Show Posts

1

Tech Clinic / Dualism Whats up with that?

« on: April 15, 2007, 11:21:14 AM »

I have XP pro. and limited HD space
I used the start/search/pictures function to gather all the pics I have saved here and there in the PC just to see if I could gain some space by getting rid of irrelevant ones.

What I found is after the program found all the pictures on the PC - - if I clicked on the "NAME" header on the column, or the "size" header................that there were doubles.
Using up the same amount of memory....and located in the same space.
This is not restricted just to image files, it is also in document files.
When I see that there is something different say in the location of the file - OK I know that it is different and there for a reason.
But these image files are in the same place - IDENTICAL in name(there is no 1 added), identical in size, identical in placement.
Yet if I delete one of them, they both disappear and only 1 is in the recycle bin at its size(lets say 25K). If I restore it, 2 appear at 25K apiece.
WHAT IS UP WITH THAT???

This even happens with document files.

Backups done on my machine = O
Anything I put in the machine that I need to keep goes on a floppy. That is my backup.

I definitely could use the extra space if it actually does exist...and some dumb program is doing this doubling thing....

For example My desktop I have a picture of Barbara Eden. I have 2 pictures(doubles) in small. and(almost) any other image is doubled. The images supplied for the desktop by Windows remain singular. Any image that came off the net, is doubled be it a document, the document layout.

Can someone explain what is going on?

2

Software / getting bearshare out of my pc?

« on: December 25, 2006, 10:04:54 PM »

I uninstalled it and searched for all bearshare files and deleted them. However I go to my home page and bearshare icon is there which I never gave it permission to do that. How do I normalize the Google page.? Thank you

3

Software / What is the Best Antivirus Software?

« on: December 25, 2006, 09:58:58 PM »

I use AntiVir which seems to find alot of bugs....including one that AVG missed or itself(AVG) was causing color problems to my monitor. AntiVir saw it right away and asked me if it should fix that? I was considering getting either another video card or monitor because that is where I thought the problem was. Hey, that sold me right there,,,and it too is free.

4

Idle Chat / foreign language sites

« on: November 24, 2006, 06:27:31 PM »

Anyway I can change that. It is a help site. The question is in English but the buttons and everything else is in German.

5

Hardware / swapping hard drives question

« on: January 30, 2006, 11:38:08 AM »

Dell P166.

Ain't much but that is what my friend has got. Seemed to work OK especially with cable hook up. I don't know for the animation end, but for email which it is mainly used for adequate. Havn't heard from her in awhile and called. Her machine does not have enough memory. Physically took a look.

OS win XP, with MS office programs and others. Total HDD size 2Gb. Free space remaining 14 mb. with no old emails or pics or other saved files, empty recycle bin. (Yes, I would say she needed a bigger HDD.)

She went and got a second Hdd (8Gb) and had it installed(put in). That is all. Everything is still on the little Hdd.

Now what?. The computer is still running from the smaller HDD(drive C).
How can I transfer it over to the other 8Gb drive(drive D)? Don't ask me about disks, She may still have The XP disk, but the others, no.

Also, it seems that the CD drive has disappeared.

I am not a computer tech nor can afford one (other bills to pay to stay alive)

Where can I get step by step instruction to fix this thing? That would be a great help. And I am new when it comes to insides........a "jumper" to me is a person on a ledge. so a "descript" would be useful. The most I have done inside is fan replacement and addition of ram on other machines.
Thanks mucho in advance.

6

Tech Clinic / XP is making double files

« on: January 08, 2006, 09:41:07 PM »

I went to start/search/photos and as the thumbnails were downloading I changed the view to details and got a double shot of every picture in the same directory and folder. Everything was the same. location, size, time - everything. And it is not just pics, all other files are doubled in my pc.
I don't have that much memory so this is unneeded.
Any idea what is happening? How to fix? Appreciate any help. Have shut down computer and done a cold boot - nothing has changed. Still got double entries

Oh , something else. I did delete one of the pictures and both disappeared but only one showed in the recycle bin. When I restored from the recycle bin, I got a double entry, and file size.
Music files have also doubled.(ones I have had for months)

7

Tech Clinic / Getting rid of junk I can't find

« on: October 26, 2005, 08:25:07 AM »

Logfile of HijackThis v1.99.1
Scan saved at 6:21:51 AM, on 10/26/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVSched32.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\bern schau\Desktop\AA-REPAIR\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125637809135
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125795761545
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

8

Tech Clinic / Getting rid of junk I can't find

« on: October 25, 2005, 10:21:28 PM »

Logfile of HijackThis v1.99.1
Scan saved at 7:51:21 PM, on 10/25/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\bern schau\Desktop\AA-REPAIR\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Program

Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE

/min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program

Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: + &Download Express: download this file

- C:\Program Files\Download Express\Add_Url.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl

Class) -

http://update.microsoft.com/windowsupdate/...s/en/x86/client

/wuweb_site.cab?1125637809135
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

Class) -

http://update.microsoft.com/microsoftupdat...ols/en/x86/clie

nt/muweb_site.cab?1125795761545
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik

GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH,

Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks -

C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks -

C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

****NOTE: Ewido did not give me a report to save. However I checked

it over ,,, it said that 6460 infected files were removed (all

Trojans)

Ad-aware came thru clean

Windows CleanUp 4.0 gained 1.91 GB of space

I still have the BFU and P2P programs.

P2P??
(Speaking of which....I did have "LimeWire" for a period of time.

Because I am on dialup modem I unchecked the sharing of files,

however I did download music files for a time. Finally got tired of

it all and nuked the program....which did not uninstall that easily

or cleanly.. I did not keep any of the files either.

Things are better now, however clicking with the mouse is somewhat

sluggish (like connecting back onto the net thru dial up procedures)and it seems the computer is working more (there is alot of

clicking going on inside the pc just to simple tasks - it seems as

though something else is running in surges inside as the hard drive

light comes on in groups and then goes out for a couple of minutes.
Just my observation at this moment.

Is a defrag necessary?

9

Tech Clinic / Getting rid of junk I can't find

« on: October 24, 2005, 02:04:04 PM »

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Current Build Number: 2600
Internet Explorer Version: 6.0.2600.0000

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/23/2001 12:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
Umonitor 8/23/2001 12:00:00 PM 630784 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/23/2001 12:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PECompact2 9/8/2005 8:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/8/2005 8:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/1/2005 8:39:36 PM RH 749 C:\WINDOWS\WindowsShell.Manifest
10/24/2005 7:17:24 AM S 2048 C:\WINDOWS\bootstat.dat
10/21/2005 11:23:12 PM H 54156 C:\WINDOWS\QTFont.qfn
9/1/2005 6:36:20 PM RH 188448 C:\WINDOWS\HWINFO.DAT
9/1/2005 6:35:34 PM H 13122 C:\WINDOWS\folder.htt
9/1/2005 7:48:54 PM H 2969 C:\WINDOWS\ttfCache
9/1/2005 6:34:14 PM H 9793 C:\WINDOWS\HELP\windows.GID
9/1/2005 9:59:52 PM H 10820 C:\WINDOWS\HELP\nocontnt.GID
9/1/2005 6:35:34 PM H 13122 C:\WINDOWS\SYSTEM32\folder.htt
9/1/2005 8:39:36 PM RH 749 C:\WINDOWS\SYSTEM32\cdplayer.exe.manifest
9/1/2005 8:39:58 PM RH 488 C:\WINDOWS\SYSTEM32\logonui.exe.manifest
9/1/2005 8:39:58 PM RH 488 C:\WINDOWS\SYSTEM32\WindowsLogon.manifest
9/1/2005 8:39:36 PM RH 749 C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
9/1/2005 8:39:36 PM RH 749 C:\WINDOWS\SYSTEM32\nwc.cpl.manifest
9/1/2005 8:39:36 PM RH 749 C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
9/1/2005 8:39:36 PM RH 749 C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
10/24/2005 7:16:16 AM H 720896 C:\WINDOWS\SYSTEM32\config\system.LOG
10/24/2005 7:16:16 AM H 81920 C:\WINDOWS\SYSTEM32\config\software.LOG
10/24/2005 7:16:16 AM H 8192 C:\WINDOWS\SYSTEM32\config\default.LOG
9/1/2005 8:22:12 PM H 1024 C:\WINDOWS\SYSTEM32\config\userdiff.LOG
9/1/2005 8:22:10 PM H 1024 C:\WINDOWS\SYSTEM32\config\TempKey.LOG
10/24/2005 7:17:40 AM H 1024 C:\WINDOWS\SYSTEM32\config\SAM.LOG
10/24/2005 7:17:26 AM H 12288 C:\WINDOWS\SYSTEM32\config\SECURITY.LOG
9/15/2005 7:04:56 AM H 1024 C:\WINDOWS\SYSTEM32\config\systemprofile\ntuser.dat.LOG
9/1/2005 8:24:12 PM HS 62 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\desktop.ini
9/1/2005 8:41:18 PM HS 113 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\desktop.ini
9/1/2005 8:41:18 PM HS 113 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
9/1/2005 8:41:18 PM HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
9/1/2005 8:41:18 PM HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
9/1/2005 8:41:18 PM HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KRQBHRU7\desktop.ini
9/1/2005 8:41:18 PM HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OVSVOPP3\desktop.ini
9/1/2005 8:41:18 PM HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AMNIP661\desktop.ini
9/1/2005 8:41:18 PM HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GJ03D8S4\desktop.ini
9/1/2005 8:24:12 PM HS 62 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\desktop.ini
9/1/2005 8:44:02 PM HS 206 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\Programs\desktop.ini
9/1/2005 8:44:02 PM HS 482 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
9/1/2005 8:44:02 PM HS 84 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
9/1/2005 8:44:02 PM HS 348 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
9/1/2005 8:44:02 PM HS 84 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
9/1/2005 8:40:04 PM HS 181 C:\WINDOWS\SYSTEM32\config\systemprofile\SendTo\desktop.ini
9/1/2005 8:24:12 PM HS 62 C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\desktop.ini
9/1/2005 8:59:18 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\9720d58c-e8c8-4caa-9b6a-ed0cfe502fb7
9/1/2005 8:59:18 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
9/1/2005 10:16:42 PM RHS 13695 C:\WINDOWS\SYSTEM32\Restore\filelist.xml
9/1/2005 8:42:28 PM HS 67 C:\WINDOWS\FONTS\desktop.ini
9/1/2005 6:35:32 PM H 19600 C:\WINDOWS\WEB\WVLOGO.GIF
9/1/2005 6:35:32 PM H 4204 C:\WINDOWS\WEB\CONTROLP.HTT
9/1/2005 6:35:32 PM H 11530 C:\WINDOWS\WEB\FOLDER.HTT
9/1/2005 6:35:32 PM H 4988 C:\WINDOWS\WEB\MYCOMP.HTT
9/1/2005 6:35:32 PM H 5044 C:\WINDOWS\WEB\PRINTERS.HTT
9/1/2005 6:35:34 PM H 855 C:\WINDOWS\WEB\webview.css
9/1/2005 6:35:34 PM H 14258 C:\WINDOWS\WEB\default.htt
9/1/2005 6:35:34 PM H 5403 C:\WINDOWS\WEB\nethood.htt
9/1/2005 6:35:34 PM H 8088 C:\WINDOWS\WEB\recycle.htt
9/1/2005 6:35:34 PM H 5495 C:\WINDOWS\WEB\schedule.htt
9/1/2005 6:35:34 PM H 5521 C:\WINDOWS\WEB\dialup.htt
9/1/2005 6:35:34 PM H 44686 C:\WINDOWS\WEB\wvleft.bmp
9/1/2005 6:35:34 PM H 840 C:\WINDOWS\WEB\wvline.gif
9/1/2005 6:35:36 PM H 10931 C:\WINDOWS\WEB\ftp.htt
9/28/2005 4:58:14 PM HS 77312 C:\WINDOWS\WEB\Wallpaper\Thumbs.db
10/24/2005 7:16:08 AM H 6 C:\WINDOWS\TASKS\SA.DAT
9/1/2005 8:41:06 PM RHS 242478 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_1.cab
9/1/2005 8:41:06 PM RHS 19959 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_2.cab
9/1/2005 8:41:06 PM RHS 727 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_3.cab
9/9/2005 6:31:42 AM H 30 C:\WINDOWS\TEMP\CS3E3ECF10-D174-405A-9D0E-E03B963DD4F3.tmp
9/9/2005 6:31:42 AM H 0 C:\WINDOWS\TEMP\CS2A84024B-A968-4B80-80FD-0D0597DE0C0D.tmp
9/9/2005 6:31:42 AM H 0 C:\WINDOWS\TEMP\CSCF1EF2A2-102C-4C07-9D54-BD30F308CF87.tmp
9/9/2005 6:31:42 AM H 2234862 C:\WINDOWS\TEMP\CSE1CEF7F2-60F3-4FC1-98BB-7F2523C30C72.tmp
9/9/2005 6:31:42 AM H 1413142 C:\WINDOWS\TEMP\CS8C93ABB7-7999-4917-85B1-6E8D5F69FAC7.tmp
9/9/2005 6:31:42 AM H 1726954 C:\WINDOWS\TEMP\CSCC79B85D-7525-4617-987D-1AA9F3EC9300.tmp
9/9/2005 6:31:42 AM H 80790 C:\WINDOWS\TEMP\CS540A512A-9618-44D4-85B5-C73B1002309B.tmp
9/9/2005 6:31:42 AM H 360444 C:\WINDOWS\TEMP\CS95F192B2-5A0C-4820-A504-C74C8FE986B6.tmp
9/9/2005 6:31:42 AM H 23436 C:\WINDOWS\TEMP\CS7026B2A2-1416-4CC2-A6E9-EA73943AD364.tmp
9/9/2005 6:31:42 AM H 72836 C:\WINDOWS\TEMP\CS42274365-33FA-4E95-8E32-1D82736EA8F2.tmp
9/9/2005 6:31:42 AM H 1292850 C:\WINDOWS\TEMP\CS026FA6B3-4954-49CC-B6D0-858B3D202040.tmp
9/9/2005 6:31:42 AM H 748 C:\WINDOWS\TEMP\CSE297CAA0-FC97-41EB-961C-EC0BE10EB51C.tmp
9/9/2005 6:31:42 AM H 240 C:\WINDOWS\TEMP\CS16EEE3AC-A587-424E-A373-3616E9831B21.tmp
9/9/2005 6:31:42 AM H 0 C:\WINDOWS\TEMP\CSDD8F6E5E-5900-448E-8B9D-45CFC19836ED.tmp
9/9/2005 6:31:42 AM H 3402 C:\WINDOWS\TEMP\CSCE13CC0D-50FC-4324-9480-F78FFECCFFF7.tmp
9/9/2005 6:31:42 AM H 160 C:\WINDOWS\TEMP\CSC79193A7-9F49-46F1-889A-582BE2338694.tmp
9/9/2005 6:31:42 AM H 5464 C:\WINDOWS\TEMP\CSFB438AE6-34C7-4238-8B4D-87FF57426B3C.tmp
9/9/2005 6:31:42 AM H 69460 C:\WINDOWS\TEMP\CSCE4BAD25-7E83-4615-818A-630A726200C8.tmp
9/9/2005 6:31:42 AM H 333 C:\WINDOWS\TEMP\CS490965C9-795C-4B19-A600-F2C98A1F4C01.tmp
9/9/2005 6:31:42 AM H 1602 C:\WINDOWS\TEMP\CSE0DF9E1A-6445-4C61-97A3-09D8ADECBA5B.tmp
9/9/2005 6:31:42 AM H 128 C:\WINDOWS\TEMP\CS47EFB099-AA82-4017-82FF-0603D48AF8AC.tmp
9/9/2005 6:31:42 AM H 32 C:\WINDOWS\TEMP\CS2BAE2104-DF2B-4F2D-B906-021E21BB0F53.tmp
9/9/2005 6:31:42 AM H 2016 C:\WINDOWS\TEMP\CS62008CE9-4DE1-4B4F-82F7-C98F1231C5E3.tmp
9/9/2005 6:31:42 AM H 1466936 C:\WINDOWS\TEMP\CS0CE55D78-D9DE-44D7-8853-4BB125A76496.tmp
9/9/2005 6:31:42 AM H 902322 C:\WINDOWS\TEMP\CSC53B3870-6E75-4B27-A4B4-33AA145B5035.tmp
9/9/2005 6:31:42 AM H 1077458 C:\WINDOWS\TEMP\CS487ED19D-32A7-4016-BA06-8A7BD6D11757.tmp
9/9/2005 6:31:42 AM H 556628 C:\WINDOWS\TEMP\CS90375F74-938C-4C15-8C39-8D2ADC688058.tmp
9/9/2005 6:31:42 AM H 40712 C:\WINDOWS\TEMP\CSD592C3CA-2DDA-4196-85D4-286BDEDA6B98.tmp
9/9/2005 6:31:42 AM H 104878 C:\WINDOWS\TEMP\CSFD0C5196-65C9-4333-A9FE-E9232F8E5B17.tmp
9/9/2005 6:31:42 AM H 38312 C:\WINDOWS\TEMP\CS8ED5DB2E-F018-40FD-B606-D06BD57FD8F4.tmp
9/9/2005 6:31:42 AM H 6460 C:\WINDOWS\TEMP\CS9EF6B288-B141-419A-913E-335E362D5635.tmp
9/9/2005 6:31:42 AM H 204 C:\WINDOWS\TEMP\CSDE790104-9006-42ED-A0A4-78B9E3FB9FBB.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CSD87BFE67-4E20-427B-ACA4-9F84AED06D69.tmp
9/9/2005 6:32:08 AM H 508 C:\WINDOWS\TEMP\CSC8733840-1BD8-4F93-AF29-887002EA7AC9.tmp
9/9/2005 6:32:08 AM H 14 C:\WINDOWS\TEMP\CS0F212E94-9FDE-4E9C-B1C6-F972FD45FAE5.tmp
9/9/2005 6:32:08 AM H 30 C:\WINDOWS\TEMP\CS5D9DB00F-AC9C-4265-B485-0750685D9B8F.tmp
9/9/2005 6:32:08 AM H 48 C:\WINDOWS\TEMP\CSFA5D3313-4B64-4963-B8A5-2429FBAAD879.tmp
9/9/2005 6:32:08 AM H 412 C:\WINDOWS\TEMP\CS648B1A6B-5528-4BBF-8CB3-2C49D1DF0D67.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS553E2234-5982-49B6-9A92-A5F2899E79E9.tmp
9/9/2005 6:32:08 AM H 508 C:\WINDOWS\TEMP\CS4B3297D5-568C-44F9-91D7-7DA13EC9BF82.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS049AD159-FE76-4BBF-92F3-4BF380115948.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS73AD5D18-56A9-436E-9A02-32ABB5982FDD.tmp
9/9/2005 6:32:08 AM H 346 C:\WINDOWS\TEMP\CS4E5EFD2D-8D23-48C9-899F-1C360B6F6EE2.tmp
9/9/2005 6:32:08 AM H 428 C:\WINDOWS\TEMP\CS2981E7DC-EE2B-4F03-84DA-E6A517AF2460.tmp
9/9/2005 6:32:08 AM H 572 C:\WINDOWS\TEMP\CSEBE856BD-178A-46C1-AA2B-146E6731FCB2.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS9A24D262-6EF0-4833-9972-F499A1D2B3B0.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CSF8CBA213-87B1-4767-A371-C276E62F1E90.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS81DA16EE-4249-4584-8BB3-2B47D7B9E315.tmp
9/9/2005 6:32:08 AM H 436 C:\WINDOWS\TEMP\CS8A17643D-4AC4-4F14-8990-F6D910247A4A.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CSA3C429F9-6FCF-4A80-A233-63E31FBF2ECD.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS84BB7DF4-2416-4F96-AE36-A602187B45AE.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS98E39860-0AFE-4411-B116-6BFB91897E31.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CSC3725423-2CD1-46A6-9858-567865EF9EC2.tmp
9/9/2005 6:32:08 AM H 412 C:\WINDOWS\TEMP\CS9D8A87D0-4C63-443D-A994-E3E10A79E5DE.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS85044270-C336-49DA-810E-213A7D777B4E.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS62DD81BE-74E7-4865-9FD4-D8A5955AE66F.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS4B15A1BB-6983-4F3D-9B94-1E0FFDC0A326.tmp
9/9/2005 6:32:08 AM H 42 C:\WINDOWS\TEMP\CS25214661-EDF9-416B-9D75-BD912A9BDB8F.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CSDFDDC863-7925-4639-A5EE-FB225BD1E658.tmp
9/9/2005 6:32:08 AM H 102 C:\WINDOWS\TEMP\CS6A0DE925-000C-4506-8F19-DDF65971696A.tmp
9/9/2005 6:32:08 AM H 120 C:\WINDOWS\TEMP\CS85A0201B-A5C0-49DA-9785-7D98F0D40C7B.tmp
9/9/2005 6:32:08 AM H 136 C:\WINDOWS\TEMP\CS5DB90B5F-35A7-43B2-BFFE-A34A05359C30.tmp
9/9/2005 6:32:08 AM H 96 C:\WINDOWS\TEMP\CS36399186-59BB-4292-8A69-EF166DB45FBC.tmp
9/9/2005 6:32:08 AM H 484 C:\WINDOWS\TEMP\CSF3DB41E0-848B-4745-926F-DBBEEDAF0BDB.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS418F131B-4290-46A5-958C-B144FB538397.tmp
9/9/2005 6:32:08 AM H 604 C:\WINDOWS\TEMP\CS191F46C6-E5F3-4AAC-B2C1-69A4F04FE708.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CSE7805D78-C5B4-4C4A-A37A-71F1AE9CFE72.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS2CFC510B-0E27-46DD-81F2-F97A90327BB2.tmp
9/9/2005 6:32:08 AM H 100 C:\WINDOWS\TEMP\CS45A24491-3610-42A0-8285-5CC42C438712.tmp
9/9/2005 6:32:08 AM H 664 C:\WINDOWS\TEMP\CS7BADC4FC-55F8-4DE0-83EF-E18BB58A555E.tmp
9/9/2005 6:32:08 AM H 408 C:\WINDOWS\TEMP\CS8D265D88-DC08-4CEA-810C-5E9FFE0C7113.tmp
9/9/2005 6:32:08 AM H 528 C:\WINDOWS\TEMP\CSF1201B4C-1338-4D9E-855F-FAA599321DEB.tmp
9/9/2005 6:32:08 AM H 114 C:\WINDOWS\TEMP\CS2ED77DCC-DE3A-4CBA-AE86-58785CC34749.tmp
9/9/2005 6:32:08 AM H 30 C:\WINDOWS\TEMP\CSD226E34A-3A1B-4A0D-B8D3-CB73E72100DA.tmp
9/9/2005 6:32:08 AM H 48 C:\WINDOWS\TEMP\CS8C88EF88-5ABD-4351-9D2D-ACA41E606940.tmp
9/9/2005 6:32:08 AM H 42 C:\WINDOWS\TEMP\CS900C1BC0-A931-455C-A27B-2FE5E81D1E87.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS76F16372-8C0C-4255-86AA-DC3A4DE2F49F.tmp
9/9/2005 6:32:08 AM H 418 C:\WINDOWS\TEMP\CS600DE2A1-7600-4EFD-B332-E6CB82EF2CED.tmp
9/9/2005 6:32:08 AM H 48 C:\WINDOWS\TEMP\CS9484667D-BA23-46EA-88F1-AFDBFC4C21FF.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS72CBE9D4-E95C-49F4-895D-A1EE41A7B298.tmp
9/9/2005 6:32:08 AM H 68 C:\WINDOWS\TEMP\CSE6E8DF90-FBEA-4748-AF98-09AC36AE17DC.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS305525F2-235A-4684-9F7C-28AB57F13060.tmp
9/9/2005 6:32:08 AM H 100 C:\WINDOWS\TEMP\CSC12121D0-A905-4BFD-A074-E9BB5B6AEA11.tmp
9/9/2005 6:32:08 AM H 100 C:\WINDOWS\TEMP\CS6A008EDA-519B-481C-B6CB-9EF31265BDA6.tmp
9/9/2005 6:32:08 AM H 162 C:\WINDOWS\TEMP\CS2C2BE89A-E8D8-4C38-936B-E381F48EFC8A.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS081AD54D-B261-4157-B8BC-52F64BA7AFBB.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CSC5E3A9F5-D194-4C20-AB19-27ABAD7B4F12.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS3162CD30-F6E4-409E-BCFB-CAA4A2BF9212.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CSF907D817-0049-4CA7-8F87-F3679F4575ED.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CSD4616B9E-B094-469C-A91D-3643DF00129C.tmp
9/9/2005 6:32:08 AM H 118 C:\WINDOWS\TEMP\CS8AA6603C-4D4D-4FDD-B7C7-ED4E83A88B23.tmp
9/9/2005 6:32:08 AM H 124 C:\WINDOWS\TEMP\CSFF13544B-2469-4AFE-A5DC-20DBDF35AC3F.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS5D233308-5655-4E3B-8C9C-4628F3BC3C82.tmp
9/9/2005 6:32:08 AM H 50 C:\WINDOWS\TEMP\CS6DADABD8-38D7-4CEE-AAA6-781823772C8C.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS167A08AB-191D-477B-8848-9706A61C1DCB.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS096CE9CA-CDE5-4742-A165-11D551939FD6.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS82F698FF-98FD-4B5B-8E5E-F69B6404A298.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS8629C8D8-34EE-4904-AD26-8D34C3F8E84F.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CS23F5D514-21CB-4293-8313-F76DECAA5EFE.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CSE8A8C956-4A92-4EFB-AB26-EDE53DFF7178.tmp
9/9/2005 6:32:08 AM H 10 C:\WINDOWS\TEMP\CSBAB94B72-1F33-45C3-A9C7-99FFF6C8C641.tmp
9/1/2005 8:39:58 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
9/1/2005 8:39:58 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
9/1/2005 8:45:38 PM H 286720 C:\WINDOWS\repair\ntuser.dat
9/1/2005 10:16:28 PM H 0 C:\WINDOWS\inf\oem0.inf

Checking for CPL files...
Microsoft Corporation 8/23/2001 12:00:00 PM 130048 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 558592 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 119808 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 294912 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 270848 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/23/2001 5:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Apple Computer, Inc. 8/26/1996 2:12:00 AM R 341504 C:\WINDOWS\SYSTEM32\QTW32.CPL
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/23/2001 5:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 558592 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/23/2001 5:00:00 AM 130048 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 65536 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 294912 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 119808 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 270848 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/10/2005 3:00:50 PM 1661 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
9/1/2005 8:44:02 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/1/2005 8:24:12 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
9/1/2005 8:44:02 PM HS 84 C:\Documents and Settings\bern schau\Start Menu\Programs\Startup\desktop.ini
9/6/2005 11:26:18 PM 829 C:\Documents and Settings\bern schau\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk

Checking files in %USERPROFILE%\Application Data folder...
9/4/2005 9:25:04 AM 1697 C:\Documents and Settings\bern schau\Application Data\AdobeDLM.log
9/1/2005 8:24:12 PM HS 62 C:\Documents and Settings\bern schau\Application Data\desktop.ini
9/4/2005 9:25:04 AM 0 C:\Documents and Settings\bern schau\Application Data\dm.ini
9/6/2005 11:26:18 PM 83 C:\Documents and Settings\bern schau\Application Data\sversion.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
   DigExt    =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AntiVir/Win
   {a7cda720-84ee-11d0-b5c0-00001b3ca278}    = C:\Program Files\AVPersonal\AVShlExt.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win
   {a7cda720-84ee-11d0-b5c0-00001b3ca278}    = C:\Program Files\AVPersonal\AVShlExt.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
    = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
   AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : C:\WINDOWS\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
   Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
   File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
   History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   SystemTray   SysTray.Exe
   AVSCHED32   C:\Program Files\AVPersonal\AVSched32.EXE /min
   AVGCtrl   C:\Program Files\AVPersonal\AVGNT.EXE /min
   TkBellExe   "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
   QuickTime Task   "C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   MSMSGS   "C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
   Key   †€6òØÁbÚðwSõ~–ÁÉ
   Hint   relativity
   FileName0   C:\WINDOWS\System32\RSACi.rat

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
   Allow_Unknowns   1
   PleaseMom   0
   Enabled   1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
   v   4
   s   4
   n   4
   l   4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
   NumSys   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption
   legalnoticetext
   shutdownwithoutlogon   1
   undockwithoutlogon   1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder    {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn    {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck    {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
   SysTray     {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/24/2005 7:29:01 AM

10

Tech Clinic / Getting rid of junk I can't find

« on: October 23, 2005, 08:37:42 PM »

Logfile of HijackThis v1.99.1
Scan saved at 6:22:33 PM, on 10/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\AVPersonal\AVSched32.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\bern schau\Desktop\AA-REPAIR\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125637809135
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125795761545
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

11

Tech Clinic / Getting rid of junk I can't find

« on: October 23, 2005, 10:08:55 AM »

My anti- virus noted this bug in 2500 zip files in a folder I can't find. I never knowingly downloaded these porn zips and almost all memory is used up because of them. The bug is TR/Drop.WinAD.H
I am running Win XP, have Spybot, Ad-aware and AntiVir. Appreciate some help as I don't have enough free memory to do a system restore(I am under the impression I could go back in time before problems existed-maybe not???)

TheTechGuide Forum

News:

Messages - friedemann

Tech Clinic / Dualism Whats up with that?

Software / getting bearshare out of my pc?

Software / What is the Best Antivirus Software?

Idle Chat / foreign language sites

Hardware / swapping hard drives question

Tech Clinic / XP is making double files

Tech Clinic / Getting rid of junk I can't find

Tech Clinic / Getting rid of junk I can't find

Tech Clinic / Getting rid of junk I can't find

Tech Clinic / Getting rid of junk I can't find

Tech Clinic / Getting rid of junk I can't find