Solved: Winmgmt.exe Constant PoP-Up Help. Hijack this included

Zwan · Dec 29, 2006

Hi everyone, I am attempting to save some data on an old computor, but it has become nigh impossible due to constant winmgmt.exe error pop-ups, I was hoping someone could help me tackle this beast.

In a nut shell, I am recieving an error pop-up that reads "Winmgmt.exe has generated errors and will be closed by windows, you will need to restart the program" roughly every 2 seconds, sometimes even shorter intervals. I have run AVG, Ad-aware 6, and Spybot search and destroy, allof which have removed various things, but the problem persists.

I am currently running windows 2000 pro, with SP4.

Here is my Hijack this Log;

Logfile of HijackThis v1.99.1
Scan saved at 2:58:37 PM, on 12/29/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.google.com
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msmc] C:\WINNT\system32\msgked.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O15 - Trusted Zone: http://www.wc3campaigns.com
O15 - Trusted Zone: http://www.wc3modforge.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167345416125
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

Any help would be great, I am a musician and this comp has about 50 or 60 of my old songs Id like to get uploaded to the net before they are lost forever. My cd-rom drive is dead so a simple burn is not an option.

cybertech · Dec 29, 2006

Use Taskmanager (Ctrl-Alt-Del) to end task on msgked.exe

Run HJT again and put a check in the following:

O4 - HKCU\..\Run: [msmc] C:\WINNT\system32\msgked.exe

Close all applications and browser windows before you click "fix checked".

Now delete the file.

Is your attempt to update and fix this computer or just get your data?

Zwan · Dec 29, 2006

Done. I also deleted the Winmgmt.$CFG$ as suggested in another thread, and the frequency of the pop up is down to the 45 second ranged, so progress has been made, but the problem persists. Here is a fresh HJ Log;

Logfile of HijackThis v1.99.1
Scan saved at 4:08:19 PM, on 12/29/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\cidaemon.exe
C:\Documents and Settings\administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.google.com
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O15 - Trusted Zone: http://www.wc3campaigns.com
O15 - Trusted Zone: http://www.wc3modforge.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167345416125
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

My main priority at the moment is to save the data, but if I could resolve this pop up issue this computor is perfectly useable hardware wise and I wouldnt mind keeping it around as a back up. I gave up trying to fix it before and purchased a new rig since this machine is outdated anyway.

cybertech · Dec 30, 2006

Download WinPFind

Right Click the Zip Folder and Select "Extract All"
Extract it somewhere you will remember like the Desktop
Don't do anything with it yet!

Reboot to safe mode.

Double click WinPFind.exe

Click "Start Scan"
It will scan the entire System, so please be patient and let it complete.

Reboot to normal mode.

Go to the WinPFind folder
Locate WinPFind.txt
Copy and paste WinPFind.txt in your next post here please.

Zwan · Dec 30, 2006

I have run winpfind in safe mode and here are the results;

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 12/29/2006 9:34:14 PM
WinPFind v1.5.0 Folder = C:\Documents and Settings\administrator\Desktop\WinPFind\
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195)
Internet Explorer (Version = 6.0.2800.1106)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 4/6/2003 7:07:44 AM 65536 C:\WINNT\IFinst27.exe ()
UPX! 10/3/2003 5:42:18 AM 923136 C:\WINNT\vsapi32.dll (Trend Micro Inc.)
aspack 10/3/2003 5:42:18 AM 923136 C:\WINNT\vsapi32.dll (Trend Micro Inc.)

Checking %System% folder...
UPX! 8/22/2001 8:00:00 PM 84992 C:\WINNT\SYSTEM32\mshlol.dll ()
WSUD 6/19/2003 3:05:04 PM 1011764 C:\WINNT\SYSTEM32\mfc42u.dll (Microsoft Corporation)
UPX! 8/22/2001 8:00:00 PM 113152 C:\WINNT\SYSTEM32\mskplb.dll ()
UPX! 8/22/2001 8:00:00 PM 170496 C:\WINNT\SYSTEM32\msiaih.dll ()
PTech 4/27/2004 8:36:44 PM H 3040567 C:\WINNT\SYSTEM32\kyf.dat ()
PECompact2 12/7/2006 3:13:46 PM 10716584 C:\WINNT\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 12/7/2006 3:13:46 PM 10716584 C:\WINNT\SYSTEM32\MRT.exe (Microsoft Corporation)
winsync 12/7/1999 12:00:00 PM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu ()
Umonitor 1/12/2005 3:39:46 PM 531216 C:\WINNT\SYSTEM32\RASDLG.DLL (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
UPX! 12/28/2006 5:40:28 PM 816672 C:\WINNT\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
FSG! 12/28/2006 5:40:28 PM 816672 C:\WINNT\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PEC2 12/28/2006 5:40:28 PM 816672 C:\WINNT\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
aspack 12/28/2006 5:40:28 PM 816672 C:\WINNT\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)

Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/29/2006 4:00:46 PM H 1473048 C:\WINNT\ShellIconCache ()
12/29/2006 4:02:46 PM H 54156 C:\WINNT\QTFont.qfn ()
6/13/2013 1:05:46 PM HS 6144 C:\WINNT\system32\access.ctl ()
6/13/2013 1:07:46 PM H 1024 C:\WINNT\system32\config\system.LOG ()
12/29/2006 9:38:50 PM H 1024 C:\WINNT\system32\config\software.LOG ()
12/29/2006 3:25:08 PM H 1024 C:\WINNT\system32\config\default.LOG ()
6/13/2013 1:07:46 PM H 1024 C:\WINNT\system32\config\userdiff.LOG ()
6/13/2013 1:07:42 PM H 0 C:\WINNT\system32\config\TempKey.LOG ()
12/29/2006 9:31:20 PM H 1024 C:\WINNT\system32\config\SECURITY.LOG ()
12/29/2006 9:33:18 PM H 1024 C:\WINNT\system32\config\SAM.LOG ()
12/29/2006 2:50:26 PM H 0 C:\WINNT\inf\oem46.inf ()
12/29/2006 9:30:20 PM H 6 C:\WINNT\Tasks\SA.DAT ()
12/29/2006 9:30:18 PM S 64 C:\WINNT\CSC\00000001 ()
12/29/2006 3:26:16 PM S 64 C:\WINNT\CSC\00000002 ()

Checking for CPL files...
6/19/2003 3:05:04 PM 301328 C:\WINNT\SYSTEM32\appwiz.cpl (Microsoft Corporation)
6/19/2003 3:05:04 PM 237328 C:\WINNT\SYSTEM32\DESK.CPL (Microsoft Corporation)
5/1/2002 6:51:36 PM 326144 C:\WINNT\SYSTEM32\joy.cpl (Microsoft Corporation)
12/7/1999 12:00:00 PM 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
12/7/1999 12:00:00 PM 118032 C:\WINNT\SYSTEM32\intl.cpl (Microsoft Corporation)
12/7/1999 12:00:00 PM 36112 C:\WINNT\SYSTEM32\irprops.cpl (Microsoft Corporation)
12/7/1999 12:00:00 PM 122128 C:\WINNT\SYSTEM32\main.cpl (Microsoft Corporation)
12/7/1999 12:00:00 PM 303888 C:\WINNT\SYSTEM32\mmsys.cpl (Microsoft Corporation)
12/7/1999 12:00:00 PM 17168 C:\WINNT\SYSTEM32\ncpa.cpl (Microsoft Corporation)
12/7/1999 12:00:00 PM 41232 C:\WINNT\SYSTEM32\nwc.cpl (Microsoft Corporation)
6/19/2003 3:05:04 PM 41232 C:\WINNT\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
6/3/2005 3:52:54 AM 49265 C:\WINNT\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
6/19/2003 3:05:04 PM 125712 C:\WINNT\SYSTEM32\SYSDM.CPL (Microsoft Corporation)
12/7/1999 12:00:00 PM 5904 C:\WINNT\SYSTEM32\telephon.cpl (Microsoft Corporation)
12/7/1999 12:00:00 PM 61200 C:\WINNT\SYSTEM32\timedate.cpl (Microsoft Corporation)
2/20/2001 1:09:54 PM 109056 C:\WINNT\SYSTEM32\INPUT.CPL (Microsoft Corporation)
4/25/2004 6:15:10 AM 24576 C:\WINNT\SYSTEM32\prefscpl.cpl (RealNetworks, Inc.)
12/7/1999 12:00:00 PM 67344 C:\WINNT\SYSTEM32\access.cpl (Microsoft Corporation)
7/27/2003 10:05:54 AM 295936 C:\WINNT\SYSTEM32\QuickTime.cpl (Apple Computer, Inc.)
6/19/2003 3:05:04 PM 90896 C:\WINNT\SYSTEM32\powercfg.cpl (Microsoft Corporation)
11/17/2003 10:33:00 AM 73728 C:\WINNT\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
12/11/2002 4:25:02 PM 45171 C:\WINNT\SYSTEM32\plugincpl131_07.cpl (Sun Microsystems)
6/19/2003 3:05:04 PM 83216 C:\WINNT\SYSTEM32\sticpl.cpl (Microsoft Corporation)
9/12/2002 2:22:58 PM 65536 C:\WINNT\SYSTEM32\Psa2.cpl (QSound Labs, Inc.)
8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
12/7/1999 12:00:00 PM 41232 C:\WINNT\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
9/23/1999 6:44:36 PM 94208 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl (IBM Corporation)

Checking for Downloaded Program Files...
{00000130-9980-0010-8000-00AA00389B71} - - CodeBase = http://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{31564D57-0000-0010-8000-00AA00389B71} - - CodeBase = http://codecs.microsoft.com/codecs/i386/wmvax.cab
{32564D57-0000-0010-8000-00AA00389B71} - - CodeBase = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167345416125
{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - GSDACtl Class - CodeBase = http://launch.gamespyarcade.com/software/launch/alaunch.cab
{9BFC2253-B9D9-477E-9488-CA450232620D} - BinAg1 Class - CodeBase = https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
{9F1C11AA-197B-4942-BA54-47A8489BB47F} - - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37613.0673611111
{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DirectAnimation Java Classes - - CodeBase = file://C:\WINNT\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINNT\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
12/28/2006 4:24:06 PM 1484 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
9/30/2004 9:14:20 PM 225280 C:\Documents and Settings\administrator\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
12/28/2006 4:24:08 PM 437 C:\Documents and Settings\administrator\Start Menu\Programs\Startup\SpywareGuard.lnk ()

Checking files in %USERPROFILE%\Application Data folder...

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.msn.com/
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.google.com/
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - C:\WINNT\System32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{4A368E80-174F-4872-96B5-0B27DDD11DB2} - SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll ()
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll ()

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINNT\system32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48A0-441B-A342-7C2A440A9478} - Media Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{8E718888-423F-11D2-876E-00A0C9082467} - &Radio = C:\WINNT\System32\msdxm.ocx ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - = ()
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} - 8192 = @shdoclc.dll,-864
\\NEXTID - 8201
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8193 =
\\{000007C6-17DF-4438-92A4-DE5537471BA3} - 8194 =
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8195 =
\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - 8196 =
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8197 = Sun Java Console
\\{686C970F-1D7D-4469-85D1-4B35763B56CC} - 8198 =
\\{F4430FE8-2638-42e5-B849-800749B94EED} - 8199 =
\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8200 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (Sun Microsystems, Inc.)
\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - ButtonText: Spyware Doctor =
\{c95fe080-8f5d-11d2-a20b-00aa003c157a} - ButtonText: @shdoclc.dll,-866 = %SystemRoot%\web\related.htm
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com =

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINNT\System32\hticons.dll (Hilgraeve, Inc.)
\\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{BEB5F380-5501-11d3-BFDE-ADC2F2AAE920} - Rage3DTweak = ()
\\{5E44E225-A408-11CF-B581-008029601108} - Adaptec Directcd Shell Extension = C:\Program Files\Adaptec\DirectCD\shellex.dll (Adaptec)
\\{C14F7681-33D8-11D3-A09B-00500402F30B} - AvxShellEx = C:\Program Files\BullGuard\ashellex.dll ()
\\{02A62A55-544C-42CD-8EE0-F364E8338D3D} - Image Previewer = ()
\\{A464F9AE-3108-4A4B-AA37-F7546589D961} - ShellExtensionPropSheet = ()
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{81559C35-8464-49F7-BB0E-07A383BEF910} - = C:\Program Files\SpywareGuard\spywareguard.dll ()
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINNT\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINNT\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINNT\system32\nvshell.dll (NVIDIA Corporation)
\\{1EBC3533-B289-409F-9924-B84B3F0717D2} - AceFTP Context Menu Shell Extension = C:\PROGRA~1\VISICO~1\ACEFTP~1\FTPCntxt.dll (Visicom Media Inc.)
\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AceFTP - {1EBC3533-B289-409F-9924-B84B3F0717D2} = C:\PROGRA~1\VISICO~1\ACEFTP~1\FTPCntxt.dll (Visicom Media Inc.)
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\AvxShellEx - {C14F7681-33D8-11D3-A09B-00500402F30B} = C:\Program Files\BullGuard\ashellex.dll ()
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\WS_FTP - {797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\WS_FTP Pro\wsftpsi.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AceFTP - {1EBC3533-B289-409F-9924-B84B3F0717D2} = C:\PROGRA~1\VISICO~1\ACEFTP~1\FTPCntxt.dll (Visicom Media Inc.)
\ImagePreview - {02A62A55-544C-42CD-8EE0-F364E8338D3D} = ()
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINNT\system32\nvshell.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\AvxShellEx - {C14F7681-33D8-11D3-A09B-00500402F30B} = C:\Program Files\BullGuard\ashellex.dll ()
\ImagePreview - {02A62A55-544C-42CD-8EE0-F364E8338D3D} = ()
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\WS_FTP - {797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\WS_FTP Pro\wsftpsi.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Synchronization Manager - C:\WINNT\SYSTEM32\mobsync.exe (Microsoft Corporation)
Disc Detector - C:\Program Files\Creative\ShareDLL\CtNotify.exe ()
HPDJ Taskbar Utility - C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
IntelliPoint - C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
NvCplDaemon - RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll ()
nwiz - C:\WINNT\SYSTEM32\nwiz.exe (NVIDIA Corporation)
Logitech Utility - C:\WINNT\Logi_MwX.Exe (Logitech Inc.)
AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe (GRISOFT, s.r.o.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- Reg Data missing or invalid ()
ctfmon.exe - C:\WINNT\SYSTEM32\ctfmon.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\administrator\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
C:\Documents and Settings\administrator\Start Menu\Programs\Startup\SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{81559C35-8464-49F7-BB0E-07A383BEF910} - SpywareGuard.Handler = C:\Program Files\SpywareGuard\spywareguard.dll ()

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINNT\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\wzcnotif - wzcdlg.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{97735E0C-555D-420A-8BFD-4EA54F65C197} - (Toshiba PCX1100U USB Cable Modem (NDIS 5))
{9D65079C-DBE7-4CE1-9C18-94F074C667EE} - (Terayon Cable Modem (NDIS 5))
{EC0FD09E-E352-436A-BB45-31EB36D1D17D} - (Efficient Networks USB/Ethernet ADSL Modem)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\rnr20.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()
\vnd.ms.radio - C:\WINNT\System32\msdxm.ocx ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

cybertech · Dec 30, 2006

Click Here and download Killbox and save it to your desktop.

Double-click on Killbox.exe to run it.
Put a tick by Delete on Reboot.
Copy the following list of files to clipboard, CTRL+C to copy

C:\WINNT\SYSTEM32\mshlol.dll
C:\WINNT\SYSTEM32\mskplb.dll
C:\WINNT\SYSTEM32\msiaih.dll

Now in Killbox go to File, Paste from clipboard.
Click the All Files button.
Click on the button that has the red circle with the X in the middle.
It will ask for confimation to delete the file.
Click Yes.
It will ask if you want to reboot now,
Click Yes.

Note: It is possible that Killbox will tell you that the file does not exist.

If your computer does not restart automatically then please restart it manually.
If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

How is it running now? Any problems?

Zwan · Dec 30, 2006

Issue appears to be resolved. Machine is running like new again.

cybertech · Dec 30, 2006

Great!

You're welcome!

Zwan · Dec 31, 2006

Thanks a lot cyber! I had given up hope that the computer was rescuable some time ago. Sure glad I was wrong.

Solved: Winmgmt.exe Constant PoP-Up Help. Hijack this included

Top Contributors this Month