Very slow computer

**PattiChati** · 10-12-2006, 12:48 PM

I have windows xp with plenty of ram. I have done all the normal stuff to clean the spyware and viruses - have all the recommended programs. I wanted to try and send a hijack log, but don't have a clue how to do this. Also, I have messed around with registry in the past with bad luck. I know there is a registry program out there that is supposed to be safe for the novice, does anyone know what it is?
I would appreciate help in figuring out how to fix this computer which is on cable modem and registering 10,000 for upload speed, so it is not the cable.
HELP - please. Thank you.

**PattiChati** · 10-12-2006, 01:41 PM

Here is a copy of my hijack log - I see other people do this, so I thought I would - this is so foreign to me!!! Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 2:36:59 PM, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - https://support.gateway.com/support/.../PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120272948833
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1122653503312
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - https://support.gateway.com/support/...vest/gwCID.CAB
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

**PhilliePhan** · 10-12-2006, 02:09 PM

Hi Patti,

I don't see much there (with regard to malware) at quick glance.

Registry cleaners can be iffy. In the past, I have used ToniArts EasyCleaner
But, always remember to back up your registry before running one of these tools!!!! That will save a lot of headaches, should something go wrong.

But, before you do that, a few questions:

-- Have you tried Defragmenting your Hard Drive? I'd do that first.

-- Also, try this:
- Download ATF-Cleaner.exe by Atribune to your Desktop.
- Click on ATF-Cleaner to run it
- Where it says Select Files To Delete, Check the Select All Option
- Click Empty Selected > OK > EXIT

-- When did compy start to become slow? Was it gradual or all at once? Did you install any new software recently?

-- What are you keeping from running with Selective Startup via msconfig?

-- Your Java is a tad out of date.

At quick glance, I do not think you have a malware issue.
Judy or one of the other regulars will probably chime in before I can check back, so hang in there!

Best luck

PP

**PattiChati** · 10-12-2006, 02:19 PM

Yes, I have defraged. It started to become slow gradually I believe. I have spyware blaster, adaware, spybot, ewido, ccleaner. On the msconfig I only have 5 things running, have always had that and it used to just hum along. Now it is slow to not only open websites, but mail, changing windows, just everything. I used to use Firefox, but now use slimbrowser, but that hasn't made any difference. I have tried opening IE, Firefox and Slimbrowser and I get all the same.
Thanks.

**PhilliePhan** · 10-12-2006, 07:10 PM

Originally Posted by PattiChati

Yes, I have defraged. It started to become slow gradually I believe. I have spyware blaster, adaware, spybot, ewido, ccleaner. On the msconfig I only have 5 things running, have always had that and it used to just hum along. Now it is slow to not only open websites, but mail, changing windows, just everything. I used to use Firefox, but now use slimbrowser, but that hasn't made any difference.

Ok . . . . Let's try one more thing to rule out Malware:

-- Please go to this link and follow the instructions to scan with WinPFind by OldTimer.
Please submit the WinPFind Log for me.

-- How many different User Accounts are on this machine?

-- Is it an old machine? Where is it located? (the reason I ask is that boxes that are on the floor tend to accumulate dust much faster that those on a desk . . .)
It could be an overheating issue due to dust accumulation . . . . .

PP

**PattiChati** · 10-12-2006, 02:20 PM

One more thing - I use Ccleaner to clean the computer and have used it on occasion to clean registry.

**TurcoLoco** · 10-12-2006, 09:58 PM

Hi Patti,

I just wanted to comment on one thing that I noticed that is worth mentioning I believe:

Originally Posted by PattiChati

One more thing - I use Ccleaner to clean the computer and have used it on occasion to clean registry.

In the past, I even personally seen CCleaner's Registry Cleanup function to do more damage than good on a few occasions. I have not tried the registry cleaner function in any of the version 1.3x but the latest version I checked (1.29x series) still was a bit iffy with the registry cleaning so I do not recommend using the registry cleaning function of CCleaner.

Besides there are quite a few reliable, good performing Registry cleaners/optimizers that are also free. RegScrubXP and RegSeeker are two of them...I am in the process of completing a Software Sticky which will have brief reviews of those 2 programs and much more including, their weaknesses, strong points, tips and tricks about each one, etc.

As PP mentioned prior to doing anything in Windows Registry (manually or using a program), always and always and always and always.....and always backup the registry first.

Erunt is a hell of a freebie that does a splendid job of backing up and restoring a previously created backup. Its registry optimizer portion is also pretty solid imo. I will also have Erunt in my sticky as well. This program saved my and few other people's behind on several occasions! Highly recommended.

Ok, I typed too long already, the rest, you and others can read when the sticky is published.
Now I leave you in PP's care...ttfn,

~TL

PS. wonder why the entry

wklnhst.dat

that I noticed in one of your logs shows up on many many links pointing to infected systems when I searched in google? Is it bad or ..., search on it further and wait for PP's feedback.

**PattiChati** · 10-12-2006, 07:23 PM

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 10/12/2006 8:13:47 PM
WinPFind v1.5.0 Folder = C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YI43SCZL\WinPFind[1]\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
qoologic 11/9/2005 6:42:20 PM 532480 C:\Program Files\cwshredder.exe (Trend Micro Incorporated)
urllogic 11/9/2005 6:42:20 PM 532480 C:\Program Files\cwshredder.exe (Trend Micro Incorporated)
urllogic 11/9/2005 6:42:20 PM 532480 C:\Program Files\cwshredder.exe (Trend Micro Incorporated)
UPX! 10/7/2005 11:11:40 AM 372963 C:\Program Files\dcsetup.exe ()
UPX! 10/17/2005 7:21:42 PM 218112 C:\Program Files\hijackthis.exe (Soeperman Enterprises Ltd.)
PTech 10/18/2005 4:00:08 PM 654920 C:\Program Files\mtinst.exe ()
UPX! 4/5/2005 11:36:14 PM 371856 C:\Program Files\spyaudit1_1791698190.exe ()
qoologic 11/16/2005 7:59:18 PM 203302 C:\Program Files\WinPFind.zip ()

Checking %WinDir% folder...
UPX! 12/21/1999 7:58:02 AM 21312 C:\WINDOWS\choice.exe ()

Checking %System% folder...
PEC2 8/4/2004 3:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 2/15/1997 12:24:14 AM 197171 C:\WINDOWS\SYSTEM32\Dwapilib.tlb ()
aspack 11/3/2005 3:21:34 PM 1209344 C:\WINDOWS\SYSTEM32\Incinerator.dll ()
PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 10/4/2006 4:03:46 PM 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 10/4/2006 4:03:46 PM 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/18/2001 8:36:52 AM 1135616 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 8/4/2004 3:00:00 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 3:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
UPX! 4/9/2005 8:52:50 PM 27136 C:\WINDOWS\SYSTEM32\PCWizard.cpl ()
Umonitor 8/4/2004 3:00:00 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 8/4/2004 3:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
UPX! 9/28/2006 9

28 AM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
FSG! 9/28/2006 9

28 AM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PEC2 9/28/2006 9

28 AM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
aspack 9/28/2006 9

28 AM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/12/2006 6:37:08 PM S 2048 C:\WINDOWS\bootstat.dat ()
10/12/2006 6:44:04 PM H 0 C:\WINDOWS\LastGood\INF\oem14.inf ()
10/12/2006 6:44:04 PM H 0 C:\WINDOWS\LastGood\INF\oem14.PNF ()
8/21/2006 9:00:10 AM S 11749 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat ()
8/16/2006 8:30:44 AM S 14901 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922819.cat ()
8/25/2006 1:06:28 PM S 13285 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923191.cat ()
8/14/2006 11:19:02 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923414.cat ()
9/13/2006 1:23:54 AM S 9435 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924191.cat ()
9/4/2006 2:38:52 AM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924496.cat ()
9/18/2006 10:40:26 AM S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486.cat ()
10/12/2006 6:48:36 PM H 1024 C:\WINDOWS\system32\config\default.LOG ()
10/12/2006 6:37:14 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
10/12/2006 6:47:24 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
10/12/2006 8:13:46 PM H 1024 C:\WINDOWS\system32\config\software.LOG ()
10/12/2006 8:10:38 PM H 1024 C:\WINDOWS\system32\config\system.LOG ()
10/12/2006 8:07:10 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DA T.LOG ()
9/26/2006 9:25:54 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\eb5fdc0e-775d-4c1b-81f3-5c33f0b36b89 ()
9/26/2006 9:25:54 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
10/12/2006 6:37:14 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/4/2004 3:00:00 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/19/2004 10:02:46 PM 278528 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
8/4/2004 3:00:00 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
7/1/2004 4:00:42 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
8/4/2004 3:00:00 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/10/2005 2:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/4/2004 3:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
10/9/2002 8:36:12 AM 57344 C:\WINDOWS\SYSTEM32\NeroBurnRights.cpl (Ahead Software AG)
8/4/2004 3:00:00 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
4/9/2005 8:52:50 PM 27136 C:\WINDOWS\SYSTEM32\PCWizard.cpl ()
8/4/2004 3:00:00 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl (Apple Computer, Inc.)
12/29/2002 1:14:38 AM 81920 C:\WINDOWS\SYSTEM32\Startup.cpl ()
8/4/2004 3:00:00 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 110592 C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 380416 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
8/4/2004 3:00:00 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{0E5F0222-96B9-11D3-8997-00104BD12D94} - - CodeBase = https://support.gateway.com/support/.../PCPitStop.CAB
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeup...tent/opuc2.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase = http://update.microsoft.com/windowsu...?1120272948833
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsof...?1122653503312
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{9A57B18E-2F5D-11D5-8997-00104BD12D94} - - CodeBase = https://support.gateway.com/support/...vest/gwCID.CAB
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{DC187740-46A9-11D5-A815-00B0D0428C0C} - - CodeBase = http://ds1.downloadtech.net/cn1060/pcpowerscan.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/26/2004 2:04:46 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/26/2004 6:54:36 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
6/18/2006 10:41:54 PM 5 C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt ()

Checking files in %USERPROFILE%\Startup folder...
8/26/2004 2:04:46 PM HS 84 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
6/15/2006 10:28:04 AM 2790 C:\Documents and Settings\Owner\Application Data\AdobeDLM.log ()
8/26/2004 6:54:36 AM HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini ()
6/15/2006 10:28:04 AM 0 C:\Documents and Settings\Owner\Application Data\dm.ini ()
8/28/2005 9:13:48 PM 2744 C:\Documents and Settings\Owner\Application Data\wklnhst.dat ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Local Page - C:\WINDOWS\SYSTEM32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Bar - http://www.google.com/ie
\\Search Page - http://www.google.com
\\Local Page - C:\WINDOWS\SYSTEM32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar1.dll (Google Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{21569614-B795-46B1-85F4-E737A8DC09AD} - Shell Search Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint = C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\ShellBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} - = ()
\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} - = ()
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - = ()
\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} - = ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8192 =
\\NEXTID - 8197
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} - 8194 =
\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} - 8195 =
\\{724d43aa-0d85-11d4-9908-00400523e39a} - 8196 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\CmdMapping - MenuText: = ()
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{7F67036B-66F1-411A-AD85-759FB9C5B0DB} - SampleView = C:\WINDOWS\system32\ShellvRTF.dll (XSS)
\\{DCED20BE-3645-11D4-BC95-00C04F0E0588} - InoShell = ()
\\{5E44E225-A408-11CF-B581-008029601108} - Roxio DragToDisc Shell Extension = C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll (Roxio)
\\{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC} - My Media = C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll (Roxio, Inc.)
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll (Yahoo! Inc.)
\\ - = ()
\\{AB77609F-2178-4E6F-9C4B-44AC179D937A} - a² Context Menu Shell Extension = ()
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\Cont extMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemO bjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shel lex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\Back Ground\shellex\ContextMenuHandlers]
\igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex \ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe (GRISOFT, s.r.o.)
IgfxTray - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
MSConfig - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
DW4 - C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (The Weather Channel Interactive)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
LogWatch 2
IOLO_SRV 2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk
location Common Startup
command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma Loader
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^bigfix.lnk
location Common Startup
command C:\PROGRA~1\BigFix\BigFix.exe /atstartup
item bigfix

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk
location Common Startup
command C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMC onf.exe /start
item Logitech Desktop Messenger

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk
location Common Startup
command C:\PROGRA~1\Logitech\SetPoint\KEM.exe
item Logitech SetPoint

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk
location Startup
command C:\PROGRA~1\QUICKEN\bagent.exe
item Quicken Scheduled Updates

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\a-squared
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item a2guard
hkey HKCU
command "C:\Program Files\a2\a2guard.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Spyware Protection
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AOLSP Scheduler
hkey HKLM
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOLCC
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ACCAgnt
hkey HKCU
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOLDialer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AOLDial
hkey HKLM
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON Stylus CX4600 Series
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item E_FATI9AA
hkey HKLM
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gcasServ
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gcasServ
hkey HKLM
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkcmd
hkey HKLM
command C:\WINDOWS\system32\hkcmd.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPDJ Taskbar Utility
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpztsb04
hkey HKLM
command C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LDM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BackWeb-8876480
hkey HKCU
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OpwareSE2
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item OpwareSE2
hkey HKLM
command "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pure Networks Port Magic
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PortAOL
hkey HKLM
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Recguard
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RECGUARD
hkey HKLM
command C:\WINDOWS\SMINST\RECGUARD.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PDVDServ
hkey HKLM
command "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoboForm
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RoboTaskBarIcon
hkey HKCU
command "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxioAudioCentral
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RxMon
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxioDragToDisc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DrgToDsc
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxioEngineUtility
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item EngUtil
hkey HKLM
command "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMSystemAnalyzer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SMSystemAnalyzer
hkey HKCU
command "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMan
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SOUNDMAN
hkey HKLM
command SOUNDMAN.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GoogleToolbarNotifier
hkey HKCU
command C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go ogleToolbarNotifier.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SystemGuardAlerter
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SystemGuardAlerter
hkey HKLM
command "C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -u
hkey HKLM
command %systemroot%\system32\dumprep 0 -u
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YBrowser
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ybrwicon
hkey HKLM
command C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ymetray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ymetray
hkey HKLM
command "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YOP
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item yop
hkey HKLM
command C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 2
startup 2

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -
\\YPC 3.2.0 - Yahoo! Parental Controls

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{54D9498B-CF93-414F-8984-8CE7FDE0D391} - CShellExecuteHookImpl Object = C:\Program Files\ewido\security suite\shellhook.dll ()

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{D7565CA7-0787-4962-B7D7-F0DFF7F303B0} - (1394 Net Adapter)
{E411D058-4DE0-4953-B54E-5E7B92BEB1F8} - (Intel(R) PRO/100 VE Network Connection)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WinSock2\Parameters\NameSpace_Catalog5\Catalog_ Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WinSock2\Parameters\Protocol_Catalog9\Catalog_E ntries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filt er]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

**PattiChati** · 10-12-2006, 07:25 PM

I am the only user on this account. I do have SBC yahoo installed also, as well as INternet Explorer and the slimbrowser.
Thanks.

**PattiChati** · 10-12-2006, 10:05 PM

Thanks for your reply. But what is a "sticky" and who is PP? I will wait to download a new cleaner after I read your "sticky".
Thanks.

Thread: Very slow computer

Thread Tools

Display

Hybrid View

Very slow computer

Thread Information

Users Browsing this Thread

Posting Permissions