about that message. Its normal, just check the box and press OK. Do another reboot or two. Make sure you did uncheck ALL the Norton entries.

Let me know your system specs? When was the last time you did a Disk Defrag?

BostonBoy1019 · August 2006

I restarted twice more. I only saw 1 Norton entry on the list. How do I give you my system specs? I last did a disk defrag about 2 weeks ago. Is my computer still protected without Nortons? Thanks for everything again!

Trogan · August 2006

Right-click My Computer and go to Properties. Tell me whats written towards the bottom under the long list of numbers.

Have you noticed any speed increase with Norton disabled? You can enable it now.

BostonBoy1019 · August 2006

System:
Microsoft Windows XP
Home Edition
Version 2002
Service Pack 2

Registered to:
Frank
55277-xxx-xxxxxxxx-xxxxxx

Manufactured and supported by:
eMachines
T2625
AMD Athlon(tm)XP 2600+
2.12 GHz, 480 MB of RAM

Things have gone a little faster since disabling Nortons, but there are still some slow moments. It no longer takes 2+ minutes to restart though. Thanks!

BostonBoy1019 · August 2006

things definately seem to be going much faster. Thanks a million!

Trogan · August 2006

Sorry for the delay; was away for the weekend.

Glad things are running faster. Have you enabled Norton on startup again? What do you think made things faster?

I suggest you ditch Norton and go for a Free Anti-Virus, which is better. Let me know if you do.

BostonBoy1019 · August 2006

I haven't started Norton's back up yet...I was kind of wondering if that made it slow. I wouldn't know what free program to switch to if I ditched Nortons too...I am really pretty clueless when it comes to these things. I really just use my computer for school and baseball stuff. I was just wondering what "realsched," "jusched," "AluSchedulerSvc" and "FahCore_78" were. I dont really remember seeing any of them before with the exception of "realsched." Maybe I'm just oblivious (likely). They are processes that are running. I know before I used to have alot of unnecessary processes that were running that really slowed up my computer. A friend ended the processes once, but it was all lost when I restarted. Also, IE froze up today for the 1st time since our changes and the computer skipped and ran slowly for about 10 minutes afterwards. I'm assuming its an isolated incident?

Trogan · August 2006

First, here's a list of Free and excellent Anti-Virus protection.

AVG Free Edition << I recommend this
AntiVir
avast! 4 Home Edition

Make sure you uninstall Norton completely. Having two Anti-Virus protection is NOT a good idea at all.

The programs you mentioned are safe:
Realsched belongs to RealOne Player
jusched belongs to Java
ALUSchedulerSvc belongs to Symantec LiveUpdate
FahCore_78 belongs to Folding@Home

And about IE freezing, its probably one of those random things. Have you tried Firefox before?

Also, you can safely disable programs on startup, just like you did for Norton. You'll be amazed how fast your computer boots up.

Let me know what you decide to do.

BostonBoy1019 · August 2006

I am currently DLing the AVG program. Is it really better than Nortons? A couple friends are real skeptical. Also, AIM froze up on me today. The freezing up seems to come after long periods of inactivity. Maybe thats just coincidence though? I am about to delete Nortons now...is it ok to have Ewido, Ad-Aware and AVG all together? Thanks again for everything...you're the best! Go United!

Trogan · August 2006

I used to use Norton over two years ago, now I use AVG. Here's a thread on AVG which is a good read.

With what you listed, make sure have a Firewall. Some Free ones listed below.

Zone Alarm << I recommend this
Sunbelt Kerio PF
Outpost Firewall

And download Spybot Search & Destroy 1.4.

After doing the above, run this online scan please:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

[*]Click OK
[*]Now under select a target to scan:

SelectMy Computer

[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

[*]Save the file to your desktop.

Post the Kaspersky log, along with a new HijackThis log.

BostonBoy1019 · August 2006

Here's the Kapersky log...

KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 15, 2006 8:32:19 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 15/08/2006
Kaspersky Anti-Virus database records: 215381

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 63614
Number of viruses found: 3
Number of infected objects: 6 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:51:50

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-08-15_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Frank\Application Data\Aim\wuktwszw\myette39\cert8.db Object is locked skipped
C:\Documents and Settings\Frank\Application Data\Aim\wuktwszw\myette39\key3.db Object is locked skipped
C:\Documents and Settings\Frank\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Frank\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Frank\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Frank\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Frank\Local Settings\History\History.IE5\MSHist012006081520060816\index.dat Object is locked skipped
C:\Documents and Settings\Frank\Local Settings\Temp\ZLT02f47.TMP Object is locked skipped
C:\Documents and Settings\Frank\Local Settings\Temp\ZLT02f4a.TMP Object is locked skipped
C:\Documents and Settings\Frank\Local Settings\Temp\~DFD3C6.tmp Object is locked skipped
C:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Frank\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Frank\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A4C4F8D3-6D77-44E2-BE28-2FF83291E877}\RP280\A0019944.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{A4C4F8D3-6D77-44E2-BE28-2FF83291E877}\RP292\A0020206.dll Infected: not-a-virus:AdWare.Win32.180Solutions.au skipped
C:\System Volume Information\_restore{A4C4F8D3-6D77-44E2-BE28-2FF83291E877}\RP292\A0020208.exe/stream/data0001 Infected: Trojan.Win32.VB.ami skipped
C:\System Volume Information\_restore{A4C4F8D3-6D77-44E2-BE28-2FF83291E877}\RP292\A0020208.exe/stream Infected: Trojan.Win32.VB.ami skipped
C:\System Volume Information\_restore{A4C4F8D3-6D77-44E2-BE28-2FF83291E877}\RP292\A0020208.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{A4C4F8D3-6D77-44E2-BE28-2FF83291E877}\RP292\A0020208.exe CryptFF: infected - 2 skipped
C:\System Volume Information\_restore{A4C4F8D3-6D77-44E2-BE28-2FF83291E877}\RP292\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Folding\FAHlog.txt Object is locked skipped
C:\WINDOWS\Folding\FAHlog2.txt Object is locked skipped
C:\WINDOWS\Folding\work\logfile_05.txt Object is locked skipped
C:\WINDOWS\Folding\work\logfile_06.txt Object is locked skipped
C:\WINDOWS\Folding\work\wudata_06.inp Object is locked skipped
C:\WINDOWS\Folding\work\wudata_06.nfo Object is locked skipped
C:\WINDOWS\Folding\work\wudata_06.out Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\YOUR-UZMPKXFW5Y.ldb Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd9901.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Here's the HJT log...
Logfile of HijackThis v1.99.1
Scan saved at 8:35:13 PM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Documents and Settings\Frank\Desktop\Download\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\aim\aim.exe
C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Documents and Settings\Frank\Desktop\Download\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Folding\FAH504-Console.exe
C:\WINDOWS\Folding\FahCore_82.exe
C:\WINDOWS\Folding\FahCore_82.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\DOWNLO~1\ZONEAL~1\zlclient.exe
C:\Documents and Settings\Frank\Desktop\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.minorleaguebaseball.com/app/index.jsp?cid=milb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Frank\Desktop\Download\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Downloads\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144795608984
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Documents and Settings\Frank\Desktop\Download\ewido anti-spyware 4.0\guard.exe
O23 - Service: [email]FAH@C:+WINDOWS+Folding+FAH504-Console.exe[/email] - Stanford University - C:\WINDOWS\Folding\FAH504-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks for the help!

Trogan · August 2006

The Kaspersky log is clean, just some items in System Restore which we will clean in a minute.

How is the computer behaving now?

Here are some measures you can take to stay more secure online:

Secure your Internet Explorer by going here and following the instructions there.

Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera.

Use a firewall to help prevent your PC(s) from being usurped by undesireables. If you don't have a Firewall, then choose one from the list here

Install an Anti-Virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often. If you don't have an Anti-Virus program, choose one from the list here

Install and keep updated, Ad-Aware SE and Spybot Search & Destroy.
Run them both on a regular basis, following the manufacturer's recommendations.

Install and keep updated, SpywareBlaster and SpywareGuard

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.

Clear your Temp folders.
Go to Start > Control Panel > Internet Options.
Under the General tab click the Delete Files... button; check the Delete all offline content box and press OK. Next, click the Delete Cookies... button and press OK

Go to "Start" -> "Run" and type in the box: "cleanmgr" press OK. Select the drive where your Operating System is installed (Default is C:) and press OK. Let Disk Cleanup scan your system for files to remove (it takes a few minutes!). On the next screen make sure these 3 options are checked

Temporary Files
Temporary Internet Files
Recycle Bin

and then press "OK" to remove:

Go to Start > Find/Search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Empty/delete the entire contents from within the following folders:
C:\Windows\temp
C:\temp <-- if you have one.
Note: Empty the contents but do not delete the folder(s).

Clear out temp files from the following location. Change "username" to whatever you have on your computer.
C:\Documents and Settings\username\Local Settings\Temp\
In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Empty the Recycle Bin!

Hide system files
It is very important that system files and folders are hidden again, so that they DO NOT get deleted by mistake. To hide system files and folders, do the following for your operating system...

Windows XP
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading, uncheck Do not show hidden files and folders
* Check the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

For XP users.
It's a good idea to Flush your System Restore points after ridding yourself of malware: You can clean this by doing the following:

Click Start | Help and Support | Undo changes to your computer with System Restore.
Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
Close the Help and Support Center box.
Click Start | Run and type Cleanmgr
Select (C:) then click OK.
Click the More Options tab.
Click Clean Up in the System Restore Section.

This will remove all previous restore points except the newly created one.

===============

Let me know how things are, and if we can mark this resolved?

BostonBoy1019 · August 2006

I did what you said. Things have seemingly been running a little slow still. It again seems to be stemming from long periods of inactivity. I have ran spybot, avg, and ewido scans. You have seen my HJT and Kapersky logs. Maybe my computer just stinks? It isn't a consistent slowness, but rather just a sporadic one that takes about 10 minutes to clear up. Also, about Windows updates, I have tried to download them but I keep getting an error that says it won't download. I have the automatic update on, but also tried to do it manually. Thanks for all your help!

Trogan · August 2006

Please do this:

Download WinPFind2.

Open the newly made WinPFind2 folder on your Desktop
Double click winpfind2.exe
Click the Select All button in the File Options box
Click the Run All Scans button
When the scan is done you will see Scans Complete! at the bottom left of the tool
Click the Simple Report button
Notepad will open up with the results of the scan

Copy/paste the results of the WinPFind2 scan here

You may need to split the log over a couple of posts so it doesn't get cut off.

BostonBoy1019 · August 2006

Logfile created on: 08/16/2006 17:29
WinPFind2 by OldTimer - Version 1.0.3 Folder = C:\Documents and Settings\Frank\Desktop\winpfind2\WinPFind2\
Microsoft Windows XP (Version = Service Pack 2)
Internet Explorer (Version - 6.0.2900.2180)

[Start Post #1]

Processes
Image Name

ProcessID--Thread Count--Parent ID--Base Priority--
#Full Path
##(Version Info)

aim.exe

001696

0013

001480

Normal

#c:\program files\aim\aim.exe
##(America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Date = 08/05/2005 16:08 | Attr = ])

alg.exe

000452

0006

000888

Normal

#c:\windows\system32\alg.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Date = 08/04/2004 03:56 | Attr = ])

aluschedulersvc.exe

000224

0004

000888

Normal

#c:\program files\symantec\liveupdate\aluschedulersvc.exe
##(Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Date = 05/15/2006 18:24 | Attr = ])

avgamsvr.exe

000268

0009

000888

Normal

#c:\progra~1\grisoft\avgfre~1\avgamsvr.exe
##(GRISOFT, s.r.o. [Ver = 7,1,0,365 | Size = 336896 bytes | Date = 08/14/2006 23:52 | Attr = ])

avgcc.exe

001144

0009

001480

Normal

#c:\progra~1\grisoft\avgfre~1\avgcc.exe
##(GRISOFT, s.r.o. [Ver = 7,1,0,405 | Size = 369664 bytes | Date = 08/14/2006 23:52 | Attr = ])

avgemc.exe

000328

0010

000888

Normal

#c:\progra~1\grisoft\avgfre~1\avgemc.exe
##(GRISOFT, s.r.o. [Ver = 7,1,0,400 | Size = 281088 bytes | Date = 08/14/2006 23:52 | Attr = ])

avgupsvc.exe

000300

0003

000888

Normal

#c:\progra~1\grisoft\avgfre~1\avgupsvc.exe
##(GRISOFT, s.r.o. [Ver = 7,1,0,349 | Size = 84480 bytes | Date = 08/14/2006 23:52 | Attr = ])

csrss.exe

000816

0013

000768

Normal

#\??\c:\windows\system32\csrss.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6144 bytes | Date = 08/04/2004 03:56 | Attr = ])

digservices.exe

001188

0004

001480

Idle

#c:\program files\espnruntime\digservices.exe
##(Walt Disney Internet Group [Ver = 1.0.0.0016 | Size = 101888 bytes | Date = 10/31/2005 11:18 | Attr = ])

ewido.exe

001164

0013

001480

Normal

#c:\documents and settings\frank\desktop\download\ewido anti-spyware 4.0\ewido.exe
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 6283264 bytes | Date = 06/16/2006 10:39 | Attr = ])

explorer.exe

001480

0016

001452

Normal

#c:\windows\explorer.exe
##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Date = 08/04/2004 03:56 | Attr = ])

fah504-console.exe

000536

0006

000888

Normal

#c:\windows\folding\fah504-console.exe
##(Stanford University [Ver = 5, 0, 4, 0 | Size = 253952 bytes | Date = 08/05/2006 15:24 | Attr = ])

fah504-console.exe

003964

0005

001480

Normal

#c:\windows\folding\fah504-console.exe
##(Stanford University [Ver = 5, 0, 4, 0 | Size = 253952 bytes | Date = 08/05/2006 15:24 | Attr = ])

fahcore_82.exe

003512

0002

003964

Idle

#c:\windows\folding\fahcore_82.exe
##( [Ver = | Size = 1683456 bytes | Date = 08/05/2006 15:22 | Attr = ])

fahcore_82.exe

000756

0004

000536

Idle

#c:\windows\folding\fahcore_82.exe
##( [Ver = | Size = 1683456 bytes | Date = 08/05/2006 15:22 | Attr = ])

guard.exe

000456

0008

000888

Normal

#c:\documents and settings\frank\desktop\download\ewido anti-spyware 4.0\guard.exe
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Date = 06/16/2006 10:38 | Attr = ])

iexplore.exe

002148

0018

001480

Normal

#c:\program files\internet explorer\iexplore.exe
##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Date = 08/04/2004 03:56 | Attr = ])

iexplore.exe

003532

0018

001480

Normal

#c:\program files\internet explorer\iexplore.exe
##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Date = 08/04/2004 03:56 | Attr = ])

lsass.exe

000900

0020

000840

Normal

#c:\windows\system32\lsass.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Date = 08/04/2004 03:56 | Attr = ])

ma111v2.exe

001784

0001

001480

Normal

#c:\program files\netgear\ma111v2 usb adapter\ma111v2.exe
##( [Ver = 1, 0, 0, 7 | Size = 421888 bytes | Date = 05/28/2004 17:53 | Attr = ])

mhotkey.exe

000660

0002

001480

Normal

#c:\windows\mhotkey.exe
##(Chicony [Ver = 2, 2, 2, 0 | Size = 477184 bytes | Date = 07/23/2002 14:09 | Attr = ])

msmsgs.exe

001904

0002

001480

Normal

#c:\program files\messenger\msmsgs.exe
##(Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Date = 10/13/2004 12:24 | Attr = ])

s3tray2.exe

000740

0001

001480

Normal

#c:\windows\system32\s3tray2.exe
##(S3 Graphics, Inc. [Ver = 1.00.19-0113 | Size = 69632 bytes | Date = 02/25/2003 05:33 | Attr = ])

services.exe

000888

0017

000840

Normal

#c:\windows\system32\services.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Date = 08/04/2004 03:56 | Attr = ])

smss.exe

000768

0003

000004

Normal

#\systemroot\system32\smss.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Date = 08/04/2004 03:56 | Attr = ])

spoolsv.exe

001996

0011

000888

Normal

#c:\windows\system32\spoolsv.exe
##(Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Date = 06/10/2005 19:53 | Attr = ])

svchost.exe

001060

0016

000888

Normal

#c:\windows\system32\svchost.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

svchost.exe

001268

0006

000888

Normal

#c:\windows\system32\svchost.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

svchost.exe

001108

0010

000888

Normal

#c:\windows\system32\svchost.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

svchost.exe

001172

0069

000888

Normal

#c:\windows\system32\svchost.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

svchost.exe

001400

0015

000888

Normal

#c:\windows\system32\svchost.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

vsmon.exe

001448

0022

000888

Normal

#c:\windows\system32\zonelabs\vsmon.exe
##(Zone Labs, LLC [Ver = 6.5.731.000 | Size = 75768 bytes | Date = 07/09/2006 13:42 | Attr = ])

wdfmgr.exe

000600

0004

000888

Normal

#c:\windows\system32\wdfmgr.exe
##(Microsoft Corporation [Ver = 5.2.3790.1230 built by: dnsrv(bld4act) | Size = 38912 bytes | Date = 01/28/2005 14:44 | Attr = ])

winlogon.exe

000840

0017

000768

High

#\??\c:\windows\system32\winlogon.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Date = 08/04/2004 03:56 | Attr = ])

winpfind2.exe

001560

0001

001480

Normal

#c:\documents and settings\frank\desktop\winpfind2\winpfind2\winpfind2.exe
##(OldTimer Tools [Ver = 1.0.3.0 | Size = 386048 bytes | Date = 08/12/2006 16:23 | Attr = ])

zlclient.exe

001660

0006

001480

Normal

#c:\downloads\zonealarm\zlclient.exe
##(Zone Labs, LLC [Ver = 6.5.731.000 | Size = 968696 bytes | Date = 07/09/2006 13:42 | Attr = ])

Registry Entries

#Value
##(Version Info)

<<< Version Info >>>

WinPFind2 by OldTimer - Version 1.0.3
#
##

Microsoft Windows XP Version = Service Pack 2
#
##

Internet Explorer Version = 6.0.2900.2180
#
##

<<< Internet Explorer Settings >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Page
#http://www.emachines.com
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Search
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#%SystemRoot%\system32\blank.htm
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#http://www.minorleaguebaseball.com/app/index.jsp?cid=milb
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#
##

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable
#0
##

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride
#
##

<<< BHO's >>>

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
#AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
##( [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Date = 04/16/2001 19:39 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
#SSVHelper Class = C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
##(Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 434279 bytes | Date = 05/03/2006 03:14 | Attr = ])

<<< Internet Explorer Bars, Toolbars and Extensions >>>

HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
#Reg Data missing or invalid = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
#&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp_sp2_gdr.060623-0002) | Size = 1494016 bytes | Date = 06/23/2006 07:02 | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
#Real.com = C:\WINDOWS\System32\Shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp_sp2_gdr.060623-0002) | Size = 1494016 bytes | Date = 06/23/2006 07:02 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
#&Address = %SystemRoot%\System32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp_sp2_gdr.060623-0002) | Size = 1022976 bytes | Date = 06/23/2006 07:02 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
#Reg Data missing or invalid = Reg Data missing or invalid
##(File not found)

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
#&Address = %SystemRoot%\System32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp_sp2_gdr.060623-0002) | Size = 1022976 bytes | Date = 06/23/2006 07:02 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
#&Links = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 09:33 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B}
#Reg Data missing or invalid = Reg Data missing or invalid
##(File not found)

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#8201 - Reg Data missing or invalid
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C}
#8200 - Reg Data missing or invalid
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{4B30061A-5B39-11D3-80F8-0090276F843F}
#8192 - Reg Data missing or invalid
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd}
#8193 - Reg Data missing or invalid
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
#8198 - Reg Data missing or invalid
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
#8197 - Reg Data missing or invalid
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
#8195 - Reg Data missing or invalid
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
#8196 - Reg Data missing or invalid
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683}
#8199 - Reg Data missing or invalid
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\NextId
#8202
##

HKCU\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar search
#res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
##(File not found)

HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
#res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
##(Microsoft Corporation [Ver = 11.0.6560 | Size = 10095808 bytes | Date = 05/27/2005 04:06 | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\.spop
# = C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
##(Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Date = 08/01/2001 20:05 | Attr = ])

<<< Approved Shell Extensions (Non-Microsoft only) >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0873D142-79EF-49fa-81B5-211AAC0B0A7F}
#Target Finder Shell Extension = C:\Program Files\Roxio\Easy Media Creator 7\Creator Classic\TargetFinder.dll
##( [Ver = 1, 0, 0, 1 | Size = 172032 bytes | Date = 03/08/2005 20:50 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
#Taskbar and Start Menu = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32683183-48a0-441b-a342-7c2a440a9478}
#Media Band = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42071714-76d4-11d1-8b24-00a0c9068ff3}
#Display Panning CPL Extension = deskpan.dll
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{506F4668-F13E-4AA1-BB04-B43203AB3CC0}
#{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL
##( [Ver = | Size = 785464 bytes | Date = 08/16/2003 07:29 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{516EC4D3-4AD9-11D5-AA6A-00E0189008B3}
#The Core Media Player Shell Extension = C:\DOCUME~1\Frank\Desktop\Download\THECOR~1\System\CORESH~1.CLL
##( [Ver = | Size = 126464 bytes | Date = 09/11/2004 21:47 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E44E225-A408-11CF-B581-008029601108}
#Roxio DragToDisc Shell Extension = C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
##(Sonic Solutions [Ver = 7.5.0.47 | Size = 319488 bytes | Date = 03/08/2005 21:14 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{764BF0E1-F219-11ce-972D-00AA00A14F56}
#Shell extensions for file compression = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A9D77BD-5403-11d2-8785-2E0420524153}
#User Accounts = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
#Encryption Context Menu = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88895560-9AA2-1069-930E-00AA0030EBC8}
#HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll
##(Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 08/29/2002 08:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
#AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7,1,0,354 | Size = 40960 bytes | Date = 08/14/2006 23:52 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}
#AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7,1,0,354 | Size = 40960 bytes | Date = 08/14/2006 23:52 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
#WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 121344 bytes | Date = 11/02/2004 16:57 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D66DC78C-4F61-447F-942B-3FB6980118CF}
#{D66DC78C-4F61-447F-942B-3FB6980118CF} = C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL
##( [Ver = | Size = 785464 bytes | Date = 08/16/2003 07:29 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
#Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll
##(RealNetworks, Inc. [Ver = 1.0.1.2237 | Size = 49198 bytes | Date = 03/04/2006 02:27 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F802F260-519B-11D1-BB5D-0060974C6013}
#ICQ Shell Extension = C:\Program Files\ICQ\ICQShExt.dll
##( [Ver = | Size = 69721 bytes | Date = 11/19/2001 08:55 | Attr = ])

<<< ContextMenuHandlers (Non-Microsoft only) >>>

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
#{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7,1,0,354 | Size = 40960 bytes | Date = 08/14/2006 23:52 | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ewido anti-spyware
#{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Documents and Settings\Frank\Desktop\Download\ewido anti-spyware 4.0\context.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Date = 06/16/2006 10:38 | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 121344 bytes | Date = 11/02/2004 16:57 | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CoreShellAgent
#{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} = C:\DOCUME~1\Frank\Desktop\Download\THECOR~1\System\CORESH~1.CLL
##( [Ver = | Size = 126464 bytes | Date = 09/11/2004 21:47 | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
#{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Documents and Settings\Frank\Desktop\Download\ewido anti-spyware 4.0\context.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Date = 06/16/2006 10:38 | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 121344 bytes | Date = 11/02/2004 16:57 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
#{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7,1,0,354 | Size = 40960 bytes | Date = 08/14/2006 23:52 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 121344 bytes | Date = 11/02/2004 16:57 | Attr = ])

<<< ColumnHandlers (Non-Microsoft only) >>>

<<< Registry Run Keys >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\!ewido
#"C:\Documents and Settings\Frank\Desktop\Download\ewido anti-spyware 4.0\ewido.exe" /minimized
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 6283264 bytes | Date = 06/16/2006 10:39 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AVG7_CC
#C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
##(GRISOFT, s.r.o. [Ver = 7,1,0,405 | Size = 369664 bytes | Date = 08/14/2006 23:52 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CHotkey
#mHotkey.exe
##(Chicony [Ver = 2, 2, 2, 0 | Size = 477184 bytes | Date = 07/23/2002 14:09 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DIGServices
#C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
##(Walt Disney Internet Group [Ver = 1.0.0.0016 | Size = 101888 bytes | Date = 10/31/2005 11:18 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSConfig
#C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 158208 bytes | Date = 08/04/2004 03:56 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task
#"C:\Program Files\QuickTime\qttask.exe" -atboottime
##(Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Date = 04/17/2006 17:23 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\S3TRAY2
#S3tray2.exe
##(S3 Graphics, Inc. [Ver = 1.00.19-0113 | Size = 69632 bytes | Date = 02/25/2003 05:33 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Zone Labs Client
#"C:\Downloads\ZoneAlarm\zlclient.exe"
##(Zone Labs, LLC [Ver = 6.5.731.000 | Size = 968696 bytes | Date = 07/09/2006 13:42 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
#Installed = 1
##

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
#Installed = 1
##

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
#Installed = 1
##

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AIM
#C:\Program Files\aim\aim.exe -cnetwait.odl
##(File not found)

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSMSGS
#"C:\Program Files\Messenger\msmsgs.exe" /background
##(Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Date = 10/13/2004 12:24 | Attr = ])

#
##

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
#C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
##( [Ver = | Size = 84 bytes | Date = 05/13/2003 11:54 | Attr = HS])

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA111 Configuration Utility.lnk
#C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
##( [Ver = 1, 0, 0, 7 | Size = 421888 bytes | Date = 05/28/2004 17:53 | Attr = ])

C:\Documents and Settings\Frank\Start Menu\Programs\Startup\desktop.ini
#C:\Documents and Settings\Frank\Start Menu\Programs\Startup\desktop.ini
##( [Ver = | Size = 84 bytes | Date = 05/13/2003 11:54 | Attr = HS])

<<< Disabled MSConfig Items >>>

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AnyDVD
#AnyDVD = C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
##(File not found)

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ares
#Ares = "C:\Documents and Settings\Frank\Desktop\Download\Ares\Ares.exe" -h
##(File not found)

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ccApp
#ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
##(File not found)

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DAEMON Tools
#daemon = "C:\Documents and Settings\Frank\Desktop\Download\Bit Lord\BitLord\Downloads\DAEMON Tools\daemon.exe" -lang 1033
##(DT Soft Ltd. [Ver = 4.00.0.0 | Size = 128920 bytes | Date = 11/08/2005 18:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DIGStream
#digstream = C:\Program Files\DIGStream\digstream.exe
##(Walt Disney Internet Group [Ver = 2.3.1.0006 | Size = 278528 bytes | Date = 10/31/2005 11:05 | Attr = ])

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\QuickTime Task
#qttask = "C:\Program Files\QuickTime\qttask.exe" -atboottime
##(Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Date = 04/17/2006 17:23 | Attr = ])

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Registry Toolkit
#RegToolkit = C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
##(File not found)

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\RoxioDragToDisc
#DrgToDsc = "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
##(Sonic Solutions [Ver = 7.5.0.47 | Size = 1695744 bytes | Date = 03/08/2005 21:13 | Attr = ])

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\seekmo
#seekmo = "c:\program files\seekmo\seekmo.exe"
##(File not found)

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SunJavaUpdateSched
#jusched = C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
##(Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 36975 bytes | Date = 05/03/2006 02:56 | Attr = ])

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\TkBellExe
#realsched = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
##(RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Date = 03/04/2006 02:26 | Attr = ])

<<< User Agent Post Platform >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\SV1
#
##

<<< AppInit DLLs >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
#
##(File not found)

<<< Image File Execution Options >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
#Debugger = ntsd -d
##

<<< Shell Service Object Delay Load >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn
#{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 09:33 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder
#{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 09:33 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysTray
#{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Date = 08/04/2004 03:56 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck
#{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Date = 08/04/2004 03:56 | Attr = ])

<<< Shell Execute Hooks >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}
#CShellExecuteHookImpl Object = C:\Documents and Settings\Frank\Desktop\Download\ewido anti-spyware 4.0\shellexecutehook.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 73728 bytes | Date = 06/16/2006 10:38 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972}
#URL Exec Hook = shell32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 09:33 | Attr = ])

<<< Shared Task Scheduler >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{438755C2-A8BA-11D1-B96B-00A0C90312E1}
#Browseui preloader = %SystemRoot%\System32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp_sp2_gdr.060623-0002) | Size = 1022976 bytes | Date = 06/23/2006 07:02 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{8C7461EF-2B13-11d2-BE35-3078302C2030}
#Component Categories cache daemon = %SystemRoot%\System32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp_sp2_gdr.060623-0002) | Size = 1022976 bytes | Date = 06/23/2006 07:02 | Attr = ])

<<< Winlogon >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
#C:\WINDOWS\system32\userinit.exe,
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Date = 08/04/2004 03:56 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
#Explorer.exe
##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Date = 08/04/2004 03:56 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System
#
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
#crypt32.dll
##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Date = 08/04/2004 03:56 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
#cryptnet.dll
##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Date = 08/04/2004 03:56 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
#cscdll.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Date = 08/04/2004 03:56 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 03:56 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 03:56 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
#sclgntfy.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Date = 08/04/2004 03:56 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
#WlNotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 03:56 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 03:56 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
#WgaLogon.dll
##(Microsoft Corporation [Ver = 1.5.0540.0 | Size = 702768 bytes | Date = 06/19/2006 16:20 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 03:56 | Attr = ])

<<< DNS Name Servers >>>

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{87584B74-CF5C-4CC1-9AC1-3CABC468A80F}
# (NETGEAR MA111v2 802.11b Wireless USB Adapter)
##

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B5B3898A-EFF4-4881-B12F-CE68189D225E}
# (NETGEAR MA111v2 802.11b Wireless USB Adapter)
##

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C4448DE7-B6FC-4B43-A717-064A89E06859}
# (D-Link Air DWL-122 Wireless USB Adapter)
##

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D1A0A0CC-8B20-4142-AD5A-2FB0875B8C71}
# (Realtek RTL8139/810x Family Fast Ethernet NIC)
##

<<< Winsock2 Catalogs (Non-Microsoft only) >>>

<<< Protocol Handlers (Non-Microsoft only) >>>

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ipp
#
##(File not found)

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp
#
##(File not found)

<<< Protocol Filters (Non-Microsoft only) >>>

BostonBoy1019 · August 2006

[Start Post #2]

Services
Name--Internal Name--Startup Type--State--Service Type--
#Path
##(Version Info)

IPv6 Helper Service--6to4--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Application Layer Gateway Service--ALG--On Demand--Running--Win32, running in it's own process--
#C:\WINDOWS\System32\alg.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Date = 08/04/2004 03:56 | Attr = ])

Windows Audio--AudioSrv--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Automatic LiveUpdate Scheduler--Automatic LiveUpdate Scheduler--Automatic--Running--Win32, running in it's own process--
#"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
##(Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Date = 05/15/2006 18:24 | Attr = ])

AVG7 Alert Manager Server--Avg7Alrt--Automatic--Running--Win32, running in it's own process--
#C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
##(GRISOFT, s.r.o. [Ver = 7,1,0,365 | Size = 336896 bytes | Date = 08/14/2006 23:52 | Attr = ])

AVG7 Update Service--Avg7UpdSvc--Automatic--Running--Win32, running in it's own process--
#C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
##(GRISOFT, s.r.o. [Ver = 7,1,0,349 | Size = 84480 bytes | Date = 08/14/2006 23:52 | Attr = ])

AVG E-mail Scanner--AVGEMS--Automatic--Running--Win32, running in it's own process--
#C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
##(GRISOFT, s.r.o. [Ver = 7,1,0,400 | Size = 281088 bytes | Date = 08/14/2006 23:52 | Attr = ])

Background Intelligent Transfer Service--BITS--On Demand--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Computer Browser--Browser--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Cryptographic Services--CryptSvc--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

DCOM Server Process Launcher--DcomLaunch--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\svchost -k DcomLaunch
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

DHCP Client--Dhcp--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

DNS Client--Dnscache--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k NetworkService
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Error Reporting Service--ERSvc--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Event Log--Eventlog--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\services.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Date = 08/04/2004 03:56 | Attr = ])

COM+ Event System--EventSystem--On Demand--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

ewido anti-spyware 4.0 guard--ewido anti-spyware 4.0 guard--Automatic--Running--Win32, running in it's own process--
#C:\Documents and Settings\Frank\Desktop\Download\ewido anti-spyware 4.0\guard.exe
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Date = 06/16/2006 10:38 | Attr = ])

[email]FAH@C:+WINDOWS+Folding+FAH504-Console.exe--FAH@C:+WINDOWS+Folding+FAH504-Console.exe[/email]--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\Folding\FAH504-Console.exe -svcstart
##(Stanford University [Ver = 5, 0, 4, 0 | Size = 253952 bytes | Date = 08/05/2006 15:24 | Attr = ])

Fast User Switching Compatibility--FastUserSwitchingCompatibility--On Demand--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Help and Support--helpsvc--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Server--lanmanserver--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Workstation--lanmanworkstation--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

TCP/IP NetBIOS Helper--LmHosts--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k LocalService
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Network Connections--Netman--On Demand--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Network Location Awareness (NLA)--Nla--On Demand--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Plug and Play--PlugPlay--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\services.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Date = 08/04/2004 03:56 | Attr = ])

IPSEC Services--PolicyAgent--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\lsass.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Date = 08/04/2004 03:56 | Attr = ])

Protected Storage--ProtectedStorage--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\lsass.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Date = 08/04/2004 03:56 | Attr = ])

Remote Access Connection Manager--RasMan--On Demand--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Remote Procedure Call (RPC)--RpcSs--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\svchost -k rpcss
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Security Accounts Manager--SamSs--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\lsass.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Date = 08/04/2004 03:56 | Attr = ])

Task Scheduler--Schedule--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Secondary Logon--seclogon--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

System Event Notification--SENS--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Windows Firewall/Internet Connection Sharing (ICS)--SharedAccess--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Shell Hardware Detection--ShellHWDetection--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Print Spooler--Spooler--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\spoolsv.exe
##(Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Date = 06/10/2005 19:53 | Attr = ])

System Restore Service--srservice--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

SSDP Discovery Service--SSDPSRV--On Demand--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k LocalService
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Telephony--TapiSrv--On Demand--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Terminal Services--TermService--On Demand--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost -k DComLaunch
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Themes--Themes--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Distributed Link Tracking Client--TrkWks--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Windows User Mode Driver Framework--UMWdf--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\wdfmgr.exe
##(Microsoft Corporation [Ver = 5.2.3790.1230 built by: dnsrv(bld4act) | Size = 38912 bytes | Date = 01/28/2005 14:44 | Attr = ])

TrueVector Internet Monitor--vsmon--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
##(Zone Labs, LLC [Ver = 6.5.731.000 | Size = 75768 bytes | Date = 07/09/2006 13:42 | Attr = ])

Windows Time--W32Time--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

WebClient--WebClient--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k LocalService
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Windows Management Instrumentation--winmgmt--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Security Center--wscsvc--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Automatic Updates--wuauserv--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Wireless Zero Configuration--WZCSVC--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 03:56 | Attr = ])

Files
Full Path
#Details

%SystemDrive%
#

%ProgramFilesDir%
#

%WinDir%
#

C:\WINDOWS\fifa02.scr
#.aspack (ScreenTime Media [Ver = 2.3.3 | Size = 194560 bytes | Date = 07/09/2006 23:15 | Attr = ])

%System%
#

C:\WINDOWS\SYSTEM32\d3dx9_27.dll
#D3DXUVAtlasPack (Microsoft Corporation [Ver = 9.08.299.0000 | Size = 2319568 bytes | Date = 07/22/2005 19:59 | Attr = ])

C:\WINDOWS\SYSTEM32\dfrg.msc
#AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213( [Ver = | Size = 41397 bytes | Date = 08/29/2002 08:00 | Attr = ])

C:\WINDOWS\SYSTEM32\DivX.dll
#PEC2 (DivX, Inc. [Ver = 6.1.1.1031 | Size = 574976 bytes | Date = 01/26/2006 14:36 | Attr = ])

C:\WINDOWS\SYSTEM32\DivX.dll
#PECompact2 (DivX, Inc. [Ver = 6.1.1.1031 | Size = 574976 bytes | Date = 01/26/2006 14:36 | Attr = ])

C:\WINDOWS\SYSTEM32\Dsslji.dat
#pec2 (Intel Corporation [Ver = 1,51,12,44 | Size = 128000 bytes | Date = 05/02/2006 01:43 | Attr = ])

C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
#RIMAPPTECHNOLOGIES (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 571184 bytes | Date = 06/19/2006 16:19 | Attr = ])

C:\WINDOWS\SYSTEM32\MRT.exe
#(PeCompact2) (Microsoft Corporation [Ver = 1.19.1567.0 | Size = 8325544 bytes | Date = 08/09/2006 15:03 | Attr = ])

C:\WINDOWS\SYSTEM32\MRT.exe
#(ASPack) (Microsoft Corporation [Ver = 1.19.1567.0 | Size = 8325544 bytes | Date = 08/09/2006 15:03 | Attr = ])

C:\WINDOWS\SYSTEM32\ntbackup.exe
#VWSuD (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 1135616 bytes | Date = 08/18/2001 01:36 | Attr = ])

C:\WINDOWS\SYSTEM32\ntdll.dll
#.aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 08/04/2004 03:56 | Attr = ])

C:\WINDOWS\SYSTEM32\nusrmgr.cpl
#Pln``pmlidb_[ZYWSUdxa\^`^Tsfbeffhjol(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 03:56 | Attr = ])

C:\WINDOWS\SYSTEM32\oembios.bin
#peC2"y)Q ( [Ver = | Size = 13107200 bytes | Date = 02/28/2002 15:42 | Attr = ])

C:\WINDOWS\SYSTEM32\rasdlg.dll
#\DuMonitor SendMessage(WM_RASEVENT) done(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 08/04/2004 03:56 | Attr = ])

C:\WINDOWS\SYSTEM32\SKCL.dll
#.aspack (Concept Software, Inc. [Ver = 4.109b | Size = 117248 bytes | Date = 05/16/2002 18:12 | Attr = ])

C:\WINDOWS\SYSTEM32\wbdbase.deu
#msubjsuchsullsupeswinsyncszens( [Ver = | Size = 1309184 bytes | Date = 08/29/2002 08:00 | Attr = ])

C:\WINDOWS\SYSTEM32\WgaTray.exe
#RIMAPPTECHNOLOGIES (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Date = 06/19/2006 16:19 | Attr = ])

%System%\Drivers folder and sub-folders
#

C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#error finding UPX! header(GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/14/2006 23:52 | Attr = ])

C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#FSG!u.h (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/14/2006 23:52 | Attr = ])

C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#pec2-ext.exe (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/14/2006 23:52 | Attr = ])

C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#;PE_ASPACK (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/14/2006 23:52 | Attr = ])

C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
#V90NEC,

ERROR

occured in adaptecho( [Ver = 3.20.04 | Size = 1293192 bytes | Date = 02/16/2003 21:33 | Attr = ])

AllUsers ApplicationData Folder
#

C:\Documents and Settings\All Users\Application Data\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 05/13/2003 04:42 | Attr = HS])

CurrentUser ApplicationData Folder
#

C:\Documents and Settings\Frank\Application Data\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 05/13/2003 04:42 | Attr = HS])

DPF files
#

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
#CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

{17492023-C23A-453E-A040-C7C580BBF700}
#Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204

{33564D57-9980-0010-8000-00AA00389B71}
# - CodeBase = http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}
#Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
#MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144795608984

{8AD9C840-044E-11D1-B3E9-00805F499D93}
#Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

{B49C4597-8721-4789-9250-315DFBD9F525}
#IWinAmpActiveX Class - CodeBase = http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab

{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
#Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
#Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000}
# - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DirectAnimation Java Classes
# - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab

Microsoft XML Parser for Java
# - CodeBase =

Hosts file = 734 bytes. Reading all entries.
#C:\WINDOWS\System32\drivers\etc\Hosts

# Copyright (c) 1993-1999 Microsoft Corp.
#

#
#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#

#
#

# This file contains the mappings of IP addresses to host names. Each
#

# entry should be kept on an individual line. The IP address should
#

# be placed in the first column followed by the corresponding host name.
#

# The IP address and the host name should be separated by at least one
#

# space.
#

#
#

# Additionally, comments (such as these) may be inserted on individual
#

# lines or following the machine name denoted by a '#' symbol.
#

#
#

# For example:
#

#
#

# 102.54.94.97 rhino.acme.com # source server
#

# 38.25.63.10 x.acme.com # x client host
#

#

127.0.0.1 localhost
#

Trogan · August 2006

That log looks a bit different than what I was expecting. Did you choose Simple Report at the end?

Please scan again with WinPFind2, and when Notepad opens, make sure WordWrap is unchecked under the Format menu.

Post a new log please.

BostonBoy1019 · August 2006

K...sorry...here's the simple log:
Logfile created on: 08/17/2006 09:33
WinPFind2 by OldTimer - Version 1.0.3 Folder = C:\Documents and Settings\Frank\Desktop\winpfind2\WinPFind2\
Microsoft Windows XP (Version = Service Pack 2)
Internet Explorer (Version - 6.0.2900.2180)

<Processes>
aim.exe - c:\program files\aim\aim.exe - (America Online, Inc. )
alg.exe - c:\windows\system32\alg.exe - (Microsoft Corporation )
aluschedulersvc.exe - c:\program files\symantec\liveupdate\aluschedulersvc.exe - (Symantec Corporation )
avgamsvr.exe - c:\progra~1\grisoft\avgfre~1\avgamsvr.exe - (GRISOFT, s.r.o. )
avgcc.exe - c:\progra~1\grisoft\avgfre~1\avgcc.exe - (GRISOFT, s.r.o. )
avgemc.exe - c:\progra~1\grisoft\avgfre~1\avgemc.exe - (GRISOFT, s.r.o. )
avgupsvc.exe - c:\progra~1\grisoft\avgfre~1\avgupsvc.exe - (GRISOFT, s.r.o. )
csrss.exe - \??\c:\windows\system32\csrss.exe - (Microsoft Corporation )
digservices.exe - c:\program files\espnruntime\digservices.exe - (Walt Disney Internet Group )
ewido.exe - c:\documents and settings\frank\desktop\download\ewido anti-spyware 4.0\ewido.exe - (Anti-Malware Development a.s. )
explorer.exe - c:\windows\explorer.exe - (Microsoft Corporation )
fah504-console.exe - c:\windows\folding\fah504-console.exe - (Stanford University )
fah504-console.exe - c:\windows\folding\fah504-console.exe - (Stanford University )
fahcore_82.exe - c:\windows\folding\fahcore_82.exe - ( )
fahcore_82.exe - c:\windows\folding\fahcore_82.exe - ( )
guard.exe - c:\documents and settings\frank\desktop\download\ewido anti-spyware 4.0\guard.exe - (Anti-Malware Development a.s. )
iexplore.exe - c:\program files\internet explorer\iexplore.exe - (Microsoft Corporation )
iexplore.exe - c:\program files\internet explorer\iexplore.exe - (Microsoft Corporation )
lsass.exe - c:\windows\system32\lsass.exe - (Microsoft Corporation )
ma111v2.exe - c:\program files\netgear\ma111v2 usb adapter\ma111v2.exe - ( )
mhotkey.exe - c:\windows\mhotkey.exe - (Chicony )
msmsgs.exe - c:\program files\messenger\msmsgs.exe - (Microsoft Corporation )
s3tray2.exe - c:\windows\system32\s3tray2.exe - (S3 Graphics, Inc. )
services.exe - c:\windows\system32\services.exe - (Microsoft Corporation )
smss.exe - \systemroot\system32\smss.exe - (Microsoft Corporation )
spoolsv.exe - c:\windows\system32\spoolsv.exe - (Microsoft Corporation )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
vsmon.exe - c:\windows\system32\zonelabs\vsmon.exe - (Zone Labs, LLC )
wdfmgr.exe - c:\windows\system32\wdfmgr.exe - (Microsoft Corporation )
winlogon.exe - \??\c:\windows\system32\winlogon.exe - (Microsoft Corporation )
winpfind2.exe - c:\documents and settings\frank\desktop\winpfind2\winpfind2\winpfind2.exe - (OldTimer Tools )
zlclient.exe - c:\downloads\zonealarm\zlclient.exe - (Zone Labs, LLC )

<Registry Entries>

Version Info
WinPFind2 by OldTimer - Version 1.0.3 -
Microsoft Windows XP Version = Service Pack 2 -
Internet Explorer Version = 6.0.2900.2180 -

Internet Explorer Settings
HKLM->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM->Main\\Default Page - http://www.emachines.com
HKLM->Main\\Default Search - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm
HKCU->Main\\Start Page - http://www.minorleaguebaseball.com/app/index.jsp?cid=milb
HKCU->Main\\Search Page -
HKCU->Main\\Local Page -
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride -

BHO's
HKLM->Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ( )
HKLM->Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (Sun Microsystems, Inc. )

Internet Explorer Bars, Toolbars and Extensions
HKCU->Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
HKLM->Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
HKLM->Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation )
HKCU->Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
HKCU->Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
HKCU->Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
HKCU->Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
HKCU->Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
HKCU->Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8201 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} - 8200 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{4B30061A-5B39-11D3-80F8-0090276F843F} - 8192 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} - 8193 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8198 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8197 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8195 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - 8196 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8199 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\NextId - 8202
HKCU->MenuExt\&AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML (File not found))
HKCU->MenuExt\E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation )
HKLM->Plugins\Extension\.spop - = C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc. )

Approved Shell Extensions (Non-Microsoft only)
HKLM->Shell Extensions\Approved\{0873D142-79EF-49fa-81B5-211AAC0B0A7F} - Target Finder Shell Extension = C:\Program Files\Roxio\Easy Media Creator 7\Creator Classic\TargetFinder.dll ( )
HKLM->Shell Extensions\Approved\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found))
HKLM->Shell Extensions\Approved\{506F4668-F13E-4AA1-BB04-B43203AB3CC0} - {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL ( )
HKLM->Shell Extensions\Approved\{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} - The Core Media Player Shell Extension = C:\DOCUME~1\Frank\Desktop\Download\THECOR~1\System\CORESH~1.CLL ( )
HKLM->Shell Extensions\Approved\{5E44E225-A408-11CF-B581-008029601108} - Roxio DragToDisc Shell Extension = C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll (Sonic Solutions )
HKLM->Shell Extensions\Approved\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc. )
HKLM->Shell Extensions\Approved\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
HKLM->Shell Extensions\Approved\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
HKLM->Shell Extensions\Approved\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
HKLM->Shell Extensions\Approved\{D66DC78C-4F61-447F-942B-3FB6980118CF} - {D66DC78C-4F61-447F-942B-3FB6980118CF} = C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL ( )
HKLM->Shell Extensions\Approved\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc. )
HKLM->Shell Extensions\Approved\{F802F260-519B-11D1-BB5D-0060974C6013} - ICQ Shell Extension = C:\Program Files\ICQ\ICQShExt.dll ( )

ContextMenuHandlers (Non-Microsoft only)
HKLM->* - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
HKLM->* - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Documents and Settings\Frank\Desktop\Download\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
HKLM->* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
HKLM->Directory - CoreShellAgent - {516EC4D3-4AD9-11D5-AA6A-00E0189008B3} = C:\DOCUME~1\Frank\Desktop\Download\THECOR~1\System\CORESH~1.CLL ( )
HKLM->Directory - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Documents and Settings\Frank\Desktop\Download\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
HKLM->Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
HKLM->Folder - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
HKLM->Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )

ColumnHandlers (Non-Microsoft only)

Registry Run Keys
HKLM->Run\\!ewido - "C:\Documents and Settings\Frank\Desktop\Download\ewido anti-spyware 4.0\ewido.exe" /minimized (Anti-Malware Development a.s. )
HKLM->Run\\AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP (GRISOFT, s.r.o. )
HKLM->Run\\CHotkey - mHotkey.exe (Chicony )
HKLM->Run\\DIGServices - C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 (Walt Disney Internet Group )
HKLM->Run\\MSConfig - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation )
HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->Run\\S3TRAY2 - S3tray2.exe (S3 Graphics, Inc. )
HKLM->Run\\Zone Labs Client - "C:\Downloads\ZoneAlarm\zlclient.exe" (Zone Labs, LLC )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\AIM - C:\Program Files\aim\aim.exe -cnetwait.odl (File not found))
HKCU->Run\\MSMSGS - "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation )

Startup Lnks
HKLM->Common Startup - desktop.ini - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ( )
HKLM->Common Startup - MA111 Configuration Utility.lnk - C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe ( )
HKCU->Startup - desktop.ini - C:\Documents and Settings\Frank\Start Menu\Programs\Startup\desktop.ini ( )

Disabled MSConfig Items
HKLM->StartUpReg\AnyDVD - AnyDVD = C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (File not found))
HKLM->StartUpReg\ares - Ares = "C:\Documents and Settings\Frank\Desktop\Download\Ares\Ares.exe" -h (File not found))
HKLM->StartUpReg\ccApp - ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (File not found))
HKLM->StartUpReg\DAEMON Tools - daemon = "C:\Documents and Settings\Frank\Desktop\Download\Bit Lord\BitLord\Downloads\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd. )
HKLM->StartUpReg\DIGStream - digstream = C:\Program Files\DIGStream\digstream.exe (Walt Disney Internet Group )
HKLM->StartUpReg\QuickTime Task - qttask = "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->StartUpReg\Registry Toolkit - RegToolkit = C:\Program Files\Registry Toolkit\RegToolkit.exe /scan (File not found))
HKLM->StartUpReg\RoxioDragToDisc - DrgToDsc = "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" (Sonic Solutions )
HKLM->StartUpReg\seekmo - seekmo = "c:\program files\seekmo\seekmo.exe" (File not found))
HKLM->StartUpReg\SunJavaUpdateSched - jusched = C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe (Sun Microsystems, Inc. )
HKLM->StartUpReg\TkBellExe - realsched = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc. )

BostonBoy1019 · August 2006

User Agent Post Platform
HKLM->Post Platform\\SV1 -

AppInit DLLs
HKLM->Windows\\AppInit_DLLs - (File not found))

Image File Execution Options
HKLM->Image File Execution Options\Your Image File Name Here without a path - Debugger = ntsd -d

Shell Service Object Delay Load
HKLM->ShellServiceObjectDelayLoad\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
HKLM->ShellServiceObjectDelayLoad\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
HKLM->ShellServiceObjectDelayLoad\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation )
HKLM->ShellServiceObjectDelayLoad\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation )

Shell Execute Hooks
HKLM->ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Documents and Settings\Frank\Desktop\Download\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s. )
HKLM->ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

Shared Task Scheduler
HKLM->SharedTaskScheduler\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
HKLM->SharedTaskScheduler\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )

Winlogon
HKLM->Winlogon\\UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->Winlogon\\Shell - Explorer.exe (Microsoft Corporation )
HKLM->Winlogon\\System - (File not found))
HKLM->Winlogon\Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\cscdll - cscdll.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\Schedule - wlnotify.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\termsrv - wlnotify.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\wlballoon - wlnotify.dll (Microsoft Corporation )

DNS Name Servers
HKLM->Interfaces\{87584B74-CF5C-4CC1-9AC1-3CABC468A80F} - (NETGEAR MA111v2 802.11b Wireless USB Adapter)
HKLM->Interfaces\{B5B3898A-EFF4-4881-B12F-CE68189D225E} - (NETGEAR MA111v2 802.11b Wireless USB Adapter)
HKLM->Interfaces\{C4448DE7-B6FC-4B43-A717-064A89E06859} - (D-Link Air DWL-122 Wireless USB Adapter)
HKLM->Interfaces\{D1A0A0CC-8B20-4142-AD5A-2FB0875B8C71} - (Realtek RTL8139/810x Family Fast Ethernet NIC)

Winsock2 Catalogs (Non-Microsoft only)

Protocol Handlers (Non-Microsoft only)
HKLM->PROTOCOLS\Handler\ipp - (File not found))
HKLM->PROTOCOLS\Handler\msdaipp - (File not found))

Protocol Filters (Non-Microsoft only)

<Services>
IPv6 Helper Service - 6to4 - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
Application Layer Gateway Service - ALG - On Demand - Running - Win32, running in it's own process - C:\WINDOWS\System32\alg.exe (Microsoft Corporation )
Windows Audio - AudioSrv - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Automatic LiveUpdate Scheduler - Automatic LiveUpdate Scheduler - Automatic - Running - Win32, running in it's own process - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (Symantec Corporation )
AVG7 Alert Manager Server - Avg7Alrt - Automatic - Running - Win32, running in it's own process - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (GRISOFT, s.r.o. )
AVG7 Update Service - Avg7UpdSvc - Automatic - Running - Win32, running in it's own process - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (GRISOFT, s.r.o. )
AVG E-mail Scanner - AVGEMS - Automatic - Running - Win32, running in it's own process - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (GRISOFT, s.r.o. )
Background Intelligent Transfer Service - BITS - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Computer Browser - Browser - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Cryptographic Services - CryptSvc - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
DCOM Server Process Launcher - DcomLaunch - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost -k DcomLaunch (Microsoft Corporation )
DHCP Client - Dhcp - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
DNS Client - Dnscache - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k NetworkService (Microsoft Corporation )
Error Reporting Service - ERSvc - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Event Log - Eventlog - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\services.exe (Microsoft Corporation )
COM+ Event System - EventSystem - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
ewido anti-spyware 4.0 guard - ewido anti-spyware 4.0 guard - Automatic - Running - Win32, running in it's own process - C:\Documents and Settings\Frank\Desktop\Download\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s. )
[email]FAH@C:+WINDOWS+Folding+FAH504-Console.exe[/email] - [email]FAH@C:+WINDOWS+Folding+FAH504-Console.exe[/email] - Automatic - Running - Win32, running in it's own process - C:\WINDOWS\Folding\FAH504-Console.exe -svcstart (Stanford University )
Fast User Switching Compatibility - FastUserSwitchingCompatibility - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Help and Support - helpsvc - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Server - lanmanserver - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Workstation - lanmanworkstation - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
TCP/IP NetBIOS Helper - LmHosts - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation )
Network Connections - Netman - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Network Location Awareness (NLA) - Nla - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Plug and Play - PlugPlay - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\services.exe (Microsoft Corporation )
IPSEC Services - PolicyAgent - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\lsass.exe (Microsoft Corporation )
Protected Storage - ProtectedStorage - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation )
Remote Access Connection Manager - RasMan - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Remote Procedure Call (RPC) - RpcSs - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost -k rpcss (Microsoft Corporation )
Security Accounts Manager - SamSs - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation )
Task Scheduler - Schedule - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Secondary Logon - seclogon - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
System Event Notification - SENS - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
Windows Firewall/Internet Connection Sharing (ICS) - SharedAccess - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Shell Hardware Detection - ShellHWDetection - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Print Spooler - Spooler - Automatic - Running - Win32, running in it's own process - C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation )
System Restore Service - srservice - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
SSDP Discovery Service - SSDPSRV - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation )
Telephony - TapiSrv - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Terminal Services - TermService - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost -k DComLaunch (Microsoft Corporation )
Themes - Themes - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Distributed Link Tracking Client - TrkWks - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
Windows User Mode Driver Framework - UMWdf - Automatic - Running - Win32, running in it's own process - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation )
TrueVector Internet Monitor - vsmon - Automatic - Running - Win32, running in it's own process - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (Zone Labs, LLC )
Windows Time - W32Time - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
WebClient - WebClient - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation )
Windows Management Instrumentation - winmgmt - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
Security Center - wscsvc - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Automatic Updates - wuauserv - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
Wireless Zero Configuration - WZCSVC - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )

<Files>

%SystemDrive%

%ProgramFilesDir%

%WinDir%
C:\WINDOWS\fifa02.scr - .aspack (ScreenTime Media [Ver = 2.3.3 | Size = 194560 bytes | Date = 07/09/2006 23:15 | Attr = ])

%System%
C:\WINDOWS\SYSTEM32\d3dx9_27.dll - D3DXUVAtlasPack (Microsoft Corporation [Ver = 9.08.299.0000 | Size = 2319568 bytes | Date = 07/22/2005 19:59 | Attr = ])
C:\WINDOWS\SYSTEM32\dfrg.msc - AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213( [Ver = | Size = 41397 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINDOWS\SYSTEM32\DivX.dll - PEC2 (DivX, Inc. [Ver = 6.1.1.1031 | Size = 574976 bytes | Date = 01/26/2006 14:36 | Attr = ])
C:\WINDOWS\SYSTEM32\DivX.dll - PECompact2 (DivX, Inc. [Ver = 6.1.1.1031 | Size = 574976 bytes | Date = 01/26/2006 14:36 | Attr = ])
C:\WINDOWS\SYSTEM32\Dsslji.dat - pec2 (Intel Corporation [Ver = 1,51,12,44 | Size = 128000 bytes | Date = 05/02/2006 01:43 | Attr = ])
C:\WINDOWS\SYSTEM32\LegitCheckControl.dll - RIMAPPTECHNOLOGIES (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 571184 bytes | Date = 06/19/2006 16:19 | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - (PeCompact2) (Microsoft Corporation [Ver = 1.19.1567.0 | Size = 8325544 bytes | Date = 08/09/2006 15:03 | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - (ASPack) (Microsoft Corporation [Ver = 1.19.1567.0 | Size = 8325544 bytes | Date = 08/09/2006 15:03 | Attr = ])
C:\WINDOWS\SYSTEM32\ntbackup.exe - VWSuD (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 1135616 bytes | Date = 08/18/2001 01:36 | Attr = ])
C:\WINDOWS\SYSTEM32\ntdll.dll - .aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - Pln``pmlidb_[ZYWSUdxa\^`^Tsfbeffhjol(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\oembios.bin - peC2"y)Q ( [Ver = | Size = 13107200 bytes | Date = 02/28/2002 15:42 | Attr = ])
C:\WINDOWS\SYSTEM32\rasdlg.dll - \DuMonitor SendMessage(WM_RASEVENT) done(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\SKCL.dll - .aspack (Concept Software, Inc. [Ver = 4.109b | Size = 117248 bytes | Date = 05/16/2002 18:12 | Attr = ])
C:\WINDOWS\SYSTEM32\wbdbase.deu - msubjsuchsullsupeswinsyncszens( [Ver = | Size = 1309184 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINDOWS\SYSTEM32\WgaTray.exe - RIMAPPTECHNOLOGIES (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Date = 06/19/2006 16:19 | Attr = ])

%System%\Drivers folder and sub-folders
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - error finding UPX! header(GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/14/2006 23:52 | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - FSG!u.h (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/14/2006 23:52 | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - pec2-ext.exe (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/14/2006 23:52 | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - ;PE_ASPACK (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/14/2006 23:52 | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys - V90NEC,

ERROR

occured in adaptecho( [Ver = 3.20.04 | Size = 1293192 bytes | Date = 02/16/2003 21:33 | Attr = ])

%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINDOWS\bootstat.dat - ( [Ver = | Size = 2048 bytes | Date = 08/15/2006 20:54 | Attr = S])
C:\WINDOWS\QTFont.qfn - ( [Ver = | Size = 54156 bytes | Date = 08/03/2006 10:51 | Attr = H ])
C:\WINDOWS\system32\vsconfig.xml - ( [Ver = | Size = 48882 bytes | Date = 08/15/2006 20:55 | Attr = H ])
C:\WINDOWS\system32\zllictbl.dat - ( [Ver = | Size = 4212 bytes | Date = 08/15/2006 15:44 | Attr = H ])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917422.cat - ( [Ver = | Size = 10925 bytes | Date = 07/05/2006 08:21 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat - ( [Ver = | Size = 23751 bytes | Date = 07/28/2006 08:16 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat - ( [Ver = | Size = 10337 bytes | Date = 07/27/2006 10:00 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat - ( [Ver = | Size = 10925 bytes | Date = 07/21/2006 05:03 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920683.cat - ( [Ver = | Size = 11929 bytes | Date = 06/26/2006 15:47 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921398.cat - ( [Ver = | Size = 13050 bytes | Date = 07/13/2006 10:24 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921883.cat - ( [Ver = | Size = 10925 bytes | Date = 07/14/2006 12:13 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922616.cat - ( [Ver = | Size = 10925 bytes | Date = 07/14/2006 11:53 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat - ( [Ver = | Size = 7160 bytes | Date = 06/19/2006 16:20 | Attr = S])
C:\WINDOWS\system32\config\default.LOG - ( [Ver = | Size = 1024 bytes | Date = 08/17/2006 00:14 | Attr = H ])
C:\WINDOWS\system32\config\SAM.LOG - ( [Ver = | Size = 1024 bytes | Date = 08/15/2006 20:54 | Attr = H ])
C:\WINDOWS\system32\config\SECURITY.LOG - ( [Ver = | Size = 1024 bytes | Date = 08/17/2006 00:14 | Attr = H ])
C:\WINDOWS\system32\config\software.LOG - ( [Ver = | Size = 1024 bytes | Date = 08/17/2006 00:47 | Attr = H ])
C:\WINDOWS\system32\config\system.LOG - ( [Ver = | Size = 1024 bytes | Date = 08/17/2006 00:44 | Attr = H ])
C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG - ( [Ver = | Size = 1024 bytes | Date = 08/12/2006 03:05 | Attr = H ])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\08683161-a117-49e9-98ae-3ba17755eadd - ( [Ver = | Size = 388 bytes | Date = 08/02/2006 09:03 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred - ( [Ver = | Size = 24 bytes | Date = 08/02/2006 09:03 | Attr = HS])
C:\WINDOWS\Tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 08/15/2006 20:54 | Attr = H ])
CPL files -
C:\WINDOWS\SYSTEM32\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL - (Realtek Semiconductor Corp. [Ver = 1.6.07 | Size = 1663488 bytes | Date = 02/11/2003 02:07 | Attr = ])
C:\WINDOWS\SYSTEM32\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\bthprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\irprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\jpicpl32.cpl - (Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 49265 bytes | Date = 05/03/2006 02:56 | Attr = ])
C:\WINDOWS\SYSTEM32\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINDOWS\SYSTEM32\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINDOWS\SYSTEM32\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\QuickTime.cpl - (Apple Computer, Inc. [Ver = 6.5 | Size = 323072 bytes | Date = 01/06/2004 16:02 | Attr = ])
C:\WINDOWS\SYSTEM32\slcpappl.cpl - ( [Ver = 2, 92, 0, 2 | Size = 397312 bytes | Date = 01/17/2003 02:55 | Attr = ])
C:\WINDOWS\SYSTEM32\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINDOWS\SYSTEM32\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 05:16 | Attr = ])

AllUsers Startup Folder
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 05/13/2003 11:54 | Attr = HS])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA111 Configuration Utility.lnk - ( [Ver = | Size = 1820 bytes | Date = 03/02/2006 05:53 | Attr = ])

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 05/13/2003 04:42 | Attr = HS])

CurrentUser Startup Folder
C:\Documents and Settings\Frank\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 05/13/2003 11:54 | Attr = HS])

CurrentUser ApplicationData Folder
C:\Documents and Settings\Frank\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 05/13/2003 04:42 | Attr = HS])

DPF files
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{33564D57-9980-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144795608984
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
{B49C4597-8721-4789-9250-315DFBD9F525} - IWinAmpActiveX Class - CodeBase = http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DirectAnimation Java Classes - - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase =

Hosts file = 734 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright (c) 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
-
127.0.0.1 localhost -

[Solved]Extremely slow; HJT log

Comments