TheTechGuide Forum
General Category => Tech Clinic => Topic started by: teinte411 on October 21, 2005, 07:32:27 PM
-
Ok this started a few days ago, I don't recall doing anything to trigger this behavior. I'm hoping somebody can help because I'm at my wits end lol.
Here's the symptoms, I'm seeing a light blue shadow over some of the text on the desktop and programs like IE and Word, there's also a blue line of the same color blue by icons and on my mouse cursor. Another graphics issue is in games I'm seeing little blinking or flickering squares during gameplay. I did reinstall Windows XP and it didn't solve the graphics problem. I've updated all my graphics drivers and it still didn't repair the graphics, I've also dusted the inside of my PC and still nothing.
However I did do a virus scan with Ad-Aware and it said I had the Worm.Alcan.A virus, eventually it said it was removed after a few tries, but I doubt it. It didn't show up with Norton or Microsoft's anti-virus software though, just Lavasofts.
My question is does anyone know if this Worm effects your graphics card or do you think my graphics card is going? I don't think it is though because I just bought this PC about 6 months ago and graphics cards usually never go. The only other thing I didn't try is actually unplugging my card and plugging it back in but I don't think that wouldn't do anything.
If someone could help me out I'd greatly appreciate it. Just wondering if anybody else with this worm has graphic issues as well? Like I said I don't recall doing anything to trigger this, I may have accidentally downloaded the AlcanA Worm through Limewire though which I was using a few days ago. Thanks. Sorry for posting in the other guy's topic before.
-
I can't see Alcan causing graphics problems, but let's see if we can discover anything
==Download and save WinPFind.zip (http://\"http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip\")
UNZIP the contents to your desktop
Don't run it yet
RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation
Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
Click START SCAN
This could take some time as it will scan your drive
Close out after
Restart back to Normal mode
Post the results of the WindPFind.txt located in the WinPFind folder
Also, from my signature below, download and save hijackthis 1.99.1 to a permanent folder on your drive
Do a System scan and save log file
A text file will open, copy and paste the whole log back here
-
Ok, here is the WinPFind log done in safe mode and the HJT log done in normal mode...
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
PEC2 8/12/2004 9:56:50 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 6/9/2005 4:32:28 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 6/9/2005 4:32:28 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 8/29/2005 1:27:12 PM 520968 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 10/4/2005 10:09:08 PM 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 10/4/2005 10:09:08 PM 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/12/2004 10:02:34 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/12/2004 10:04:02 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/12/2004 10:08:50 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/21/2005 8:53:08 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
10/18/2005 4:48:42 PM H 54156 C:\WINDOWS\QTFont.qfn
10/21/2005 6:41:52 PM RH 749 C:\WINDOWS\WindowsShell.Manifest
10/21/2005 6:42:00 PM H 65 C:\WINDOWS\Downloaded Program Files\DESKTOP.INI
10/21/2005 6:42:30 PM HS 67 C:\WINDOWS\Fonts\DESKTOP.INI
9/28/2005 5:13:32 PM H 0 C:\WINDOWS\INF\oem22.inf
10/21/2005 6:42:00 PM H 65 C:\WINDOWS\occache\desktop.ini
10/21/2005 6:42:00 PM H 65 C:\WINDOWS\Offline Web Pages\DESKTOP.INI
10/21/2005 6:43:22 PM H 262144 C:\WINDOWS\REPAIR\NTUSER.DAT
10/21/2005 6:41:52 PM RH 749 C:\WINDOWS\SYSTEM32\cdplayer.exe.manifest
9/3/2005 10:07:46 PM HS 178718 C:\WINDOWS\SYSTEM32\gfhkj.bak1
9/30/2005 8:38:06 PM HS 428451 C:\WINDOWS\SYSTEM32\gfhkj.bak2
9/30/2005 9:22:30 PM HS 426867 C:\WINDOWS\SYSTEM32\gfhkj.ini
10/21/2005 6:41:58 PM RH 488 C:\WINDOWS\SYSTEM32\logonui.exe.manifest
10/21/2005 6:41:52 PM RH 749 C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
10/21/2005 6:41:52 PM RH 749 C:\WINDOWS\SYSTEM32\nwc.cpl.manifest
10/21/2005 6:41:52 PM RH 749 C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
10/21/2005 6:41:58 PM RH 488 C:\WINDOWS\SYSTEM32\WindowsLogon.manifest
10/21/2005 6:41:52 PM RH 749 C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
8/25/2005 11:35:48 AM H 4212 C:\WINDOWS\SYSTEM32\zllictbl.dat
10/6/2005 8:31:08 PM S 77924 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem23.CAT
10/21/2005 8:53:00 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
10/21/2005 2:28:24 PM H 0 C:\WINDOWS\SYSTEM32\CONFIG\default.tmp.LOG
10/21/2005 8:53:20 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
10/21/2005 8:53:12 PM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
10/21/2005 8:53:16 PM H 49152 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
10/21/2005 2:28:24 PM H 0 C:\WINDOWS\SYSTEM32\CONFIG\software.tmp.LOG
10/21/2005 8:53:16 PM H 921600 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
10/21/2005 2:27:52 PM H 0 C:\WINDOWS\SYSTEM32\CONFIG\system.tmp.LOG
10/21/2005 2:27:42 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\TempKey.LOG
10/21/2005 2:28:24 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\USERDIFF.LOG
10/21/2005 6:43:24 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\userdifr.LOG
10/11/2005 1:56:02 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
8/24/2005 3:48:52 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\cc1237e7-a29f-423f-a3e1-b2f4db56f999
8/24/2005 3:48:52 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
10/6/2005 8:31:08 PM S 77924 C:\WINDOWS\SYSTEM32\ReinstallBackups\0018\DriverFiles\CX_27256.CAT
10/6/2005 8:31:08 PM S 77924 C:\WINDOWS\SYSTEM32\ReinstallBackups\0019\DriverFiles\CX_27256.CAT
10/21/2005 8:52:18 PM H 6 C:\WINDOWS\Tasks\SA.DAT
9/30/2005 9:16:20 PM H 23820 C:\WINDOWS\Temp\CS0039AB0A-AC81-48E0-81C4-62E899BEAC29.tmp
9/30/2005 9:16:20 PM H 240 C:\WINDOWS\Temp\CS07F96DA7-5559-4FE3-8E11-5E9BEC8785E0.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS099640D4-3162-4BA2-A43A-6E8DA83F7615.tmp
9/30/2005 9:16:20 PM H 42114 C:\WINDOWS\Temp\CS0C4CE6CB-D618-45FA-A63A-8A1126ACF258.tmp
9/30/2005 9:17:06 PM H 102 C:\WINDOWS\Temp\CS0FC93956-7E39-4D53-8FE7-4EAE4FA40842.tmp
9/30/2005 9:16:20 PM H 160 C:\WINDOWS\Temp\CS11872E4A-2773-4FCA-AE11-D8621E6886E9.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS1A9F09F1-697C-4A50-916A-7DC4F4548460.tmp
9/30/2005 9:17:12 PM H 366528 C:\WINDOWS\Temp\CS1AF674D3-3882-4C45-82DA-C3EAD3F478B1.tmp
9/30/2005 9:17:06 PM H 48 C:\WINDOWS\Temp\CS1BFACBA4-DA59-4982-801E-7D7E8C961937.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS1F4EEA50-B2F7-4457-8CA0-6944A59A145B.tmp
9/30/2005 9:16:20 PM H 5464 C:\WINDOWS\Temp\CS205A0B22-6A98-494B-A43B-826830D826B1.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS245573E6-5890-4342-AFEB-C729D6D0D298.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS24836318-DD67-4025-B5D0-B73F435AE554.tmp
9/30/2005 9:17:06 PM H 406 C:\WINDOWS\Temp\CS251CEC17-F5CA-4BAE-9AEC-A062973D0D37.tmp
9/30/2005 9:16:20 PM H 1323504 C:\WINDOWS\Temp\CS2BA0AABC-D175-4ED6-AF0B-BB5601CA8328.tmp
9/30/2005 9:17:06 PM H 310 C:\WINDOWS\Temp\CS3634AE52-E145-4BEC-864C-585716C8AB96.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS3878B89F-685C-4263-9BDF-6A6D2F384FE2.tmp
9/30/2005 9:17:06 PM H 196 C:\WINDOWS\Temp\CS38BDA2F3-8AC5-44AC-98EA-D813E075BF0C.tmp
9/30/2005 9:17:06 PM H 100 C:\WINDOWS\Temp\CS392E6C5B-4CE0-4130-9317-61AEECE7D6CE.tmp
9/30/2005 9:17:06 PM H 124 C:\WINDOWS\Temp\CS3F860BDC-FBE8-42D7-A74F-BD67B764A6E6.tmp
9/30/2005 9:16:20 PM H 929272 C:\WINDOWS\Temp\CS432099B4-BFC6-4114-B1F9-7A725EDC1A26.tmp
9/30/2005 9:17:06 PM H 50 C:\WINDOWS\Temp\CS49031064-44A0-45D7-B397-095F5061C58A.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS49BD8868-CE64-495E-99BC-FF0F3B30FBA2.tmp
9/30/2005 9:17:06 PM H 48 C:\WINDOWS\Temp\CS515B3A0B-B701-4EE5-A937-202F0321F024.tmp
9/30/2005 9:16:20 PM H 71162 C:\WINDOWS\Temp\CS525F5F8E-1FF3-4FEA-B4C1-874BE47D4F21.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS53B2A55B-FC37-468C-910E-0DB47F1E6DF1.tmp
9/30/2005 9:17:06 PM H 412 C:\WINDOWS\Temp\CS540DEF26-BB6E-443A-A455-8169340AFA05.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS57FF4DCD-8955-4E4E-8C56-6799C53DA1B2.tmp
9/30/2005 9:17:12 PM H 1796504 C:\WINDOWS\Temp\CS58A4AAD2-4A97-43B8-939B-06FD7A808677.tmp
9/30/2005 9:16:20 PM H 1890 C:\WINDOWS\Temp\CS59790216-5342-456E-8DBF-E57169E30D1B.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS59C813C5-591B-4418-BE7C-8368E93CB927.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS5A89585C-615B-4EB3-838C-3F04D44100EE.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS5B58CE28-1B4E-4D11-AC09-AE92001E710F.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS5FDD3EE7-605F-4637-A911-5387CE36FC43.tmp
9/30/2005 9:18:06 PM H 548 C:\WINDOWS\Temp\CS61B9F7DB-5273-4DB0-9C81-286823C8497B.tmp
9/30/2005 9:16:20 PM H 2016 C:\WINDOWS\Temp\CS63552240-DB92-4A8D-9109-2C65F843042C.tmp
9/30/2005 9:16:20 PM H 0 C:\WINDOWS\Temp\CS680EAE5E-EA77-45A7-809F-03702E7BD489.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS68129BA1-8EB1-4B1D-A278-D7BA39123394.tmp
9/30/2005 9:17:06 PM H 100 C:\WINDOWS\Temp\CS68841650-84F6-45DA-BDB3-44EF2126C8B6.tmp
9/30/2005 9:17:06 PM H 114 C:\WINDOWS\Temp\CS68A72714-E9ED-4991-A141-7EEC95F1ED1E.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS6DE23B5F-5155-4C6B-A73F-F2C91B16A385.tmp
9/30/2005 9:17:06 PM H 502 C:\WINDOWS\Temp\CS73DA8CC7-1594-4228-99C7-16F77F103A63.tmp
9/30/2005 9:16:20 PM H 108598 C:\WINDOWS\Temp\CS73FF47FE-6E2B-43ED-AEA9-7CF56CCB9E56.tmp
9/30/2005 9:16:20 PM H 32 C:\WINDOWS\Temp\CS79BB9307-73E8-4E23-B43C-EC2E59A9DA6E.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS7D9821D7-9BA9-42A9-9921-45C2EBF959DD.tmp
9/30/2005 9:17:06 PM H 598 C:\WINDOWS\Temp\CS7E187B75-51E2-412A-AF1C-D4C8917FDE49.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS8038A68D-46D3-441E-A669-44591604B9F6.tmp
9/30/2005 9:17:06 PM H 662 C:\WINDOWS\Temp\CS81BE186E-A5B6-44C0-99DF-F55735A20549.tmp
9/30/2005 9:17:06 PM H 120 C:\WINDOWS\Temp\CS829040E6-4642-4419-92D5-EAB003066612.tmp
9/30/2005 9:16:20 PM H 7166 C:\WINDOWS\Temp\CS8326B57A-DD06-4871-B53F-D7F3402FB606.tmp
9/30/2005 9:17:06 PM H 566 C:\WINDOWS\Temp\CS8490A86F-5385-43BB-BF8F-6C0C6BCEABCD.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS866EEE3D-F60E-44F7-B22C-234077EBC64D.tmp
9/30/2005 9:16:20 PM H 1503408 C:\WINDOWS\Temp\CS8B771174-72B6-40C9-87BE-10C2E1B3D1A5.tmp
9/30/2005 9:17:06 PM H 502 C:\WINDOWS\Temp\CS8D05915F-E86D-404F-8600-A64118BEE466.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CS91CC0B82-656B-454E-BF84-2F6B07803CDF.tmp
9/30/2005 9:17:06 PM H 30 C:\WINDOWS\Temp\CS92AC968A-0B84-411D-88F4-5370A864AC30.tmp
9/30/2005 9:17:06 PM H 478 C:\WINDOWS\Temp\CS9362355A-092C-4AEB-A408-BFFB1D6A753A.tmp
9/30/2005 9:17:06 PM H 526 C:\WINDOWS\Temp\CS9583180F-D739-42CF-93C7-C2283604D14E.tmp
9/30/2005 9:17:10 PM H 1468862 C:\WINDOWS\Temp\CS998B4117-EEFB-4710-8CF3-416AFC45F463.tmp
9/30/2005 9:16:20 PM H 3429 C:\WINDOWS\Temp\CS9A736D53-78C3-43EE-9AE7-DFD04155DF92.tmp
9/30/2005 9:17:06 PM H 100 C:\WINDOWS\Temp\CS9B02D53F-F2E4-4359-AC7E-33E36E41AA86.tmp
9/30/2005 9:17:12 PM H 81280 C:\WINDOWS\Temp\CS9B1E1F7E-C028-49EE-BA64-1C9BED003D51.tmp
9/30/2005 9:17:06 PM H 30 C:\WINDOWS\Temp\CS9B6432DA-7503-484D-8E34-73F7AF80844F.tmp
9/30/2005 9:16:20 PM H 38434 C:\WINDOWS\Temp\CS9C5BEC10-FAD7-450E-BC12-F8839DE3E464.tmp
9/30/2005 9:16:20 PM H 0 C:\WINDOWS\Temp\CS9F296CE1-6BB8-4F5E-8FC5-0249E4857049.tmp
9/30/2005 9:16:20 PM H 140 C:\WINDOWS\Temp\CSA0976592-6D3E-4359-B4F7-D89C86E1F0A0.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CSA3C09B5E-534B-4E85-8F50-E2F3F1AF555B.tmp
9/30/2005 9:16:20 PM H 2323146 C:\WINDOWS\Temp\CSA7E9B231-A77D-49A3-A4AB-D0F8877963D8.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CSA9D2FE2F-0C0B-46C3-81BC-2D4DB708EE84.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CSAB368C57-67B4-4FD0-83C5-2EDAE9C185C1.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CSAF38DFE5-AE60-453D-B2DA-38A782DDFFF4.tmp
9/30/2005 9:16:20 PM H 204 C:\WINDOWS\Temp\CSB299B554-B7CD-49C6-A1DB-0AAA51B0125F.tmp
9/30/2005 9:17:06 PM H 48 C:\WINDOWS\Temp\CSB44B4B2A-7339-44D2-8A49-A2B29374314A.tmp
9/30/2005 9:17:06 PM H 120 C:\WINDOWS\Temp\CSB5EE15C5-E1A6-4B4E-B62F-40E3F660BBDC.tmp
9/30/2005 9:17:06 PM H 162 C:\WINDOWS\Temp\CSB9BD4CDD-A600-4423-8528-81D252342A27.tmp
9/30/2005 9:16:20 PM H 1105702 C:\WINDOWS\Temp\CSBE1904BB-0551-40D3-8F22-A506B5880C44.tmp
9/30/2005 9:17:06 PM H 68 C:\WINDOWS\Temp\CSBE87930B-4A12-4250-AB1E-9FCB63A78C24.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CSC4CE90E1-83F3-4730-83E7-32BBA47567FF.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CSC72DF72B-B4C8-4F21-9D7B-2F59022E2431.tmp
9/30/2005 9:20:08 PM H 74264 C:\WINDOWS\Temp\CSC8C6EA88-4A3C-4653-B482-8DEBAFCF3FEF.tmp
9/30/2005 9:17:06 PM H 14 C:\WINDOWS\Temp\CSC8D70AC1-3596-4F1E-849E-364AE7AEF56D.tmp
9/30/2005 9:17:06 PM H 136 C:\WINDOWS\Temp\CSC99B1FF8-3105-4815-BBA2-9050C2BBFAED.tmp
9/30/2005 9:16:20 PM H 569404 C:\WINDOWS\Temp\CSD1F1D7D5-7A61-458A-9116-3CE6806D0FB4.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CSD4A3E722-C3C3-4DC9-9A63-1EBF16760DBD.tmp
9/30/2005 9:17:06 PM H 322 C:\WINDOWS\Temp\CSD5652D2D-2B90-4B58-AD18-14FC3DF912DA.tmp
9/30/2005 9:16:20 PM H 30 C:\WINDOWS\Temp\CSD6BC78F3-36BA-4005-B2A7-BC3147BA46E3.tmp
9/30/2005 9:17:06 PM H 310 C:\WINDOWS\Temp\CSD7A3AA1B-647C-4EF1-B60E-400E042ABD3E.tmp
9/30/2005 9:17:06 PM H 340 C:\WINDOWS\Temp\CSD7CC76DF-A9A3-43A5-AF31-610B6042817A.tmp
9/30/2005 9:17:06 PM H 42 C:\WINDOWS\Temp\CSD8FDD305-0CBD-4AC0-B793-4D44DED8E747.tmp
9/30/2005 9:17:06 PM H 42 C:\WINDOWS\Temp\CSD939CE2E-C247-4E02-9DFD-69367DC9DFF9.tmp
9/30/2005 9:16:20 PM H 369 C:\WINDOWS\Temp\CSDA955B8B-79BC-4005-971E-A1AE7697EA80.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CSDD8DCBC3-11BB-4B26-864D-25CC57FA689C.tmp
9/30/2005 9:17:06 PM H 426 C:\WINDOWS\Temp\CSE05BEEE9-D880-4F34-9FE9-ACD208B1D161.tmp
9/30/2005 9:17:06 PM H 118 C:\WINDOWS\Temp\CSE18733BD-BD94-406B-8BF2-586DEAFE63AE.tmp
9/30/2005 9:16:20 PM H 748 C:\WINDOWS\Temp\CSE4FAB894-5485-4D07-B790-EE1309DAEBDD.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CSEC7C103F-C573-4422-80AC-AD7835E66A91.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CSEEF83116-BB68-4F90-B726-1DC18C6B7E1F.tmp
9/30/2005 9:17:06 PM H 100 C:\WINDOWS\Temp\CSF6AD2FF5-7AD0-41EC-A8AB-115163194013.tmp
9/30/2005 9:17:06 PM H 96 C:\WINDOWS\Temp\CSF76F4739-59E4-4840-83EF-4DABC2A5B945.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CSF9E915D9-1FDA-4FA4-A3E1-822AA199A632.tmp
9/30/2005 9:17:06 PM H 10 C:\WINDOWS\Temp\CSFDA1160D-8A42-4935-8DDD-84704A6472B8.tmp
Checking for CPL files...
Microsoft Corporation 8/4/2004 7:00:00 AM 68608 C:\WINDOWS\SYSTEM32\ACCESS.CPL
Microsoft Corporation 8/12/2004 9:55:48 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/12/2004 9:55:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
9/18/2003 5:18:00 AM R 24576 C:\WINDOWS\SYSTEM32\cpl_moh.cpl
Microsoft Corporation 8/12/2004 9:56:50 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/12/2004 9:57:24 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/12/2004 9:57:42 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/12/2004 9:58:04 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/12/2004 9:58:08 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/12/2004 9:58:16 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/12/2004 9:58:22 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 11/19/2003 7:48:12 PM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/12/2004 9:59:12 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/12/2004 9:59:56 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/12/2004 10:01:36 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/12/2004 10:02:08 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/12/2004 10:02:44 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/12/2004 10:02:52 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/12/2004 10:03:40 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel® Corporation 3/2/2004 1:39:06 PM 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl
RealNetworks, Inc. 2/23/2005 2:18:00 AM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Apple Computer, Inc. 1/6/2004 6:02:36 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/12/2004 10:06:56 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/12/2004 10:07:14 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/12/2004 10:07:18 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Creative Technology Ltd. 2/18/2004 11:52:50 AM 176128 C:\WINDOWS\SYSTEM32\USBAudio.cpl
Microsoft Corporation 8/12/2004 10:10:30 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 8/12/2004 10:10:42 AM 162304 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 7:00:00 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\access.cpl
Microsoft Corporation 8/12/2004 9:55:48 AM 549888 C:\WINDOWS\SYSTEM32\DLLCACHE\appwiz.cpl
Microsoft Corporation 8/12/2004 9:56:50 AM 135168 C:\WINDOWS\SYSTEM32\DLLCACHE\desk.cpl
Microsoft Corporation 8/12/2004 9:57:24 AM 80384 C:\WINDOWS\SYSTEM32\DLLCACHE\firewall.cpl
Microsoft Corporation 8/12/2004 9:57:42 AM 155136 C:\WINDOWS\SYSTEM32\DLLCACHE\hdwwiz.cpl
Microsoft Corporation 8/12/2004 9:58:04 AM 358400 C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl
Microsoft Corporation 8/12/2004 9:58:08 AM 129536 C:\WINDOWS\SYSTEM32\DLLCACHE\intl.cpl
Microsoft Corporation 8/12/2004 9:58:22 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\joy.cpl
Microsoft Corporation 8/12/2004 9:59:12 AM 187904 C:\WINDOWS\SYSTEM32\DLLCACHE\main.cpl
Microsoft Corporation 8/12/2004 9:59:56 AM 618496 C:\WINDOWS\SYSTEM32\DLLCACHE\mmsys.cpl
Microsoft Corporation 8/12/2004 10:01:36 AM 35840 C:\WINDOWS\SYSTEM32\DLLCACHE\ncpa.cpl
Microsoft Corporation 8/12/2004 10:02:08 AM 25600 C:\WINDOWS\SYSTEM32\DLLCACHE\netsetup.cpl
Microsoft Corporation 8/12/2004 10:02:44 AM 257024 C:\WINDOWS\SYSTEM32\DLLCACHE\nusrmgr.cpl
Microsoft Corporation 8/12/2004 10:02:52 AM 32768 C:\WINDOWS\SYSTEM32\DLLCACHE\odbccp32.cpl
Microsoft Corporation 8/12/2004 10:03:40 AM 114688 C:\WINDOWS\SYSTEM32\DLLCACHE\powercfg.cpl
Microsoft Corporation 8/4/2004 7:00:00 AM 155648 C:\WINDOWS\SYSTEM32\DLLCACHE\sapi.cpl
Microsoft Corporation 8/12/2004 10:06:56 AM 298496 C:\WINDOWS\SYSTEM32\DLLCACHE\sysdm.cpl
Microsoft Corporation 8/12/2004 10:07:14 AM 28160 C:\WINDOWS\SYSTEM32\DLLCACHE\telephon.cpl
Microsoft Corporation 8/12/2004 10:07:18 AM 94208 C:\WINDOWS\SYSTEM32\DLLCACHE\timedate.cpl
Microsoft Corporation 8/12/2004 10:10:30 AM 148480 C:\WINDOWS\SYSTEM32\DLLCACHE\wscui.cpl
Microsoft Corporation 8/12/2004 10:10:42 AM 162304 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
10/19/2005 4:30:58 PM 1851 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
10/21/2005 6:43:18 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
2/23/2005 2:08:12 AM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
10/13/2005 10:50:02 AM 2169 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/21/2005 6:29:56 PM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
Checking files in %USERPROFILE%\Startup folder...
8/10/2004 3:04:12 PM HS 84 C:\Documents and Settings\Timothy\Start Menu\Programs\Startup\DESKTOP.INI
Checking files in %USERPROFILE%\Application Data folder...
8/10/2004 2:57:42 PM HS 62 C:\Documents and Settings\Timothy\Application Data\DESKTOP.INI
10/3/2005 12:48:42 PM 57656 C:\Documents and Settings\Timothy\Application Data\GDIPFONTCACHEV1.DAT
10/18/2005 12:22:20 AM 2926 C:\Documents and Settings\Timothy\Application Data\wklnhst.dat
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\MP3ToWave
{DC6FA7E0-6666-11D5-8CE2-444553540000} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
MSN Search Toolbar Helper = C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\system32\Shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BA52B914-B692-46c4-B683-905236F6F655} = :
{40D41A8B-D79B-43d7-99A7-9EE0F344C385} = AIM Search : C:\Program Files\AIM Toolbar\AIMBar.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Search Toolbar : C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
ButtonText = PartyPoker.com : C:\Program Files\PartyPoker\PartyPoker.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Search Toolbar : C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{40D41A8B-D79B-43D7-99A7-9EE0F344C385} = AIM Search : C:\Program Files\AIM Toolbar\AIMBar.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Search Toolbar : C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IntelMeM C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
CTSysVol C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
P17Helper Rundll32 P17.dll,P17Helper
UpdReg C:\WINDOWS\UpdReg.EXE
Drag'n'Drop_Autolaunch "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ATICCC "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Norton SystemWorks "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check
item America Online 9.0 Tray Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DellSupport
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DSAgnt
hkey HKCU
command "C:\Program Files\Dell Support\DSAgnt.exe" /startup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DSAgnt
hkey HKCU
command "C:\Program Files\Dell Support\DSAgnt.exe" /startup
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCAgentExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcagent
hkey HKLM
command c:\PROGRA~1\mcafee.com\agent\mcagent.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcagent
hkey HKLM
command c:\PROGRA~1\mcafee.com\agent\mcagent.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCUpdateExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcupdate
hkey HKLM
command C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcupdate
hkey HKLM
command C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MPFExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MpfTray
hkey HKLM
command C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MpfTray
hkey HKLM
command C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirusScan Online
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcvsshld
hkey HKLM
command c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcvsshld
hkey HKLM
command c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VSOCheckTask
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcmnhdlr
hkey HKLM
command "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcmnhdlr
hkey HKLM
command "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/21/2005 9:09:34 PM
Logfile of HijackThis v1.99.1
Scan saved at 9:13:51 PM, on 10/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Timothy\Desktop\Hijackthis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com/ (http://\"http://www.nascar.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?3abffb653bff43bbbc72c0abf1a46ad0
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?3abffb653bff43bbbc72c0abf1a46ad0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} (EARTPatch8X Class) - http://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab (http://\"http://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127859030000 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127859030000\")
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
-
Let's ensure there is nothing still left over from Alcan
Download Brute force uninstaller (http://\"http://www.merijn.org/files/bfu.zip\")
Unzip it to a folder of it’s own (c:\BFU).
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Next to the 'scriptfile to execute'
Click the Globe icon = (Open script URL)
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:
http://metallica.geekstogo.com/p2pnetwork.bfu
Click Ok
Then click Execute in Brute Force Uninstaller.
Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.
Restart your computer
Where did you get your updated drivers for your video card at?
From the manufacturer? or Windows updates
Can you also right click the desktop and left click properties
Click the Desktop tab>>Customize desktop>>Web tab
Uncheck "Lock desktop items" if checked
OK it and then click Apply
Also, can you run this file thru
Jotti's Online Malware scan (http://\"http://virusscan.jotti.org/\")
Give this site time to load if busy
Use the browse button and navigate to this file on your hard drive
C:\WINDOWS\SYSTEM32\gfhkj.ini <-this file
Right click on it and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
-
I tried everything, but still getting the same symptoms.
I got the driver directly from the ATI website, ATI is the company that makes the Radeon X300 graphics card that I have. I updated all the drivers after these things started happening though.
I'm really stumped about this, I've had bugs and adware before, but nothing ever like this, nothing I wasn't able to fix. I'm kinda thinking it's the hardware but the computer isn't that old, and I never had any problems with my old Dell, which is still running great after 7 years lol.
Here's the results from Jotti's site, didn't find anything:
Service load: 0% 100%
File: gfhkj.ini
Status: OK
MD5 2c18e64770fd8fd1f09efe7df40738d1
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
-
I just tried something, I kept right clicking on the desktop and now in IE and almost everytime where the left side off the popup box was it left a light blue line, like the ones I've been seeing. Then when I minimize or maximize the IE window the lines disappear. I was thinking that might be a sign the memory is messed up or damaged. I dunno doesn't look good.