1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

slow browsing.

Discussion in 'Virus & Other Malware Removal' started by mohan55, Jan 8, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. mohan55

    mohan55 Thread Starter

    Joined:
    Sep 30, 2005
    Messages:
    75
    The problem with my computer is that while browsing say "Yahoo.com" to check my mail The page opens and the progress bar moves fast initialy and half way down it just stalls on and on ...for quite sometime before it completes its work. When checking my html mails it takes quite a long to finish it. Sometimes a message displays "Timeout or something like that. Now i did a cleanup 40 and "ewido scan "in safe mode.I also run a online "kaspersky.All these showed clear."Here is my hjt log. Pl help.

    Logfile of HijackThis v1.99.1
    Scan saved at 2:08:28 PM, on 12/23/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    E:\Program Files\ewido\security suite\ewidoctrl.exe
    E:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe
    E:\WINDOWS\system32\svchost.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\WINDOWS\system32\qttask.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    E:\Program Files\r2 Studios\Copycat\Copycat.exe
    E:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    E:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] E:\WINDOWS\system32\qttask.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Copycat] "E:\Program Files\r2 Studios\Copycat\Copycat.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "E:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
    O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://E:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1131385450566
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1131612354024
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: HDD Temperature (HDDTService) - PalickSoft - E:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe

    Quote | Quick Reply
    mohan55
    View Public Profile
    Send a private message to mohan55
    Send email to mohan55
    Find all posts by mohan55
    Add mohan55 to Your Buddy List
    #2 Report Post to Moderators
    23-Dec-2005, 09:45 AM
    imidiot imidiot is online now
    Senior Member
     
  2. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    Hi there, i believe i see a bad file --> i would like to confirm this.

    Please visit http://virusscan.jotti.org/
    Click on Browse... and navigate to the following file: E:\Program Files\r2 Studios\Copycat\Copycat.exe
    Click Open
    Please let me know the results.

    Thanks
    David
     
  3. mohan55

    mohan55 Thread Starter

    Joined:
    Sep 30, 2005
    Messages:
    75
    Here is the report.

    Jotti's malware scan 2.99-TRANSITION_TO_3.00
    File to upload & scan: Virus

    Service
    Service load:
    0% 100%
    File: Copycat.exe
    Status:
    OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5 0269201525e62f91a8c77c0004f96358
    Packers detected:
    -
    Scanner results
    AntiVir
    Found nothing
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found nothing
    BitDefender
    Found nothing
    ClamAV
    Found nothing
    Dr.Web
    Found nothing
    F-Prot Antivirus
    Found nothing
    Fortinet
    Found nothing
    Kaspersky Anti-Virus
    Found nothing
    NOD32
    Found nothing
    Norman Virus Control
    Found nothing
    UNA
    Found nothing
    VBA32
    Found nothing

    Powered by
    images/antivir.png images/arcabit.png images/avast.png images/avg.gif images/bitdefender.png images/clamav-logo1.png images/drweb.gif images/f-prot.png images/fortinet.gif images/kaspersky.png images/nod32.gif images/norman.png images/una_logo.jpg images/vba32.png
    Disclaimer
    This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

    Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

    Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

    Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

    Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. If you do not want your files to be distributed, please do not send them at all.

    Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, and some people who prefer to remain anonymous... many thanks to all!

    Statistics
    Last file scanned at least one scanner reported something about: mvplocator.zip, detected by:

    Scanner Malware name
    AntiVir X
    ArcaVir X
    Avast Win32:Sepuf
    AVG Antivirus X
    BitDefender Trojan.NTPacker
    ClamAV X
    Dr.Web X
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus Trojan-Dropper.Win32.Delf.rc
    NOD32 X
    Norman Virus Control X
    UNA X
    VBA32 Embedded.Trojan-Dropper.Win32.Delf.rc


    You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
    We are not affiliated with any third parties that conduct tests using this service.



    Frequently asked questions - Feedback

    Debian Valid HTML 4.01!

    Page generated by JTPL

    Copyright © 2004-2005 Jordi Bosveld <[email protected]>
     
  4. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    Download WinPFind!
    • Extract WinPFind.zip to your c:\ folder.
    • Reboot your computer into Safe Mode
    • Then open c:\WinPFind and double-click on WinPFind.exe.
    • When the program is open, click on the Start Scan button to start scanning your computer.
    • Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed.
    • Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.
     
  5. mohan55

    mohan55 Thread Starter

    Joined:
    Sep 30, 2005
    Messages:
    75
    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
    Internet Explorer Version: 6.0.2900.2180

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...
    UPX! 1/8/2006 12:34:08 PM 234438656 E:\WINDOWS\MEMORY.DMP
    FSG! 1/8/2006 12:34:08 PM 234438656 E:\WINDOWS\MEMORY.DMP
    PEC2 1/8/2006 12:34:08 PM 234438656 E:\WINDOWS\MEMORY.DMP
    Umonitor 1/8/2006 12:34:08 PM 234438656 E:\WINDOWS\MEMORY.DMP
    qoologic 1/8/2006 12:34:08 PM 234438656 E:\WINDOWS\MEMORY.DMP
    aspack 1/8/2006 12:34:08 PM 234438656 E:\WINDOWS\MEMORY.DMP
    abetterinternet.com 1/8/2006 12:34:08 PM 234438656 E:\WINDOWS\MEMORY.DMP
    ad-w-a-r-e.com 1/8/2006 12:34:08 PM 234438656 E:\WINDOWS\MEMORY.DMP
    UPX! 5/3/2005 11:44:44 AM 25157 E:\WINDOWS\RMAgentOutput.dll
    UPX! 1/10/2005 4:17:24 PM 170053 E:\WINDOWS\tsc.exe
    UPX! 12/2/2003 5:00:10 AM 45056 E:\WINDOWS\Unwash5.exe

    Checking %System% folder...
    PEC2 8/4/2004 1:07:00 AM 41397 E:\WINDOWS\SYSTEM32\dfrg.msc
    winsync 8/4/2004 1:07:00 AM 1309184 E:\WINDOWS\SYSTEM32\wbdbase.deu
    aspack 8/4/2004 1:07:00 AM 708096 E:\WINDOWS\SYSTEM32\ntdll.dll
    PECompact2 1/4/2006 7:46:40 PM 2827616 E:\WINDOWS\SYSTEM32\MRT.exe
    aspack 1/4/2006 7:46:40 PM 2827616 E:\WINDOWS\SYSTEM32\MRT.exe
    Umonitor 8/4/2004 1:07:00 AM 657920 E:\WINDOWS\SYSTEM32\rasdlg.dll
    PTech 7/12/2005 6:04:22 PM 520456 E:\WINDOWS\SYSTEM32\LegitCheckControl.dll
    UPX! 12/20/2005 4:21:38 PM 481280 E:\WINDOWS\SYSTEM32\aswBoot.exe

    Checking %System%\Drivers folder and sub-folders...
    PTech 8/3/2004 10:41:38 PM 1309184 E:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

    Items found in E:\WINDOWS\SYSTEM32\drivers\etc\hosts


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    1/5/2006 11:17:58 AM H 54156 E:\WINDOWS\QTFont.qfn
    1/13/2006 5:39:38 PM S 2048 E:\WINDOWS\bootstat.dat
    1/6/2006 7:40:06 PM RH 749 E:\WINDOWS\WindowsShell.Manifest
    1/6/2006 7:40:06 PM RH 749 E:\WINDOWS\system32\cdplayer.exe.manifest
    1/6/2006 7:40:20 PM RH 488 E:\WINDOWS\system32\WindowsLogon.manifest
    1/6/2006 7:40:06 PM RH 749 E:\WINDOWS\system32\ncpa.cpl.manifest
    1/6/2006 7:40:06 PM RH 749 E:\WINDOWS\system32\nwc.cpl.manifest
    1/6/2006 7:40:06 PM RH 749 E:\WINDOWS\system32\sapi.cpl.manifest
    1/6/2006 7:40:06 PM RH 749 E:\WINDOWS\system32\wuaucpl.cpl.manifest
    1/6/2006 7:40:20 PM RH 488 E:\WINDOWS\system32\logonui.exe.manifest
    1/13/2006 3:49:28 PM H 802816 E:\WINDOWS\system32\config\system.LOG
    1/13/2006 3:49:28 PM H 143360 E:\WINDOWS\system32\config\software.LOG
    1/13/2006 3:49:28 PM H 8192 E:\WINDOWS\system32\config\default.LOG
    1/6/2006 7:44:06 PM H 1024 E:\WINDOWS\system32\config\userdiff.LOG
    1/6/2006 7:14:40 PM H 1024 E:\WINDOWS\system32\config\TempKey.LOG
    1/13/2006 5:40:06 PM H 1024 E:\WINDOWS\system32\config\SAM.LOG
    1/13/2006 5:39:40 PM H 16384 E:\WINDOWS\system32\config\SECURITY.LOG
    1/6/2006 7:44:06 PM H 1024 E:\WINDOWS\system32\config\userdifr.LOG
    1/13/2006 1:24:24 PM H 1024 E:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    1/6/2006 7:55:02 PM HS 67 E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4CVKFAE9\desktop.ini
    1/6/2006 7:55:02 PM HS 67 E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YJ22WXIP\desktop.ini
    1/6/2006 7:55:02 PM HS 67 E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OQZY6L9D\desktop.ini
    1/6/2006 7:55:02 PM HS 67 E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NDRI4PTE\desktop.ini
    12/4/2005 12:57:00 PM S 144 E:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
    12/4/2005 12:57:00 PM S 558 E:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
    1/3/2006 3:09:36 AM S 11223 E:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
    12/1/2005 8:17:10 AM S 21633 E:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
    12/2/2005 4:12:48 AM S 10925 E:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
    1/6/2006 7:43:26 PM H 274432 E:\WINDOWS\repair\ntuser.dat
    1/6/2006 7:41:46 PM HS 67 E:\WINDOWS\Fonts\desktop.ini
    1/8/2006 1:38:18 PM H 490736 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6d23b8f719dc5412ac7aeb7db3387c36\BIT145.tmp
    1/8/2006 1:40:22 PM H 477936 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\901d98c899726f2d1e49c234329550a9\BIT146.tmp
    1/8/2006 1:33:26 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a10059c9324422cfcb0f7ef897dbfc6d\BIT147.tmp
    1/8/2006 1:40:26 PM H 151105 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\550b1142f7e1f8ec32b1cdb4c5b12158\BIT148.tmp
    1/8/2006 1:33:36 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\05844d04ccfc746aa3dd67203520987a\BIT149.tmp
    1/8/2006 1:33:40 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c2127dcc8bf292b100f1f5c57af251dd\BIT14A.tmp
    1/8/2006 1:33:46 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e0dc0b83689ce7b61aec9a92ab403ff5\BIT14B.tmp
    1/8/2006 1:33:50 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\cf6711df6004b507aee20e828abd0934\BIT14C.tmp
    1/8/2006 1:33:54 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\837ee431df87226c3788bde39d0fd5c6\BIT14D.tmp
    1/8/2006 1:40:26 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9068529eb9ffcb0374073e28df2ec7a6\BIT14E.tmp
    1/8/2006 1:34:00 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\12872a4fd5ad52aafc9035961c16e563\BIT14F.tmp
    1/8/2006 1:34:04 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\be72c3b46431532aa2193569e516ebe6\BIT150.tmp
    1/8/2006 1:34:06 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\79a472c662fcaea1ff845b3a03de2d4f\BIT151.tmp
    1/8/2006 1:40:28 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0da4d07f1c0daddae341154d5c5618e8\BIT152.tmp
    1/8/2006 1:34:12 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e248e6e6cf7cf235ca9adad589c1947a\BIT153.tmp
    1/8/2006 1:34:14 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\87984ff3f5f258c3fb76f77aed6cd4ee\BIT154.tmp
    1/8/2006 1:34:18 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9c6a857a536c230a49190993fc1c2a15\BIT155.tmp
    1/8/2006 1:34:20 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\044a6f562ca5290509d799bf41a52aed\BIT156.tmp
    1/8/2006 1:40:28 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2fd1475c658b5f3d7119d195bcf03673\BIT157.tmp
    1/8/2006 1:34:26 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\474a8084e7d71c0382393b235ac66fb0\BIT158.tmp
    1/8/2006 1:34:28 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e8aaf3d0f5a2a9436cb55a74f4d86214\BIT159.tmp
    1/8/2006 1:34:32 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bd0c48d4592ffe3631c19bd04a50ac18\BIT15A.tmp
    1/8/2006 1:40:28 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c9ca23e0db0bf40b7c223d3803986f23\BIT15B.tmp
    1/8/2006 1:34:38 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\088cc7a2d384933a5ebb143795c0edd5\BIT15C.tmp
    1/8/2006 1:34:42 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0f034613258cda0f8c8da15d1b762ae0\BIT15D.tmp
    1/8/2006 1:34:44 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e2b4d3fe99fff743f9d3d64ed7c7e582\BIT15E.tmp
    1/8/2006 1:34:48 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a457e75c5a9739cc361e8142d870bb7f\BIT15F.tmp
    1/8/2006 1:34:50 PM H 0 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2991f70fec08210a301ba3d28684d595\BIT160.tmp
    1/9/2006 10:55:24 AM H 1101152 E:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d15ea133e7c4dfa84ed836a4b565d9d3\BIT2C.tmp
    1/13/2006 3:49:14 PM H 6 E:\WINDOWS\Tasks\SA.DAT
    1/6/2006 7:40:20 PM H 65 E:\WINDOWS\Downloaded Program Files\desktop.ini
    1/6/2006 7:40:20 PM H 65 E:\WINDOWS\Offline Web Pages\desktop.ini

    Checking for CPL files...
    Microsoft Corporation 5/26/2005 4:16:30 AM 174360 E:\WINDOWS\SYSTEM32\wuaucpl.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 358400 E:\WINDOWS\SYSTEM32\inetcpl.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 187904 E:\WINDOWS\SYSTEM32\main.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 380416 E:\WINDOWS\SYSTEM32\irprops.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 36864 E:\WINDOWS\SYSTEM32\nwc.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 298496 E:\WINDOWS\SYSTEM32\sysdm.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 28160 E:\WINDOWS\SYSTEM32\telephon.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 148480 E:\WINDOWS\SYSTEM32\wscui.cpl
    Apple Computer, Inc. 12/18/2001 8:04:20 PM 287232 E:\WINDOWS\SYSTEM32\QuickTime.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 110592 E:\WINDOWS\SYSTEM32\bthprops.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 25600 E:\WINDOWS\SYSTEM32\netsetup.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 155136 E:\WINDOWS\SYSTEM32\hdwwiz.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 257024 E:\WINDOWS\SYSTEM32\nusrmgr.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 549888 E:\WINDOWS\SYSTEM32\appwiz.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 135168 E:\WINDOWS\SYSTEM32\desk.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 35840 E:\WINDOWS\SYSTEM32\ncpa.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 80384 E:\WINDOWS\SYSTEM32\firewall.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 129536 E:\WINDOWS\SYSTEM32\intl.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 68608 E:\WINDOWS\SYSTEM32\joy.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 618496 E:\WINDOWS\SYSTEM32\mmsys.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 94208 E:\WINDOWS\SYSTEM32\timedate.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 32768 E:\WINDOWS\SYSTEM32\odbccp32.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 114688 E:\WINDOWS\SYSTEM32\powercfg.cpl
    12/29/2002 1:14:38 AM 81920 E:\WINDOWS\SYSTEM32\Startup.cpl
    Symantec Corporation 6/26/1998 6:26:00 PM 151040 E:\WINDOWS\SYSTEM32\S32LUCP1.CPL
    Microsoft Corporation 8/4/2004 1:07:00 AM 36864 E:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
    Microsoft Corporation 8/4/2004 5:07:00 AM 68608 E:\WINDOWS\SYSTEM32\dllcache\access.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 32768 E:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 549888 E:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 135168 E:\WINDOWS\SYSTEM32\dllcache\desk.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 80384 E:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 155136 E:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 358400 E:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 129536 E:\WINDOWS\SYSTEM32\dllcache\intl.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 68608 E:\WINDOWS\SYSTEM32\dllcache\joy.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 187904 E:\WINDOWS\SYSTEM32\dllcache\main.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 618496 E:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 35840 E:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 25600 E:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 257024 E:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 114688 E:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 155648 E:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 298496 E:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 28160 E:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 94208 E:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
    Microsoft Corporation 8/4/2004 1:07:00 AM 148480 E:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
    Microsoft Corporation 5/26/2005 4:16:30 AM 174360 E:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    1/2/2006 10:51:28 AM 715 E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Controller.LNK
    1/6/2006 7:43:18 PM HS 84 E:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
    1/12/2006 9:31:04 AM 285 E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Detector.lnk

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    1/6/2006 7:19:50 PM HS 62 E:\Documents and Settings\All Users\Application Data\desktop.ini

    Checking files in %USERPROFILE%\Startup folder...
    4/10/2005 10:24:30 PM HS 84 E:\Documents and Settings\Mohan\Start Menu\Programs\Startup\desktop.ini

    Checking files in %USERPROFILE%\Application Data folder...
    4/10/2005 9:56:38 PM HS 62 E:\Documents and Settings\Mohan\Application Data\desktop.ini
    1/13/2006 11:01:26 AM 104 E:\Documents and Settings\Mohan\Application Data\stats.mst

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    SV1 =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast
    {472083B0-C522-11CF-8763-00608CC02F24} = E:\Program Files\Alwil Software\Avast4\ashShell.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
    {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\DecExt
    {a90d5ea0-a1d7-11cf-8dc1-00805fc2353f} = E:\tools\decext\decext.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
    {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = E:\Program Files\ewido\security suite\context.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Washer
    {6EE51AA0-77A0-11D7-B4E1-000347126E46} = E:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
    {5464D816-CF16-4784-B9F3-75C0DB52B499} = E:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast
    {472083B0-C522-11CF-8763-00608CC02F24} = E:\Program Files\Alwil Software\Avast4\ashShell.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
    {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
    {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = E:\Program Files\ewido\security suite\context.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Washer
    {6EE51AA0-77A0-11D7-B4E1-000347126E46} = E:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Yahoo! Toolbar Helper = E:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    AcroIEHlprObj Class = E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
    Yahoo! IE Services Button = E:\Program Files\Yahoo!\Common\yiesrvc.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    &Yahoo! Messenger = E:\PROGRA~1\YAHOO!\COMMON\yhexbmesus.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    &Tip of the Day = %SystemRoot%\system32\shdocvw.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : E:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
    MenuText = :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
    ButtonText = Yahoo! Services :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
    ButtonText = Research :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
    ButtonText = Messenger : E:\Program Files\Messenger\msmsgs.exe

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
    =
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
    Favorites Band = %SystemRoot%\system32\shdocvw.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
    {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : E:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    TkBellExe "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    QuickTime Task E:\WINDOWS\system32\qttask.exe
    Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
    avast! E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    Copycat "E:\Program Files\r2 Studios\Copycat\Copycat.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    Yahoo! Pager "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    ADCRec E:\Program Files\XemiComputers\ADC Sound Recorder\ADCRec.exe
    Window Washer C:\Program Files\Webroot\Washer\wwDisp.exe

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini 0
    win.ini 0
    bootini 0
    services 0
    startup 0


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = E:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    dontdisplaylastusername 0
    legalnoticecaption
    legalnoticetext
    shutdownwithoutlogon 1
    undockwithoutlogon 1


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    NoDriveTypeAutoRun 145
    NoDrives 0
    NoViewOnDrive 0

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
    CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
    WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
    SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = E:\WINDOWS\system32\stobject.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = E:\WINDOWS\system32\userinit.exe,
    Shell = Explorer.exe
    System =

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    Debugger = ntsd -d

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
    Scan completed on 1/13/2006 9:06:10 PM
     
  6. mohan55

    mohan55 Thread Starter

    Joined:
    Sep 30, 2005
    Messages:
    75
    Dear Mr Trojanator,
    I am waiting for your reply all these days.Pl look into my problem for my slow browsing,and appreciate for an early reply
     
  7. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    Luckily i came across this and thanks for the PM. This must have slipped the net with my subscribed threads as i never knew this was here :(

    I'll get onto replying :)

    David
     
  8. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    Edit out.
     
  9. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    I have had to change my instructions, i'll be back it a sec.
    David :)
     
  10. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    Please visit http://virusscan.jotti.org/
    Click on Browse... and navigate to the following file: E:\WINDOWS\SYSTEM32\aswBoot.exe
    Click Open
    Please let me know the results.

    David
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/432155

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice