Tech Support banner

Status
Not open for further replies.
1 - 10 of 10 Posts

·
Registered
Joined
·
19 Posts
Discussion Starter #1
Hello, some days my Internet works and other times it doesn't. My kids used my computer for a couple of days and pehaps they visited a lot of pages I wouldn't have.
I have run Norton, I have run Ad Aware, HiJack This and HiJack This Analyzer. The following are the results.
Basically, I would like to remove things that you think would help my machine's performance and just make it feel better.
I'm running XP, Athlon 64, HP Pavilion zv5000 laptop and the machine is relatively new.
Thank you very much for your help.
Keith

Logfile of HijackThis v1.99.1
Scan saved at 20:08:04, on 01/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Windows\System32\Notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab
O16 - DPF: {323C9B9A-DB6C-42CE-A706-314535FD8EAF} (FTUploader Control) - http://www.fototime.com/ftweb/activeX/WebUploadControl.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (UpgradeTool Class) - https://clients.modulonet.fr/UpgradeTool.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
I don't see any malware in that log. HijackThis doesn't see everyting out there these days....let's have you run an online scan and see if anything lurks.

Perform an online scan with Internet Explorer with

Kaspersky Online Scanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Standard
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Take note the names and locations of any file it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan
 

·
Registered
Joined
·
19 Posts
Discussion Starter #3
Kaspersky scan

Hello tetonbob,

Here are the Kaspersky results;


-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, November 02, 2005 18:20:15
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 2/11/2005
Kaspersky Anti-Virus database records: 148229
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 93220
Number of viruses found: 6
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 3938 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Keith Sasaki\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Inbox/10 Mar 2005 17:04 from [email protected]:Notification d'état d/10 Mar 2005 17:04 from [email protected]:Found/visa_data.pif Infected: Email-Worm.Win32.NetSky.ac
C:\Documents and Settings\Keith Sasaki\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst Infected: Email-Worm.Win32.NetSky.ac
C:\Documents and Settings\Keith Sasaki\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000007.pst/Hotmail/Inbox/10 Mar 2005 17:04 from [email protected]:Notification d'état d/10 Mar 2005 17:04 from [email protected]:Found/visa_data.pif Infected: Email-Worm.Win32.NetSky.ac
C:\Documents and Settings\Keith Sasaki\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000007.pst Infected: Email-Worm.Win32.NetSky.ac
C:\Program Files\Norton AntiVirus\Quarantine\1D3D2C8C.exe Infected: P2P-Worm.Win32.Tibick.d
C:\Program Files\Norton AntiVirus\Quarantine\2999630A.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\2999630A.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\2999630A.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\2999630A.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\374C3DDF.tmp Infected: Net-Worm.Win32.Mytob.t
C:\Program Files\Norton AntiVirus\Quarantine\5AFB7383.tmp Infected: Exploit.VBS.Phel.i
C:\Program Files\Norton AntiVirus\Quarantine\5AFE1D80.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\5AFE1D80.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\5AFE1D80.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\5AFE1D80.zip Infected: Trojan-Downloader.Java.OpenConnection.aa

Scan process completed.


Could you please let me know what to do next.

Thank you.

Keith
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Please use Symantec's guide to remove the Norton Quarantine files.

Click on Start->Settings->Control Panel->Java Plug-in and click on the Cache tab. Then click on the Clear button and hit OK.

Kaspersky has found some suspicious mails. They seem only to be notifications from the postmaster, in your Hotmail inbox:

17:04 from [email protected]:Notification d'état d/10 Mar 2005 17:04 from [email protected]:Found/visa_data.pif

If it is present on your system, it should be deleted.

Other than that, I see no issues....are you still having problems with your internet?
 

·
Registered
Joined
·
19 Posts
Discussion Starter #5
pulling my hair now

Hello tetenbob,

Thank you for your support.
To begin, I can't find the Java thing. I have followed your advice, gone in Control Panel and it's not there.
Today, the Net is crawling again. Not sure if this is due to the bad weather we're having??
I only have 512 ram on my machine, yet I think it's quite sufficient just for browsing the Internet. It works well even when I have two big programs like Photoshop and Illustrator opened.
Machine is crawling even when everything is closed and just IE opened.
Any advice?
Thanks again,
Keith
 

·
Administrator
Joined
·
4,870 Posts
Hi there

As Tetonbob advised, there is no malware showing in your log. I suggest that you perhaps do some house keeping, especially as it would appear that you may have a lot of graphics and illustrations on your PC.

Right Click > Start > Explore > Right click your hard drive. Click the Tools tab and select "Defragment Now" Come on back and let us know if there is an improvement. If not, we can throw in some tools that can deep dive on your system to see if anything bad is lurking.
 

·
Registered
Joined
·
19 Posts
Discussion Starter #7
still crawling

Hello Horse and tetonbob,

I just defragged my machine as directed by you and my machine is still crawling like a snail going uphill.

I understood what you said about the graphics programs that I work with, but my comp is going slow with all these programs closed.

I'm using 63 percent of a 60 gig drive at the moment, so I don't think I'm lacking space. I burnt a lot of stuff to disc today..

Could you direct me?

Thanks in advance.
Keith
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Hi Keith -

So....the time of the system slowdown coincides with the kids use of the computer? Or it's been a while coming?

Let's have a look with a couple more tools....


Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan


* Download WinPFind http://www.bleepingcomputer.com/files/winpfind.php
o Double click on WinPFind and unzip it to your Desktop.
o Don't do anything with it yet!

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Double click WinPFind.exe

* Click 'Start Scan'
* It will scan the entire system, so please be patient!
* Once the scan is complete:
1. Go to the WinPFind folder
2. Locate WinPFind.txt
3. Copy those results in the next post!

Download StartDreck http://www.greyknight17.com/spy/StartDreck.zip

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.
 

·
Registered
Joined
·
19 Posts
Discussion Starter #9
scans complete

Hello tetonbob and Horse,

Here are the scans that you asked me to do.
I wouldn't say that my computer has slowly been losing speed or that it came since my children "played" with it. I find it strange how Internet works and then will not an hour later. It will take ages to load a page, then times only half will load, others I need to refresh to load and at times it is lightning...
My children have their own machine and they only play on www.prizee.com and on the other one they speak with friends on MSN.
Unfortunately, I didn't check my history log before dumping all my cookies and such..

Here you go:

Activescan:
Incident Status Location

Virus:Trj/Mitglieder.FO Disinfected Personal Folders\Inbox\Info_prices.zip[5.exe]
Virus:W32/Netsky.AB.worm Disinfected Hotmail\Inbox\Notification d'tat de remise (chec)\Found\visa_data.pif

WinPFind

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 13/12/2004 17:45:12 11776 C:\WINDOWS\KNetwork.dll

Checking %System% folder...
PEC2 04/08/2004 09:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 12/07/2005 17:04:22 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 05/10/2005 03:09:08 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 05/10/2005 03:09:08 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04/08/2004 09:00:00 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04/08/2004 09:00:00 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 04/08/2004 09:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
06/11/2005 14:16:20 S 2048 C:\WINDOWS\bootstat.dat
05/10/2005 02:17:40 S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
28/09/2005 10:53:30 S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
09/09/2005 18:15:08 S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901017.cat
06/11/2005 14:16:08 H 8192 C:\WINDOWS\system32\config\default.LOG
06/11/2005 14:16:42 H 1024 C:\WINDOWS\system32\config\SAM.LOG
06/11/2005 14:16:22 H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
06/11/2005 14:16:44 H 69632 C:\WINDOWS\system32\config\software.LOG
06/11/2005 14:16:40 H 1114112 C:\WINDOWS\system32\config\system.LOG
19/10/2005 17:42:40 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
09/10/2005 16:28:58 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\535971b1-d16f-44f2-848a-9f3d4b71d294
09/10/2005 16:28:58 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
06/11/2005 13:52:40 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 04/08/2004 09:00:00 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04/08/2004 09:00:00 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04/08/2004 09:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04/08/2004 09:00:00 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04/08/2004 09:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04/08/2004 09:00:00 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 04/08/2004 09:00:00 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04/08/2004 09:00:00 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04/08/2004 09:00:00 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04/08/2004 09:00:00 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 03/06/2005 02:52:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 04/08/2004 09:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04/08/2004 09:00:00 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 04/08/2004 09:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04/08/2004 09:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04/08/2004 09:00:00 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 07/04/2004 20:22:00 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 04/08/2004 09:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04/08/2004 09:00:00 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 08/04/2004 23:12:42 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 04/08/2004 09:00:00 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 04/08/2004 09:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04/08/2004 09:00:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04/08/2004 09:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 03:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 26/05/2005 03:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
06/11/2005 09:47:14 2335 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
21/01/2005 11:16:58 986 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
07/08/2004 13:58:34 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
10/03/2005 17:49:20 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
25/08/2005 12:41:26 1567 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
07/08/2004 06:46:50 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
07/08/2004 13:58:34 HS 84 C:\Documents and Settings\Keith Sasaki\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
07/08/2004 06:46:48 HS 62 C:\Documents and Settings\Keith Sasaki\Application Data\desktop.ini
09/05/2005 07:23:36 53168 C:\Documents and Settings\Keith Sasaki\Application Data\GDIPFONTCACHEV1.DAT
13/01/2005 15:22:10 0 C:\Documents and Settings\Keith Sasaki\Application Data\wklnhst.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
FREE = IEAK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Pro\wsftpsi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Pro\wsftpsi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}
WsftpBrowserHelper Class = C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
AcroIEToolbarHelper Class = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint C:\Program Files\Apoint2K\Apoint.exe
AGRSMMSG AGRSMMSG.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
Cpqset C:\Program Files\HPQ\Default Settings\cpqset.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
eabconfg.cpl C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
Acrobat Assistant 7.0 "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

mmtask "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 06/11/2005 14:25:59


StartDreck:

StartDreck (build 2.1.7 public stable) - 2005-11-06 @ 14:38:55 (GMT +01:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Keith Sasaki at PC722020878904

»Registry
»Run Keys
»Current User
»Run
*ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
»RunOnce
»Default User
»Run
»RunOnce
»Local Machine
»Run
*Apoint=C:\Program Files\Apoint2K\Apoint.exe
*AGRSMMSG=AGRSMMSG.exe
*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
*nwiz=nwiz.exe /install
*Cpqset=C:\Program Files\HPQ\Default Settings\cpqset.exe
*SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
*UpdateManager="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
*iTunesHelper=C:\Program Files\iTunes\iTunesHelper.exe
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
*eabconfg.cpl=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
*ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
*Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
*Acrobat Assistant 7.0="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
*mmtask="C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\system32\mshta.exe "%1" %*
+.htm
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile="C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHelper.dll
*{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
`InprocServer32=
*Ipswitch.WsftpBrowserHelper.1/{601ED020-FB6C-11D3-87D8-0050DA59922B}
`InprocServer32=C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
*Adobe.AcroIEToolbarHelper.1/{AE7CD045-E861-484f-8273-0445EE161910}
`InprocServer32=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
*Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872}
`InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll
»Internet Explorer
»Current User
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Bar=http://www.free.fr/search/
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.excite.com/
+SearchUrl
*provider=
»Default User
»Local Machine
*Default_Page_URL=http://home.free.fr/
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\system32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\system32\stobject.dll
*UPnPMonitor={e57ce738-33e8-4c51-8354-bb4de9d215d1}
`InprocServer32=C:\WINDOWS\system32\upnpui.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Keith Sasaki\Start Menu\Programs\Startup\desktop.ini
»Default User
*C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
*C:\msdos.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\WINDOWS\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\NOTEPAD.EXE
+C:\WINDOWS\system32\taskman.exe
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
»System/Drivers
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Sorry for the delay....

Are these your chosen Start and search pages:

http://www.free.fr/search
http://www.excite.com

Other than that, I see nothing in those logs. Is this broadband or dialup? Is this the only computer in the location? If not, does this problem occur with other computers?

Have you contacted your ISP (Internet Service Provider)? It seems like a system or connectivity issue, not malware related.
 
1 - 10 of 10 Posts
Status
Not open for further replies.
Top