View Full Version : Difficult Problem to Describe
Ok, I have no idea what's wrong with this computer. It is hooked up to a router with my other computers, and they do not have this problem.
Anyway, if I use IE I cannot navigate to google.ca. It will get as far as saying "opening page" but then just freeze.
If I use firefox I can use more websites, but some give me the same problem (some parts of google, majorgeeks, windsorfamily.com, etc.
Anyway, none of my other computers on the same connection have this problem. As a side note, google.ca is responding to ping.
I'd really appreciate some help and I'd like to post a log file, but for some reason every version of hijackthis I've downloaded has given me the error "Invalid Picture" (whatever that means).
I do have spybot installed, but it returns no results whenever I scan. (I've updated).
Oh, I'm also running AVG 7.0 on this system, so it's not like it doesn't have an anti-virus.
Please Help.
Ok, I've tried a number of things:
Change the name of HijackThis to something else, and try to run it. I heard that works sometimes, but I still get the same error.
I tried editing the internal name of HijackThis with a resource hacker which would not run.
I've tried to install Ewido, but the install won't pop-up after I run it, and it just sits in the process list never appearing. The same happens for many programs I have.
I can't boot into safe mode because it hangs on mup.sys. I've heard this can happen if you don't have a genuine copy of windows, but I DO have a genuine copy. It came pre-loaded from the manufacturer.
I've tried Housecall, Activescan, and Bitdefender. Housecall crashed Firefox and IE. Activescan and Bitdefender don't work in Firefox and require activeX plugins for IE, which I try to install, but they just don't...
I tried to run Microsoft Update, but nothing can successfully install.
I scanned with AVG, Spybot, and AdAware. Zero results.
I ran sfc /scannow. It runs to the end, then terminates without giving any reports.
So...what is going on? Microsoft Windows Help won't even load.
Ok, another update. I found out that Spybot can make reports, so here it is:
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX: DirectX Update 819696
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB834707
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB867282
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB883939
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB889293
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB890923
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB896688
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB896727
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB905915
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB912812
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB916281
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB918439
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ Outlook Express 6 / SP1: Windows XP Hotfix - KB897715
/ Outlook Express 6 / SP1: Windows XP Hotfix - KB911567
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player: Windows Media Update 828026
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows Media Player 9 / SP0: Windows Media Player 9 Hotfix [See KB885492 for more information]
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
--- Startup entries list ---
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 406016
MD5: ed0163acdb2834ac8f53b3265671fb1a
Located: HK_LM:Run, CHotkey
command: mHotkey.exe
file: C:\WINDOWS\mHotkey.exe
size: 479744
MD5: b48e00f730ff2a81b19a45b2ab2dc04c
Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
size: 196608
MD5: 7c6b5065e7326e3c91a62800df3a31fa
Located: HK_LM:Run, LogitechVideoRepair
command: C:\Program Files\Logitech\Video\ISStart.exe
file: C:\Program Files\Logitech\Video\ISStart.exe
size: 454656
MD5: e538b66f5447c6e12b18da988683f266
Located: HK_LM:Run, LogitechVideoTray
command: C:\Program Files\Logitech\Video\LogiTray.exe
file: C:\Program Files\Logitech\Video\LogiTray.exe
size: 212992
MD5: 5be353d1abefe236011045787c0768fa
Located: HK_LM:Run, LVCOMSX
command: C:\WINDOWS\System32\LVCOMSX.EXE
file: C:\WINDOWS\System32\LVCOMSX.EXE
size: 221184
MD5: a5f44e2c209a71bbe413e151379febc2
Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\System32\NeroCheck.exe
file: C:\WINDOWS\System32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90
Located: HK_LM:Run, OrderReminder
command: C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
file: C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
size: 98304
MD5: 2674a29cca3f442a6088a4158c72d3f3
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: a997e887c720e1a0472b11bd2c01a8e8
Located: HK_LM:Run, Share-to-Web Namespace Daemon
command: c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
file: c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 69632
MD5: d5bc63d2822b8e244e53d2ff8078cc6b
Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 47104
MD5: e571561c61000c8a203f1997954825b8
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
file: C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
size: 49263
MD5: 409c45da1cfbc3fc19eec7cbfe9b2786
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1ac2c58b587c70de64582ad41ee79fba
Located: HK_LM:Run, DealHelperBrwsr (DISABLED)
command: C:\WINDOWS\dhbrwsr.exe
Located: HK_LM:Run, DealHelperUpdate (DISABLED)
command: C:\WINDOWS\DHUpdt.exe
Located: HK_LM:Run, gtaj (DISABLED)
command: C:\WINDOWS\gtaj.exe
Located: HK_LM:Run, odaxiz (DISABLED)
command: C:\WINDOWS\odaxiz.exe
Located: HK_LM:Run, Power Scan (DISABLED)
command: C:\Program Files\Power Scan\powerscan.exe
Located: HK_LM:Run, rt1but81 (DISABLED)
command: C:\WINDOWS\System32\rt1but81.exe
Located: HK_LM:Run, sais (DISABLED)
command: c:\program files\180solutions\sais.exe
Located: HK_CU:Run, FTPRIGHT
command: C:\Program Files\FtpRight\ftpright.exe /STARTUP
Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259
Located: HK_CU:Run, MsnMsgr
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 7094272
MD5: 59e6b431faf166923c93f32d1fb9aaa4
Located: HK_CU:Run, swg (DISABLED)
command: C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
Located: Startup (common), Adobe Gamma Loader.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a
Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 14/12/2004 1:56:50 AM
Date (last access): 26/01/2007
Date (last write): 14/12/2004 1:56:50 AM
Filesize: 63136
Attributes: archive
MD5: 42729C3DE75A7A51FC6F9EF6546C9199
CRC32: 4D60BD07
Version: 0.7.0.0
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_09\bin\
Long name: ssv.dll
Short name:
Date (created): 12/10/2006 3:10:58 AM
Date (last access): 26/01/2007
Date (last write): 12/10/2006 3:25:44 AM
Filesize: 434279
Attributes: archive
MD5: D62E335F137D9E0F9F4DBE09564959B1
CRC32: 72699310
Version: 0.5.0.0
--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 29/05/2003 3:00:18 PM
Date (last access): 26/01/2007
Date (last write): 29/05/2003 3:00:18 PM
Filesize: 77408
Attributes: archive
MD5: 42D567DF86B9B7AC4A89664C9651B68B
CRC32: 47FF3D19
Version: 0.7.0.1
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name: QTPLUGIN.OCX
Date (created): 10/06/2003 8:24:02 PM
Date (last access): 26/01/2007
Date (last write): 16/06/2003 3:56:36 PM
Filesize: 327736
Attributes: archive
MD5: 1D7FC5EB0358F978E67D7D7F9A6EFA65
CRC32: 4DBA94EF
Version: 0.6.0.3
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer)
DPF name:
CLSID name: Musicnotes Viewer
Path: C:\WINDOWS\Downloaded Program Files\
Long name: mnviewer.dll
Short name:
Date (created): 02/06/2003 3:46:26 PM
Date (last access): 26/01/2007
Date (last write): 02/06/2003 3:46:26 PM
Filesize: 233472
Attributes: archive
MD5: 59945FA9CA61BB6E286FF758E3B30782
CRC32: 0627F390
Version: 0.1.0.14
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Director\
Long name: SwDir.dll
Short name: SWDIR.DLL
Date (created): 04/06/2003 4:05:38 PM
Date (last access): 26/01/2007
Date (last write): 11/02/2003 6:02:58 AM
Filesize: 32768
Attributes: archive
MD5: 92FA0AE21D3A08B65D291724AA7D0E43
CRC32: 7B63A9DB
Version: 0.8.0.5
{41F17733-B041-4099-A042-B518BB6A408C} ()
DPF name:
CLSID name:
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name: MSNPUPLD.DLL
Date (created): 12/04/2006 3:39:04 PM
Date (last access): 26/01/2007
Date (last write): 12/04/2006 3:39:04 PM
Filesize: 372736
Attributes: archive
MD5: EE8E0F2EDBB5CC3B33FDFBCE435DAD09
CRC32: 4E0B4C3D
Version: 0.10.0.0
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Path: C:\WINDOWS\System32\
Long name: muweb.dll
Short name:
Date (created): 26/05/2005 4:19:32 AM
Date (last access): 26/01/2007
Date (last write): 26/05/2005 4:19:32 AM
Filesize: 178408
Attributes: archive
MD5: EE37AA2C0700221CD8B02FADCD4C7FB5
CRC32: F5494B06
Version: 0.5.0.8
{72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player)
DPF name:
CLSID name: InstallShield International Setup Player
Path: c:\windows\DOWNLO~1\
Long name: iSetupML.dll
Short name: ISETUPML.DLL
Date (created): 10/04/2001 3:25:24 PM
Date (last access): 26/01/2007
Date (last write): 10/04/2001 3:25:24 PM
Filesize: 24576
Attributes: archive
MD5: EDFBA1D605254D9E91B072034BB7ACAA
CRC32: B0FAB4A3
Version: 0.6.0.30
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 12/10/2006 3:10:58 AM
Date (last access): 26/01/2007
Date (last write): 12/10/2006 3:25:44 AM
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 0.5.0.0
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 29/05/2003 3:00:20 PM
Date (last access): 26/01/2007
Date (last write): 29/05/2003 3:00:20 PM
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 0.7.0.1
{9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control)
DPF name:
CLSID name: cpbrkpie Control
Path: C:\WINDOWS\
Long name: cpbrkpie.ocx
Short name:
Date (created): 07/11/2003 3:21:50 PM
Date (last access): 26/01/2007
Date (last write): 07/11/2003 3:21:50 PM
Filesize: 132528
Attributes: archive
MD5: 8DB43B93A167B0DE9145B35817337AB5
CRC32: 979806BD
Version: 0.3.0.1
{A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class)
DPF name:
CLSID name: ScorchPlugin Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: NPSibelius.dll
Short name: NPSIBE~1.DLL
Date (created): 25/08/2005 3:37:14 PM
Date (last access): 26/01/2007
Date (last write): 25/08/2005 3:37:14 PM
Filesize: 3833856
Attributes: archive
MD5: 6F9692DA6B07EB9DC9B7BFEAC929738E
CRC32: 74F6D036
Version: 0.4.0.0
{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03)
DPF name: Java Runtime Environment 1.4.1_03
CLSID name: Java Plug-in 1.4.1_03
Path: C:\Program Files\Java\j2re1.4.1_03\bin\
Long name: NPJPI141_03.dll
Short name: NPJPI1~1.DLL
Date (created): 25/01/2004 9:32:46 PM
Date (last access): 26/01/2007
Date (last write): 01/05/2003 8:05:20 AM
Filesize: 61553
Attributes: archive
MD5: 9D1B915A44A442E6C252EA1240BD9B4B
CRC32: 97ADFC90
Version: 0.1.0.4
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
Path: C:\Program Files\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 12/10/2006 3:10:58 AM
Date (last access): 26/01/2007
Date (last write): 12/10/2006 3:25:44 AM
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 0.5.0.0
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
Path: C:\Program Files\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 12/10/2006 3:10:58 AM
Date (last access): 26/01/2007
Date (last write): 12/10/2006 3:25:44 AM
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 0.5.0.0
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\Macromed\Flash\
Long name: Flash8.ocx
Short name: FLASH8.OCX
Date (created): 27/08/2005 1:38:56 PM
Date (last access): 26/01/2007
Date (last write): 27/08/2005 1:38:56 PM
Filesize: 1435272
Attributes: archive
MD5: 900373C059C2B51CA91BF110DBDECB33
CRC32: F19599BC
Version: 0.8.0.0
{EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class)
DPF name:
CLSID name: QDiagHUpdateObj Class
Path: C:\WINDOWS\System32\
Long name: qdiagh.ocx
Short name:
Date (created): 26/05/2003 9:27:10 AM
Date (last access): 26/01/2007
Date (last write): 26/05/2003 9:27:10 AM
Filesize: 684032
Attributes: archive
MD5: E69316BFE7BB8117153D43E065EA2E8D
CRC32: C7BADA93
Version: 0.1.0.0
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)
DPF name:
CLSID name: MSN Chat Control 4.5
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MSNChat45.ocx
Short name: MSNCHA~1.OCX
Date (created): 16/05/2003 5:33:48 PM
Date (last access): 26/01/2007
Date (last write): 16/05/2003 5:33:48 PM
Filesize: 457288
Attributes: archive
MD5: 6FB06396675C1413F4E3AF3FA446E52C
CRC32: 226E9275
Version: 0.9.0.0
--- Process list ---
Spybot - Search && Destroy process list report, 26/01/2007 10:23:04 PM
PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 424 ( 4) \SystemRoot\System32\smss.exe
PID: 480 ( 424) CSRSS.EXE
PID: 504 ( 424) \??\C:\WINDOWS\system32\winlogon.exe
PID: 548 ( 504) C:\WINDOWS\system32\services.exe
PID: 560 ( 504) C:\WINDOWS\system32\lsass.exe
PID: 708 ( 548) C:\WINDOWS\system32\svchost.exe
PID: 716 ( 548) ALG.EXE
PID: 752 ( 548) SVCHOST.EXE
PID: 852 ( 548) C:\WINDOWS\System32\svchost.exe
PID: 948 ( 548) SVCHOST.EXE
PID: 1048 (1224) C:\WINDOWS\SOUNDMAN.EXE
PID: 1080 ( 548) SVCHOST.EXE
PID: 1164 ( 708) c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PID: 1216 (1224) C:\WINDOWS\System32\LVCOMSX.EXE
PID: 1224 (1164) C:\WINDOWS\Explorer.EXE
PID: 1232 ( 708) C:\Program Files\Logitech\Video\FxSvr2.exe
PID: 1256 (1224) C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
PID: 1276 (1224) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PID: 1436 ( 548) C:\WINDOWS\system32\spoolsv.exe
PID: 1468 (1224) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 1488 (1224) C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
PID: 1560 (1224) C:\Program Files\Logitech\Video\LogiTray.exe
PID: 1628 ( 548) C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
PID: 1644 ( 548) C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
PID: 1656 ( 548) C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
PID: 1788 ( 548) C:\WINDOWS\System32\svchost.exe
PID: 1808 (1224) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
PID: 1844 (1224) C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
PID: 1972 (1224) C:\Program Files\Messenger\msmsgs.exe
PID: 3108 (1224) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 3224 (1224) C:\Program Files\Mozilla Firefox\firefox.exe
--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 26/01/2007 10:23:04 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.ca/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD nwlnkipx [IPX]
GUID: {11058240-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkipx *
Protocol 6: MSAFD nwlnkspx [SPX]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 7: MSAFD nwlnkspx [SPX] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 8: MSAFD nwlnkspx [SPX II]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 9: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 10: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FF456FB9-954D-4124-9B59-AD75352FE51E}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FF456FB9-954D-4124-9B59-AD75352FE51E}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EDE10024-7391-40EA-BA23-504BC4479163}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EDE10024-7391-40EA-BA23-504BC4479163}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2FEB93DD-3227-4614-A95F-D27171B003F6}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2FEB93DD-3227-4614-A95F-D27171B003F6}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7FF161A7-8CD3-432F-BF02-A1B4205B8061}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7FF161A7-8CD3-432F-BF02-A1B4205B8061}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9C11F3BF-7546-4973-9733-FF8F85F6D065}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9C11F3BF-7546-4973-9733-FF8F85F6D065}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8A8D5493-A221-4F66-9FA6-DB89FEC25B0B}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8A8D5493-A221-4F66-9FA6-DB89FEC25B0B}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 3: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\nwprovau.dll
Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
DB filename: %SystemRoot%\system32\nwprovau.dll
DB protocol: NWLink IPX/SPX/NetBIOS*
That is one huge report...
Hi Gpooj :)
Ok let's see what we can find...
Please run a GMER Rootkit scan:
Download GMER's application from here:
http://www.gmer.net/gmer.zip
Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.
Warning ! Please, do not select the "Show all" checkbox during the scan.
Thank you for replying, I'm surprised that program actually ran!
Well, here's the results:
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-27 17:28:06
Windows 5.1.2600 Service Pack 2
---- Devices - GMER 1.0.12 ----
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AEE85A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AEE85A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AEE85A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AEE85A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AEE85A] avgtdi.sys
---- EOF - GMER 1.0.12 ----
Looks like it's all my anti-virus.
As a side note, I loaded a LiveCD version of Knoppix and ran housecall from there, the scan didn't detect anything.
I also tried housecall again from IE, and just as it shut down I could read that it encountered a security problem with .Net Framework 1.0. I looked that up with Microsoft and they recommend I run the update for .Net Framework. I tried to do that, but the update wouldn't install.
Thank you for responding! I hope we can fix this.
Ok let's do some research...
Make a new folder in the C:\drive called silentrunners
Download 'silent runners" from here: (direct download)
http://www.silentrunners.org/Silent%20Runners.vbs
Save it to your silentrunners folder.
Click start> run> type cmd and hit enter
Type the following exactly and hit enter after each line.
cd c:\silentrunners and hit enter
"silent runners.vbs" -all and hit enter
Wait until it pops up saying its completed, then post the resulting logfile here
It will be very large. You may need several posts to include everything
Here we go:
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output of all locations checked and all values found.
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
"FTPRIGHT" = "C:\Program Files\FtpRight\ftpright.exe /STARTUP" [file not found]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NeroCheck" = "C:\WINDOWS\System32\NeroCheck.exe" ["Ahead Software Gmbh"]
"CHotkey" = "mHotkey.exe" ["Chicony"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"]
"Share-to-Web Namespace Daemon" = "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"LVCOMSX" = "C:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech Inc."]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]
"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"OrderReminder" = "C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" ["Hewlett-Packard"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = "Windows Media Player"
\StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{00022613-0000-0000-C000-000000000046}" = "Multimedia File Property Sheet"
-> {HKLM...CLSID} = "Multimedia File Property Sheet"
\InProcServer32\(Default) = "mmsys.cpl" [MS]
"{176d6597-26d3-11d1-b350-080036a75b03}" = "ICM Scanner Management"
-> {HKLM...CLSID} = "ICM Scanner Management"
\InProcServer32\(Default) = "icmui.dll" [MS]
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "NTFS Security Page"
-> {HKLM...CLSID} = "Security Shell Extension"
\InProcServer32\(Default) = "rshx32.dll" [MS]
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" = "OLE Docfile Property Page"
-> {HKLM...CLSID} = "OLE Docfile Property Page"
\InProcServer32\(Default) = "docprop.dll" [MS]
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" = "Shell extensions for sharing"
-> {HKLM...CLSID} = "Shell extensions for sharing"
\InProcServer32\(Default) = "ntshrui.dll" [MS]
"{41E300E0-78B6-11ce-849B-444553540000}" = "PlusPack CPL Extension"
-> {HKLM...CLSID} = "PlusPack CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\themeui.dll" [MS]
"{42071712-76d4-11d1-8b24-00a0c9068ff3}" = "Display Adapter CPL Extension"
-> {HKLM...CLSID} = "Display Adapter CPL Extension"
\InProcServer32\(Default) = "deskadp.dll" [MS]
"{42071713-76d4-11d1-8b24-00a0c9068ff3}" = "Display Monitor CPL Extension"
-> {HKLM...CLSID} = "Display Monitor CPL Extension"
\InProcServer32\(Default) = "deskmon.dll" [MS]
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{4E40F770-369C-11d0-8922-00A024AB2DBB}" = "DS Security Page"
-> {HKLM...CLSID} = "Security Shell Extension"
\InProcServer32\(Default) = "dssec.dll" [MS]
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" = "Compatibility Page"
-> {HKLM...CLSID} = "Compatibility Page"
\InProcServer32\(Default) = "SlayerXP.dll" [MS]
"{56117100-C0CD-101B-81E2-00AA004AE837}" = "Shell Scrap DataHandler"
-> {HKLM...CLSID} = "Shell Scrap DataHandler"
\InProcServer32\(Default) = "shscrap.dll" [MS]
"{59099400-57FF-11CE-BD94-0020AF85B590}" = "Disk Copy Extension"
-> {HKLM...CLSID} = "Disk Copy Extension"
\InProcServer32\(Default) = "diskcopy.dll" [MS]
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}" = "Shell extensions for Microsoft Windows Network objects"
-> {HKLM...CLSID} = "Shell extensions for Microsoft Windows Network objects"
\InProcServer32\(Default) = "ntlanui2.dll" [MS]
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}" = "ICM Monitor Management"
-> {HKLM...CLSID} = "ICM Monitor Management"
\InProcServer32\(Default) = "C:\WINDOWS\System32\icmui.dll" [MS]
"{675F097E-4C4D-11D0-B6C1-0800091AA605}" = "ICM Printer Management"
-> {HKLM...CLSID} = "ICM Printer Management"
\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS]
"{77597368-7b15-11d0-a0c2-080036af3f03}" = "Web Printer Shell Extension"
-> {HKLM...CLSID} = "Web Printer Shell Extension"
\InProcServer32\(Default) = "printui.dll" [MS]
"{7988B573-EC89-11cf-9C00-00AA00A14F56}" = "Disk Quota UI"
-> {HKLM...CLSID} = "Microsoft Disk Quota UI"
\InProcServer32\(Default) = "dskquoui.dll" [MS]
"{85BBD920-42A0-1069-A2E4-08002B30309D}" = "Briefcase"
-> {HKLM...CLSID} = "Briefcase"
\InProcServer32\(Default) = "syncui.dll" [MS]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{BD84B380-8CA2-1069-AB1D-08000948F534}" = "Fonts"
-> {HKLM...CLSID} = "Fonts"
\InProcServer32\(Default) = "fontext.dll" [MS]
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" = "ICC Profile"
-> {HKLM...CLSID} = "ICC Profile"
\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS]
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" = "Printers Security Page"
-> {HKLM...CLSID} = "Security Shell Extension"
\InProcServer32\(Default) = "rshx32.dll" [MS]
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" = "Shell extensions for sharing"
-> {HKLM...CLSID} = "Shell extensions for sharing"
\InProcServer32\(Default) = "ntshrui.dll" [MS]
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}" = "Display TroubleShoot CPL Extension"
-> {HKLM...CLSID} = "Display TroubleShoot CPL Extension"
\InProcServer32\(Default) = "deskperf.dll" [MS]
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}" = "Crypto PKO Extension"
-> {HKLM...CLSID} = "CryptPKO Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS]
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}" = "Crypto Sign Extension"
-> {HKLM...CLSID} = "CryptSig Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS]
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}" = "Network Connections"
-> {HKLM...CLSID} = "Network Connections"
\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS]
"{992CFFA0-F557-101A-88EC-00DD010CCC48}" = "Network Connections"
-> {HKLM...CLSID} = "Network Connections"
\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS]
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}" = "Scanners & Cameras"
-> {HKLM...CLSID} = "Scanners & Cameras"
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" = "Scanners & Cameras"
-> {HKLM...CLSID} = "Scanners & Cameras"
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{905667aa-acd6-11d2-8080-00805f6596d2}" = "Scanners & Cameras"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}" = "Scanners & Cameras"
-> {HKLM...CLSID} = "Scanners & Cameras"
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{83bbcbf3-b28a-4919-a5aa-73027445d672}" = "Scanners & Cameras"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{F0152790-D56E-4445-850E-4F3117DB740C}" = "Remote Sessions CPL Extension"
-> {HKLM...CLSID} = "Remote Sessions CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\remotepg.dll" [MS]
"{60254CA5-953B-11CF-8C96-00AA00B8708C}" = "Shell extensions for Windows Script Host"
-> {HKLM...CLSID} = "Shell Extension For Windows Script Host"
\InProcServer32\(Default) = "C:\WINDOWS\System32\wshext.dll" [MS]
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" = "Microsoft Data Link"
-> {HKLM...CLSID} = "Microsoft OLE DB Service Component Data Links"
\InProcServer32\(Default) = "C:\Program Files\Common Files\System\Ole DB\oledb32.dll" [MS]
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Icon Handler"
-> {HKLM...CLSID} = "Scheduling UI icon handler"
\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS]
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Shell Extension"
-> {HKLM...CLSID} = "Scheduling UI property sheet handler"
\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS]
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" = "Scheduled Tasks"
-> {HKLM...CLSID} = "Scheduled Tasks"
\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS]
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" = "Search"
-> {HKLM...CLSID} = "Search"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" = "Help and Support"
-> {HKLM...CLSID} = "Help and Support"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" = "Help and Support"
-> {HKLM...CLSID} = "Windows Security"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" = "Run..."
-> {HKLM...CLSID} = "Run..."
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" = "Internet"
-> {HKLM...CLSID} = "Internet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" = "E-mail"
-> {HKLM...CLSID} = "E-mail"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{D20EA4E1-3957-11d2-A40B-0C5020524152}" = "Fonts"
-> {HKLM...CLSID} = "Fonts"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{D20EA4E1-3957-11d2-A40B-0C5020524153}" = "Administrative Tools"
-> {HKLM...CLSID} = "Administrative Tools"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" = "Audio Media Properties Handler"
-> {HKLM...CLSID} = "Audio Media Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" = "Video Media Properties Handler"
-> {HKLM...CLSID} = "Video Media Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}" = "Wav Properties Handler"
-> {HKLM...CLSID} = "Wav Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" = "Avi Properties Handler"
-> {HKLM...CLSID} = "Avi Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" = "Midi Properties Handler"
-> {HKLM...CLSID} = "Midi Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
"{c5a40261-cd64-4ccf-84cb-c394da41d590}" = "Video Thumbnail Extractor"
-> {HKLM...CLSID} = "Video Thumbnail Extractor"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
"{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Microsoft Internet Toolbar"
-> {HKLM...CLSID} = "Microsoft Internet Toolbar"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "Download Status"
-> {HKLM...CLSID} = "Download Status"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Augmented Shell Folder"
-> {HKLM...CLSID} = "Augmented Shell Folder"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Augmented Shell Folder 2"
-> {HKLM...CLSID} = "Augmented Shell Folder 2"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy"
-> {HKLM...CLSID} = "BandProxy"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Microsoft BrowserBand"
-> {HKLM...CLSID} = "Microsoft BrowserBand"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{30D02401-6A81-11d0-8274-00C04FD5AE38}" = "Search Band"
-> {HKLM...CLSID} = "Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "In-pane search"
-> {HKLM...CLSID} = "In-pane search"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Web Search"
-> {HKLM...CLSID} = "Web Search"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Registry Tree Options Utility"
-> {HKLM...CLSID} = "Registry Tree Options Utility"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Address"
-> {HKLM...CLSID} = "&Address"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{A08C11D2-A228-11d0-825B-00AA005B4383}" = "Address EditBox"
-> {HKLM...CLSID} = "Address EditBox"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Microsoft AutoComplete"
-> {HKLM...CLSID} = "Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{7376D660-C583-11d0-A3A5-00C04FD706EC}" = "TridentImageExtractor"
-> {HKLM...CLSID} = "TridentImageExtractor"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{6756A641-DE71-11d0-831B-00AA005B4383}" = "MRU AutoComplete List"
-> {HKLM...CLSID} = "MRU AutoComplete List"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Custom MRU AutoCompleted List"
-> {HKLM...CLSID} = "Custom MRU AutoCompleted List"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Accessible"
-> {HKLM...CLSID} = "Accessible"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{acf35015-526e-4230-9596-becbe19f0ac9}" = "Track Popup Bar"
-> {HKLM...CLSID} = "Track Popup Bar"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}" = "Address Bar Parser"
-> {HKLM...CLSID} = "Address Bar Parser"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{00BB2764-6A77-11D0-A535-00C04FD7D062}" = "Microsoft History AutoComplete List"
-> {HKLM...CLSID} = "Microsoft History AutoComplete List"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{03C036F1-A186-11D0-824A-00AA005B4383}" = "Microsoft Shell Folder AutoComplete List"
-> {HKLM...CLSID} = "Microsoft Shell Folder AutoComplete List"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{00BB2765-6A77-11D0-A535-00C04FD7D062}" = "Microsoft Multiple AutoComplete List Container"
-> {HKLM...CLSID} = "Microsoft Multiple AutoComplete List Container"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" = "Shell Band Site Menu"
-> {HKLM...CLSID} = "Shell Band Site Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" = "Shell DeskBarApp"
-> {HKLM...CLSID} = "Shell DeskBarApp"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" = "Shell DeskBar"
-> {HKLM...CLSID} = "Shell DeskBar"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" = "Shell Rebar BandSite"
-> {HKLM...CLSID} = "Shell Rebar BandSite"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" = "User Assist"
-> {HKLM...CLSID} = "User Assist"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" = "Global Folder Settings"
-> {HKLM...CLSID} = "Global Folder Settings"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" = "Favorites Band"
-> {HKLM...CLSID} = "Favorites Band"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"{0A89A860-D7B1-11CE-8350-444553540000}" = "Shell Automation Inproc Service"
-> {HKLM...CLSID} = "Shell Automation Inproc Service"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" = "Shell DocObject Viewer"
-> {HKLM...CLSID} = "Shell DocObject Viewer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" = "Microsoft Browser Architecture"
-> {HKLM...CLSID} = "Microsoft Browser Architecture"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = "InternetShortcut"
-> {HKLM...CLSID} = "Internet Shortcut"
\InProcServer32\(Default) = "shdocvw.dll" [MS]
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" = "Microsoft Url History Service"
-> {HKLM...CLSID} = "Microsoft Url History Service"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"{FF393560-C2A7-11CF-BFF4-444553540000}" = "History"
-> {HKLM...CLSID} = "History"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files"
-> {HKLM...CLSID} = "Temporary Internet Files"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files"
-> {HKLM...CLSID} = "Temporary Internet Files"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "Microsoft Url Search Hook"
-> {HKLM...CLSID} = "Microsoft Url Search Hook"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" = "IE4 Suite Splash Screen"
-> {HKLM...CLSID} = "IE4 Suite Splash Screen"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" = "CDF Extension Copy Hook"
-> {HKLM...CLSID} = "CDF Extension Copy Hook"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"{131A6951-7F78-11D0-A979-00C04FD705A2}" = "ISFBand OC"
-> {HKLM...CLSID} = "ISFBand OC"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}" = "Search Assistant OC"
-> {HKLM...CLSID} = "Search Assistant OC"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" = "The Internet"
-> {HKLM...CLSID} = "The Internet"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"{871C5380-42A0-1069-A2EA-08002B30309D}" = "Internet Name Space"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" = "Explorer Band"
-> {HKLM...CLSID} = "Explorer Band"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\sendmail.dll" [MS]
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\sendmail.dll" [MS]
"{88C6C381-2E85-11D0-94DE-444553540000}" = "ActiveX Cache Folder"
-> {HKLM...CLSID} = "ActiveX Cache Folder"
\InProcServer32\(Default) = "C:\WINDOWS\System32\occache.dll" [MS]
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" = "WebCheck"
-> {HKLM...CLSID} = "WebCheck"
\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}" = "Subscription Mgr"
-> {HKLM...CLSID} = "Subscription Mgr"
\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
"{F5175861-2688-11d0-9C5E-00AA00A45957}" = "Subscription Folder"
-> {HKLM...CLSID} = "Subscription Folder"
\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
"{08165EA0-E946-11CF-9C87-00AA005127ED}" = "WebCheckWebCrawler"
-> {HKLM...CLSID} = "WebCheckWebCrawler"
\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}" = "WebCheckChannelAgent"
-> {HKLM...CLSID} = "WebCheckChannelAgent"
\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}" = "TrayAgent"
-> {HKLM...CLSID} = "TrayAgent"
\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}" = "Code Download Agent"
-> {HKLM...CLSID} = "Code Download Agent"
\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}" = "ConnectionAgent"
-> {HKLM...CLSID} = "ConnectionAgent"
\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}" = "PostAgent"
-> {HKLM...CLSID} = "PostAgent"
\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}" = "WebCheck SyncMgr Handler"
-> {HKLM...CLSID} = "WebCheck SyncMgr Handler"
\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
"{352EC2B7-8B9A-11D1-B8AE-006008059382}" = "Shell Application Manager"
-> {HKLM...CLSID} = "Shell Application Manager"
\InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [MS]
"{0B124F8F-91F0-11D1-B8B5-006008059382}" = "Installed Apps Enumerator"
-> {HKLM...CLSID} = "Installed Apps Enumerator"
\InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [MS]
"{CFCCC7A0-A282-11D1-9082-006008059382}" = "Darwin App Publisher"
-> {HKLM...CLSID} = "Darwin App Publisher"
\InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [MS]
"{e84fda7c-1d6a-45f6-b725-cb260c236066}" = "Shell Image Verbs"
-> {HKLM...CLSID} = "Shell Image Verbs"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}" = "Shell Image Data Factory"
-> {HKLM...CLSID} = "Shell Image Data Factory"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}" = "GDI+ file thumbnail extractor"
-> {HKLM...CLSID} = "GDI+ file thumbnail extractor"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}" = "Summary Info Thumbnail handler (DOCFILES)"
-> {HKLM...CLSID} = "Summary Info Thumbnail handler (DOCFILES)"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
"{EAB841A0-9550-11cf-8C16-00805F1408F3}" = "HTML Thumbnail Extractor"
-> {HKLM...CLSID} = "HTML Thumbnail Extractor"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}" = "Shell Image Property Handler"
-> {HKLM...CLSID} = "Shell Image Property Handler"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}" = "Web Publishing Wizard"
-> {HKLM...CLSID} = "Web Publishing Wizard"
\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS]
"{add36aa8-751a-4579-a266-d66f5202ccbb}" = "Print Ordering via the Web"
-> {HKLM...CLSID} = "Print Ordering via the Web"
\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS]
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}" = "Shell Publishing Wizard Object"
-> {HKLM...CLSID} = "Shell Publishing Wizard Object"
\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS]
"{58f1f272-9240-4f51-b6d4-fd63d1618591}" = "Get a Passport Wizard"
-> {HKLM...CLSID} = "Get a Passport Wizard"
\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS]
"{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}" = "Compressed (zipped) Folder"
-> {HKLM...CLSID} = "CompressedFolder"
\InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [MS]
"{BD472F60-27FA-11cf-B8B4-444553540000}" = "Compressed (zipped) Folder Right Drag Handler"
-> {HKLM...CLSID} = "Compressed (zipped) Folder Right Drag Handler"
\InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [MS]
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}" = "Compressed (zipped) Folder SendTo Target"
-> {HKLM...CLSID} = "Compressed (zipped) Folder SendTo Target"
\InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [MS]
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}" = "Channel File"
-> {HKLM...CLSID} = "Channel"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS]
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}" = "Channel Shortcut"
-> {HKLM...CLSID} = "Channel Shortcut"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS]
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}" = "Channel Handler Object"
-> {HKLM...CLSID} = "Channel Handler Object"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS]
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}" = "Channel Menu"
-> {HKLM...CLSID} = "Channel Menu Handler Object"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS]
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}" = "Channel Properties"
-> {HKLM...CLSID} = "Channel Shortcut Property Pages"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS]
"{63da6ec0-2e98-11cf-8d82-444553540000}" = "FTP Folders Webview"
-> {HKLM...CLSID} = "Microsoft FTP Folder"
\InProcServer32\(Default) = "C:\WINDOWS\System32\msieftp.dll" [MS]
"{883373C3-BF89-11D1-BE35-080036B11A03}" = "Microsoft DocProp Shell Ext"
-> {HKLM...CLSID} = "Microsoft DocProp Shell Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}" = "Microsoft DocProp Inplace Edit Box Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace Edit Box Control"
\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
"{8EE97210-FD1F-4B19-91DA-67914005F020}" = "Microsoft DocProp Inplace ML Edit Box Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace ML Edit Box Control"
\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}" = "Microsoft DocProp Inplace Droplist Combo Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace Droplist Combo Control"
\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
"{6A205B57-2567-4A2C-B881-F787FAB579A3}" = "Microsoft DocProp Inplace Calendar Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace Calendar Control"
\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}" = "Microsoft DocProp Inplace Time Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace Time Control"
\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}" = "Directory Query UI"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS]
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}" = "Shell properties for a DS object"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS]
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}" = "Directory Object Find"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS]
"{F020E586-5264-11d1-A532-0000F8757D7E}" = "Directory Start/Search Find"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS]
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}" = "Directory Property UI"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\dsuiext.dll" [MS]
"{62AE1F9A-126A-11D0-A14B-0800361B1103}" = "Directory Context Menu Verbs"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\dsuiext.dll" [MS]
"{ECF03A33-103D-11d2-854D-006008059367}" = "MyDocs Copy Hook"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [MS]
"{ECF03A32-103D-11d2-854D-006008059367}" = "MyDocs Drop Target"
-> {HKLM...CLSID} = "MyDocs Drop Target"
\InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [MS]
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}" = "MyDocs Properties"
-> {HKLM...CLSID} = "MyDocs menu and properties"
\InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [MS]
"{750fdf0e-2a26-11d1-a3ea-080036587f03}" = "Offline Files Menu"
-> {HKLM...CLSID} = "Offline Files Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}" = "Offline Files Folder Options"
-> {HKLM...CLSID} = "Offline Files Folder Options"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}" = "Offline Files Folder"
-> {HKLM...CLSID} = "Offline Files Folder"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}" = "Microsoft Agent Character Property Sheet Handler"
-> {HKLM...CLSID} = "Microsoft Agent Character Property Sheet Handler"
\InProcServer32\(Default) = "C:\WINDOWS\msagent\agentpsh.dll" [MS]
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}" = "DfsShell"
-> {HKLM...CLSID} = "DfsShell Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\dfsshlex.dll" [MS]
"{60fd46de-f830-4894-a628-6fa81bc0190d}" = "%DESC_PublishDropTarget%"
-> {HKLM...CLSID} = "DropTarget Object for Photo Printing Wizard"
\InProcServer32\(Default) = "C:\WINDOWS\System32\photowiz.dll" [MS]
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}" = "MMC Icon Handler"
-> {HKLM...CLSID} = "ExtractIcon Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\mmcshext.dll" [MS]
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}" = ".CAB file viewer"
-> {HKLM...CLSID} = "Cabinet File"
\InProcServer32\(Default) = "cabview.dll" [MS]
"{32714800-2E5F-11d0-8B85-00AA0044F941}" = "For &People..."
-> {HKLM...CLSID} = "For &People..."
\InProcServer32\(Default) = "C:\Program Files\Outlook Express\wabfind.dll" [MS]
"{8DD448E6-C188-4aed-AF92-44956194EB1F}" = "Windows Media Player Play as Playlist Context Menu Handler"
-> {HKLM...CLSID} = "WMP Burn Audio CD Launcher"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS]
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" = "Windows Media Player Burn Audio CD Context Menu Handler"
-> {HKLM...CLSID} = "WMP Play As Playlist Launcher"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS]
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}" = "Windows Media Player Add to Playlist Context Menu Handler"
-> {HKLM...CLSID} = "WMP Add To Playlist Launcher"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" = "Auto Update Property Sheet Extension"
-> {HKLM...CLSID} = "Auto Update Property Sheet Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wuaucpl.cpl" [MS]
"{7CDDBD23-1B50-47b2-B28D-1B84D9A40ED1}" = "Sony Digital Voice File Shell Extention Module"
-> {HKLM...CLSID} = "Sony Digital Voice File Shell Extention Module"
\InProcServer32\(Default) = "IcdShlex.dll" ["Sony Corporation"]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}" = "Set Program Access and Defaults"
-> {HKLM...CLSID} = "Set Program Access and Defaults"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Previous Versions Property Page"
-> {HKLM...CLSID} = "Previous Versions Property Page"
\InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [MS]
"{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Previous Versions"
-> {HKLM...CLSID} = "Previous Versions"
\InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [MS]
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}" = "Extensions Manager Folder"
-> {HKLM...CLSID} = "Extensions Manager Folder"
\InProcServer32\(Default) = "C:\WINDOWS\System32\extmgr.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{1D2680C9-0E2A-469d-B787-065558BC7D43}" = "Fusion Cache"
-> {HKLM...CLSID} = "Fusion Cache"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" = "Browseui preloader"
-> {HKLM...CLSID} = "Browseui preloader"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" = "Component Categories cache daemon"
-> {HKLM...CLSID} = "Component Categories cache daemon"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" = (no title provided)
-> {HKLM...CLSID} = "URL Exec Hook"
\InProcServer32\(Default) = "shell32.dll" [MS]
HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"PostBootReminder" = "{7849596a-48ea-486e-8937-a2a3009f31a9}"
-> {HKLM...CLSID} = "PostBootReminder object"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
"CDBurn" = "{fbeb8a05-beee-4442-804e-409d6c4515e9}"
-> {HKLM...CLSID} = "ShellFolder for CD Burning"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
"WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
-> {HKLM...CLSID} = "WebCheck"
\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
"SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"
-> {HKLM...CLSID} = "SysTray"
\InProcServer32\(Default) = "C:\WINDOWS\System32\stobject.dll" [MS]
HKCU\Software\Microsoft\Command Processor\
"AutoRun" = (value not found)
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"Shell" = (value not found)
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\
"load" = (empty string)
"run" = (value not found)
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
"Shell" = (value not found)
HKLM\Software\Microsoft\Command Processor\
"AutoRun" = (empty string)
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
"AppInit_DLLs" = (empty string)
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
"GinaDLL" = (value not found)
"Shell" = "Explorer.exe" [MS]
"Taskman" = (value not found)
"Userinit" = "C:\WINDOWS\system32\userinit.exe," [MS]
"System" = (empty string)
HKLM\System\CurrentControlSet\Control\SafeBoot\Option\
"UseAlternateShell" = (value not found)
HKLM\System\CurrentControlSet\Control\SecurityProviders\
"SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKLM\System\CurrentControlSet\Control\Session Manager\
"BootExecute" = "autocheck autochk *"
HKLM\System\CurrentControlSet\Control\WOW\
"cmdline" = "C:\WINDOWS\system32\ntvdm.exe" [MS]
"wowcmdline" = "C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
crypt32chain\DLLName = "crypt32.dll" [MS]
cryptnet\DLLName = "cryptnet.dll" [MS]
cscdll\DLLName = "cscdll.dll" [MS]
ScCertProp\DLLName = "wlnotify.dll" [MS]
Schedule\DLLName = "wlnotify.dll" [MS]
sclgntfy\DLLName = "sclgntfy.dll" [MS]
SensLogn\DLLName = "WlNotify.dll" [MS]
termsrv\DLLName = "wlnotify.dll" [MS]
WgaLogon\DLLName = "WgaLogon.dll" [MS]
wlballoon\DLLName = "wlnotify.dll" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Your Image File Name Here without a path\Debugger = "ntsd -d" [MS]
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon\
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\
HKLM\Software\Classes\PROTOCOLS\Filter\
application/octet-stream\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
-> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.dll" [MS]
application/x-complus\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
-> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.dll" [MS]
application/x-msdownload\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
-> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.dll" [MS]
Class Install Handler\CLSID = "{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
-> {HKLM...CLSID} = "AP Class Install Handler filter"
\InProcServer32\(Default) = "C:\WINDOWS\System32\urlmon.dll" [MS]
deflate\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
-> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter"
\InProcServer32\(Default) = "C:\WINDOWS\System32\urlmon.dll" [MS]
gzip\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
-> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter"
\InProcServer32\(Default) = "C:\WINDOWS\System32\urlmon.dll" [MS]
lzdhtml\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
-> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter"
\InProcServer32\(Default) = "C:\WINDOWS\System32\urlmon.dll" [MS]
text/webviewhtml\CLSID = "{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
-> {HKLM...CLSID} = "WebView MIME Filter"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{0D2E74C4-3C34-11d2-A27E-00C04FC30871}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
{24F14F01-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
{24F14F02-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
{66742402-F9B9-11D1-A202-0000F81FEDEE}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"
-> {HKLM...CLSID} = "Offline Files Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
Open With\(Default) = "{09799AFB-AD67-11d1-ABCD-00C04FC30936}"
-> {HKLM...CLSID} = "Open With Context Menu Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
Open With EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
-> {HKLM...CLSID} = "Encryption Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
-> {HKLM...CLSID} = "Encryption Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"
-> {HKLM...CLSID} = "Offline Files Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
Sharing\(Default) = "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
-> {HKLM...CLSID} = "Shell extensions for sharing"
\InProcServer32\(Default) = "ntshrui.dll" [MS]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
Send To\(Default) = "{7BA4C740-9E81-11CF-99D3-00AA004AE837}"
-> {HKLM...CLSID} = "Microsoft SendTo Service"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
Default executables:
--------------------
HKLM\Software\Classes\.bat\(Default) = "batfile"
HKLM\Software\Classes\batfile\shell\open\command\(Default) = ""%1" %*"
HKLM\Software\Classes\.cmd\(Default) = "cmdfile"
HKLM\Software\Classes\cmdfile\shell\open\command\(Default) = ""%1" %*"
HKLM\Software\Classes\.com\(Default) = "comfile"
HKLM\Software\Classes\comfile\shell\open\command\(Default) = ""%1" %*"
HKLM\Software\Classes\.exe\(Default) = "exefile"
HKLM\Software\Classes\exefile\shell\open\command\(Default) = ""%1" %*"
HKLM\Software\Classes\.hta\(Default) = "htafile"
HKLM\Software\Classes\htafile\shell\open\command\(Default) = "C:\WINDOWS\System32\mshta.exe "%1" %*"
HKLM\Software\Classes\.pif\(Default) = "piffile"
HKLM\Software\Classes\piffile\shell\open\command\(Default) = ""%1" %*"
HKLM\Software\Classes\.scr\(Default) = "scrfile"
HKLM\Software\Classes\scrfile\shell\open\command\(Default) = ""%1" /S"
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoDriveTypeAutoRun" = (REG_DWORD) hex:0x00000091
{Turn off Autoplay}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel\
HKCU\Software\Policies\Microsoft\Internet Explorer\Download\
HKLM\Software\Policies\Microsoft\Internet Explorer\Download\
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\
HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\
HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions\
HKCU\Software\Policies\Microsoft\Internet Explorer\Security\
HKLM\Software\Policies\Microsoft\Internet Explorer\Security\
HKCU\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\
HKCU\Software\Policies\Microsoft\Windows\Network Connections\
HKCU\Software\Policies\Microsoft\Windows\System\
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0\
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0\
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"dontdisplaylastusername" = (REG_DWORD) hex:0x00000000
{Interactive logon: Do not display last user name}
"legalnoticetext" = (REG_SZ) (empty string)
{Interactive logon: Message text for users attempting to log on}
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore\
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Ann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [MS]
DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9S2C4WOY\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Z012CMWX\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G5UJ89YZ\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M43C2QXL\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\WINDOWS\Fonts\DESKTOP.INI
[.ShellClassInfo]
UICLSID={BD84B380-8CA2-1069-AB1D-08000948F534}
-> {HKLM...CLSID}\InProcServer32\(Default) = "fontext.dll" [MS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OLUHCDG7\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\EZSI8J9V\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4E2EE9HG\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\RVNRVW6V\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\WINDOWS\Temp\History\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\WINDOWS\Tasks\DESKTOP.INI
[.ShellClassInfo]
CLSID={d6277990-4c6a-11cf-8d87-00aa0060f5bf}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS]
C:\WINDOWS\Downloaded Program Files\DESKTOP.INI
[.ShellClassInfo]
CLSID={88C6C381-2E85-11d0-94DE-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\occache.dll" [MS]
C:\WINDOWS\assembly\DESKTOP.INI
[.ShellClassInfo]
CLSID={1D2680C9-0E2A-469d-B787-065558BC7D43}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\History\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9A2UMWOP\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NFDYARHC\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HM5PCOAV\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temp\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temp\Temporary Internet Files\Content.IE5\KPQNOHU3\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PQZ8HAZ\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temp\Temporary Internet Files\Content.IE5\GHEVK5QF\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temp\Temporary Internet Files\Content.IE5\9XBCWIMO\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temp\Temporary Internet Files\Content.IE5\2B2ZQPYZ\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temp\Temporary Internet Files\Content.IE5\A13WLWZU\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRHJBDOS\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temp\Temporary Internet Files\Content.IE5\CB7JU819\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temp\History\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\History\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\History\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temporary Internet Files\Content.IE5\42G6AZBC\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temporary Internet Files\Content.IE5\7HR1BUM5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temporary Internet Files\Content.IE5\WXFY6U9P\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temporary Internet Files\Content.IE5\C1AX2H45\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temporary Internet Files\Content.IE5\APVSDC7M\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temporary Internet Files\Content.IE5\U32BQPI3\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temporary Internet Files\Content.IE5\VRHFF5KW\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
C:\Documents and Settings\Ann\Local Settings\Temporary Internet Files\Content.IE5\OFJR2W1P\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
F: (no DLL launch points found)
Startup items in "Ann" & "All Users" startup folders:
-----------------------------------------------------
C:\Documents and Settings\Ann\Start Menu\Programs\Startup
<<!>> "PowerReg Scheduler.exe" [empty string]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
Enabled Scheduled Tasks:
------------------------
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{3565D684-162A-4446-9A5D-C480922CD5C2}"
-> {HKLM...CLSID} = "cgfbrzdaoop"
\InProcServer32\(Default) = "C:\DOCUME~1\Ann\APPLIC~1\ilrbreieb.dll" [file not found]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
-> {HKLM...CLSID} = "&Address"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{3565D684-162A-4446-9A5D-C480922CD5C2}"
-> {HKLM...CLSID} = "cgfbrzdaoop"
\InProcServer32\(Default) = "C:\DOCUME~1\Ann\APPLIC~1\ilrbreieb.dll" [file not found]
"{E419D898-603C-4BE6-97EB-0EC6BDA68060}"
-> {HKLM...CLSID} = "cgfbrzdaoop"
\InProcServer32\(Default) = "C:\DOCUME~1\Ann\APPLIC~1\ilrbreieb.dll" [file not found]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
-> {HKLM...CLSID} = "&Address"
\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\(Default) = (no title provided)
-> {HKLM...CLSID} = "File Search Explorer Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
{EFA24E61-B078-11D0-89E4-00C04FC9E26E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Favorites Band"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
{EFA24E62-B078-11D0-89E4-00C04FC9E26E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
{EFA24E64-B078-11D0-89E4-00C04FC9E26E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Explorer Band"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4D5C8C25-D075-11D0-B416-00C04FB90376}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Tip of the Day"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
HKLM\Software\Classes\CLSID\{30D02401-6A81-11D0-8274-00C04FD5AE38}\(Default) = "Search Band"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Internet Explorer Address Prefixes:
-----------------------------------
Prefix for bare domain ("domain-name-here.com")
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Default Prefix\
(Default) = "http://"
Prefix for specific service (i.e., "www")
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\
"ftp" = "ftp://"
"gopher" = "gopher://"
"home" = "http://"
"mosaic" = "http://"
"www" = "http://"
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.futureshop.ca
Missing lines (compared with English-language version):
[Strings]: 1 line
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = (no title provided)
-> {HKLM...CLSID} = "Microsoft Url Search Hook"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
"NavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS]
"DesktopItemNavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS]
"NavigationCanceled" = "res://shdoclc.dll/navcancl.htm" [MS]
"OfflineInformation" = "res://shdoclc.dll/offcancl.htm" [MS]
"Home" = hex:0x0000010E
"blank" = "res://mshtml.dll/blank.htm" [MS]
"PostNotCached" = "res://mshtml.dll/repost.htm" [MS]
HOSTS file
----------
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
"DataBasePath" = "C:\WINDOWS\System32\drivers\etc"
C:\WINDOWS\System32\drivers\etc\HOSTS
maps: 2 domain names to IP addresses,
and all are the localhost IP address
All Running Services (Display Name, Service Name, Path {Service DLL}):
----------------------------------------------------------------------
Application Layer Gateway Service, ALG, "C:\WINDOWS\System32\alg.exe" [MS]
Automatic Updates, wuauserv, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wuauserv.dll" [MS]}
AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
COM+ Event System, EventSystem, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\es.dll" [MS]}
Computer Browser, Browser, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\browser.dll" [MS]}
Cryptographic Services, CryptSvc, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\cryptsvc.dll" [MS]}
DCOM Server Process Launcher, DcomLaunch, "C:\WINDOWS\system32\svchost -k DcomLaunch" {"C:\WINDOWS\system32\rpcss.dll" [MS]}
DHCP Client, Dhcp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dhcpcsvc.dll" [MS]}
Distributed Link Tracking Client, TrkWks, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\trkwks.dll" [MS]}
DNS Client, Dnscache, "C:\WINDOWS\System32\svchost.exe -k NetworkService" {"C:\WINDOWS\System32\dnsrslvr.dll" [MS]}
Error Reporting Service, ERSvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ersvc.dll" [MS]}
Event Log, Eventlog, "C:\WINDOWS\system32\services.exe" [MS]
Fast User Switching Compatibility, FastUserSwitchingCompatibility, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
Help and Support, helpsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" [MS]}
IPSEC Services, PolicyAgent, "C:\WINDOWS\System32\lsass.exe" [MS]
Network Connections, Netman, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\netman.dll" [MS]}
Network Location Awareness (NLA), Nla, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\mswsock.dll" [MS]}
Plug and Play, PlugPlay, "C:\WINDOWS\system32\services.exe" [MS]
Print Spooler, Spooler, "C:\WINDOWS\system32\spoolsv.exe" [MS]
Protected Storage, ProtectedStorage, "C:\WINDOWS\system32\lsass.exe" [MS]
Remote Access Connection Manager, RasMan, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\rasmans.dll" [MS]}
Remote Procedure Call (RPC), RpcSs, "C:\WINDOWS\system32\svchost -k rpcss" {"C:\WINDOWS\system32\rpcss.dll" [MS]}
SAP Agent, NwSapAgent, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipxsap.dll" [MS]}
Secondary Logon, seclogon, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\seclogon.dll" [MS]}
Security Accounts Manager, SamSs, "C:\WINDOWS\system32\lsass.exe" [MS]
Security Center, wscsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wscsvc.dll" [MS]}
Server, lanmanserver, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\srvsvc.dll" [MS]}
Shell Hardware Detection, ShellHWDetection, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
SSDP Discovery Service, SSDPSRV, "C:\WINDOWS\System32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\ssdpsrv.dll" [MS]}
System Event Notification, SENS, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\sens.dll" [MS]}
System Restore Service, srservice, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\srsvc.dll" [MS]}
Task Scheduler, Schedule, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\schedsvc.dll" [MS]}
TCP/IP NetBIOS Helper, LmHosts, "C:\WINDOWS\System32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\lmhsvc.dll" [MS]}
Telephony, TapiSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\tapisrv.dll" [MS]}
Terminal Services, TermService, "C:\WINDOWS\System32\svchost -k DComLaunch" {"C:\WINDOWS\System32\termsrv.dll" [MS]}
Themes, Themes, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
WebClient, WebClient, "C:\WINDOWS\System32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\webclnt.dll" [MS]}
Windows Audio, AudioSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\audiosrv.dll" [MS]}
Windows Firewall/Internet Connection Sharing (ICS), SharedAccess, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipnathlp.dll" [MS]}
Windows Image Acquisition (WIA), stisvc, "C:\WINDOWS\System32\svchost.exe -k imgsvc" {"C:\WINDOWS\system32\wiaservc.dll" [MS]}
Windows Management Instrumentation, winmgmt, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wbem\WMIsvc.dll" [MS]}
Windows Time, W32Time, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\w32time.dll" [MS]}
Wireless Zero Configuration, WZCSVC, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wzcsvc.dll" [MS]}
Workstation, LanmanWorkstation, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wkssvc.dll" [MS]}
Keyboard Driver Filters:
------------------------
HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = <<!>> "samfilt" ["Dolphin, Inc."], "kbdclass" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
BJ Language Monitor\Driver = "cnbjmon.dll" [MS]
HPLJ1020LM\Driver = "ZLhp1020.DLL" ["Zenographics, Inc."]
hpzlnt04\Driver = "hpzlnt04.dll" ["HP"]
Local Port\Driver = "localspl.dll" [MS]
PJL Language Monitor\Driver = "pjlmon.dll" [MS]
Standard TCP/IP Port\Driver = "tcpmon.dll" [MS]
USB Monitor\Driver = "usbmon.dll" [MS]
-- (total run time: 294 seconds)
<<!>>: Suspicious data at a malware launch point.
Talks about a huge report! Hehe. I see something in there about a malware thingy in my keyboard driver. I've heard people had problems with safe mode if their keyboard driver is messed up.
Anyway, you're the expert. Thanks again for replying!
OK I can see some malware leftovers in the log...
PLease unintall ay preious versions of HijackThis and download new from here (http://downloads.malwareremoval.com/HijackThis.exe)
See if it works. Is the HjT the only program that doesn't run ?
Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Run a scan with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log
Ok, at first neither HijackThis or CureIt could run. I think I found out why though. Dr Web gave me an error that it couldn't make some folder in the temp directory. So, I emptied my localsettings/temp folder and now HijackThis and CureIt work.
Anyway, here's the logs:
Dr. Web:
cpbrkpie.ocx;C:\WINDOWS;Adware.Coupons;Incurable.Moved.;
WUInst.dll;C:\WINDOWS\Downloaded Program Files;Adware.SaveNow;Incurable.Moved.;
turbo.inf;C:\WINDOWS\Downloaded Program Files;Trojan.DownLoader.3634;Deleted.;
AD54D78Cd01;C:\Documents and Settings\Ann\Local Settings\Application Data\Mozilla\Firefox\Profiles\494rl9qg.default\Cache;Probably BATCH.Virus;Incurable.Moved.;
HijackThis.exe;C:\Documents and Settings\Ann\Desktop\FILES\Extras\backup\hijackthis;Probably WIN.SCRIPT.Virus;Incurable.Moved.;
msbb.dll\data002;C:\Program Files\Common Files\OE\msbb.dll;Adware.Dialhelp;;
msbb.dll;C:\Program Files\Common Files\OE;Archive contains infected objects;Moved.;
Silent Runners.vbs;C:\silentrunners;Probably BATCH.Virus;Incurable.Moved.;
HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 8:45:11 PM, on 28/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ann\Desktop\Erika\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [FTPRIGHT] C:\Program Files\FtpRight\ftpright.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.futureshop.ca
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://katezinger.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153716544796
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?306
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\ICDSPTSV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
Hey, IE is working now and I am able to run Windows update sucessfully!
This is great! Well, I'll be staying tuned for your advise just incase my problem is just crippled and not defeated.
Thanks for all your help so far! This forum is amazing!
Ok very good :)
You don't seem to have a third-party firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) installed. You must install one firewall.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:
These are good (free) firewalls: Sunbelt-Kerio (http://www.sunbelt-software.com/Kerio.cfm)
ZoneAlarm (http://www.zonelabs.com/)
Sygate (http://http://www.majorgeeks.com/download.php?det=3356)
Outpost (http://www.majorgeeks.com/download.php?det=1056)
You should print these instructions or save these to a text file. Follow these instructions carefully.
Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
Go to the My Computer and delete the following folder (if present):
C:\Program Files\Common Files\OE
The I recommend that we run a one more scan.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
================
When you're ready, please post the following logs to here:
- AVG's report
I installed outpost sucessfully. Some adpupdate keeps trying to run, whatever that is, I have it disabled for now.
I have tried to start in safe mode. After mup.sys loads (the last driver I believe) I get a brief flashing of a blue screen and the computer restarts.
So, I am unable to boot into safe mode. Should I do the rest of the instructions without going into safe mode?
Ok yes, please do the steps in normal mode then :)
Here's the report:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 4:57:25 PM 29/01/2007
+ Scan result:
C:\Documents and Settings\Ann\DoctorWeb\Quarantine\msbb.dll/msbb.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{81185D84-23A5-4083-8629-A4A74154337B}\RP914\A0079971.dll/msbb.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Ann\DoctorWeb\Quarantine\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{81185D84-23A5-4083-8629-A4A74154337B}\RP914\A0079972.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\WINDOWS\dhp2.dll -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\Documents and Settings\Ann\DoctorWeb\Quarantine\WUInst.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
:mozilla.774:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.247realmedia : Cleaned.
:mozilla.775:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.247realmedia : Cleaned.
:mozilla.993:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.247realmedia : Cleaned.
:mozilla.994:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.247realmedia : Cleaned.
:mozilla.10:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.280:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.392:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.455:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.550:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.583:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.656:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.691:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Aavalue : Cleaned.
:mozilla.692:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Aavalue : Cleaned.
:mozilla.693:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Aavalue : Cleaned.
:mozilla.694:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Aavalue : Cleaned.
:mozilla.695:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Aavalue : Cleaned.
:mozilla.696:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Aavalue : Cleaned.
:mozilla.697:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Aavalue : Cleaned.
:mozilla.698:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Aavalue : Cleaned.
:mozilla.699:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Aavalue : Cleaned.
:mozilla.286:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.603:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.604:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.88:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.89:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.90:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.91:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.92:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.93:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.410:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.268:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.269:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.270:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.271:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.587:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.319:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Burstnet : Cleaned.
:mozilla.320:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Burstnet : Cleaned.
:mozilla.321:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Burstnet : Cleaned.
:mozilla.76:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.77:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.78:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.79:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.80:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.81:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.82:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.83:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.84:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.613:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Clickzs : Cleaned.
:mozilla.614:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Clickzs : Cleaned.
:mozilla.615:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Clickzs : Cleaned.
:mozilla.616:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Clickzs : Cleaned.
:mozilla.594:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Com : Cleaned.
:mozilla.418:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.1021:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.797:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.94:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.383:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Esomniture : Cleaned.
:mozilla.1029:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.805:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.330:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.331:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.332:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.265:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.267:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.539:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.545:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.1031:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.1032:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.1046:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.529:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.530:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.532:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.533:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.605:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.606:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.672:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.673:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.674:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.675:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.676:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.753:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.807:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.808:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.822:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.569:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitslink : Cleaned.
:mozilla.570:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitslink : Cleaned.
:mozilla.572:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitslink : Cleaned.
:mozilla.573:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hitslink : Cleaned.
:mozilla.685:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Hotlog : Cleaned.
:mozilla.556:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Information : Cleaned.
:mozilla.1043:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Kmpads : Cleaned.
:mozilla.1044:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Kmpads : Cleaned.
:mozilla.819:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Kmpads : Cleaned.
:mozilla.820:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Kmpads : Cleaned.
:mozilla.1019:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.579:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.581:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.582:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.795:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.617:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Masterstats : Cleaned.
:mozilla.342:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.334:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.335:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.377:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Onestat : Cleaned.
:mozilla.378:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Onestat : Cleaned.
:mozilla.114:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Overture : Cleaned.
:mozilla.115:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Overture : Cleaned.
:mozilla.266:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Overture : Cleaned.
:mozilla.345:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.347:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.348:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.349:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.294:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.295:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.296:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.328:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Realmedia : Cleaned.
:mozilla.329:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Realmedia : Cleaned.
:mozilla.185:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Revenue : Cleaned.
:mozilla.186:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Revenue : Cleaned.
:mozilla.740:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.741:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.742:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.118:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.119:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.120:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.121:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.122:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.401:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Sitestat : Cleaned.
:mozilla.684:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Spylog : Cleaned.
:mozilla.954:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Starware : Cleaned.
:mozilla.955:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Starware : Cleaned.
:mozilla.248:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.249:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.250:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.251:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.252:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.253:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.322:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.323:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.665:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.306:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Targetnet : Cleaned.
:mozilla.1038:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.1039:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.814:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.815:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.103:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.104:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.105:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.241:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.242:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.243:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.244:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.619:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.620:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.621:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.622:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.623:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.624:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.777:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Valueclick : Cleaned.
:mozilla.996:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Valueclick : Cleaned.
:mozilla.233:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Web-stat : Cleaned.
:mozilla.234:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Web-stat : Cleaned.
:mozilla.235:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Web-stat : Cleaned.
:mozilla.236:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Web-stat : Cleaned.
:mozilla.237:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Web-stat : Cleaned.
:mozilla.238:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Web-stat : Cleaned.
:mozilla.357:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.358:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.895:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.100:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.95:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.96:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.97:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.98:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.99:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.576:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Zedo : Cleaned.
:mozilla.577:C:\FOUND.010\FILE0000.CHK -> TrackingCookie.Zedo : Cleaned.
::Report end
I accidently set the tracking cookies to "delete" instead of quarantine.
I hope this is ok. Also, it looks like a lot more is in that report than what the results showed.
It is ok :)
How is the computer running at the moment ? Any issues ?
The computer seems to be running fine now!
I just can't boot into safe mode, I think that has something to do with it's OEM install of Windows though.
Thanks for all your help!
I would have never been able to get this thing working without your guidance!
Bye for now
Ok :)
We can try to fix the bot problem, just let me know...
You don't seem to have a third-party firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) installed. You must install one firewall.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:
These are good (free) firewalls: Sunbelt-Kerio (http://www.sunbelt-software.com/Kerio.cfm)
ZoneAlarm (http://www.zonelabs.com/)
Sygate (http://http://www.majorgeeks.com/download.php?det=3356)
Outpost (http://www.majorgeeks.com/download.php?det=1056)
Comodo (http://www.personalfirewall.comodo.com)
Now you can clean AVG's Quarantine:
Open AVG Anti-Spyware
Click Infections
Click Quarantine tab
Click Select all
Click Remove finally
Close the program
You can remove the tools we used.
Then you should update your Java to the latest version (6.0) Start
Control Panel
Add/Remove Programs
Delete the old Java, J2SE Runtime Environment 5.0 Update 9
Download the latest version of Java Runtime Environment (JRE) 6.0 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Install it
Now you can make your hidden files hidden again.
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
=============
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware (http://www.ewido.net/en/)
Update it and scan your computer regularly with it.
Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.
Use Firefox browser (http://www.mozilla.org)
Firefox is faster, safer and better browser than Internet Explorer.
Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly.
Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.
Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?
Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe ;)
I would like to fix the boot problem if it's not too much trouble.
About the Firewall, I installed Outpost Firewall and it's running as we speak. It should have been installed prior to that scan posting.
Which of the listed firewalls do you recommend?
I'm trying to use Outpost right now, and when I have it set to "rules wizard" it blocks everything and I can't even access normal webpages.
If I use "allow most", which is the most lenient version, it blocks the other computers on my network from using it's shared printer.
So, is there a firewall that gets along with Windows File and Printer Sharing?
Hi :)
Ok I use ZoneAlarm at the moment, it is very easy to use and here are good instructions (http://www.markusjansson.net/eza.html)
Ok the boot problem...
Go to Start >Run and type "Notepad" without the quotes
Copy the text from the quotebox to Notepad.
Go to the menu at the top of the Notepad file and Save as: Name the file check.bat Save as Type: All files Select the desktop icon on the left to save it on the desktop.
Double click on check.bat and let it run.
When finished it will open a file in Notepad.
That file will be named check.txt, post the contenst to here.
if not exist Files MkDir Files
cd \ & dir /s /a /b mup.sys > check.txt
Start Notepad check.txt
Here's the report:
C:\WINDOWS\system32\drivers\mup.sys
C:\WINDOWS\system32\dllcache\mup.sys
C:\WINDOWS\$NtServicePackUninstall$\mup.sys
C:\WINDOWS\ServicePackFiles\i386\mup.sys
Ok good :)
It is possible that the file is corrupted...
Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
Go to:
C:\WINDOWS\ServicePackFiles\i386\mup.sys
Hold down the right mouse button on mup.sys and drag it to the C:\WINDOWS\system32\drivers folder. Release the mouse. A menu will appear. Click copy. It will ask if you want to overwrite the current copy. Say yes.
Now see if you're able to restart the computer to the safe mode.
Let me know :bigthumb:
Ok, I'll try that out, but before I can do that I think I'm going to have to get the HDD replaced.
It's started to make a high pitched sound which I'm guessing means it's going to fail any minute now, so till I get some ghosting software I'm out of commission.
*siiiiiigh*
Computers....
Yes sounds like it is the time to take the last minute backups.
Let me know how it goes :bigthumb:
Alright, got my drive replaced with Acronis, good software. Works great.
Now to try that dll thing.
Ok good :)
Let me know how it went :bigthumb:
Ok, I replaced mup.sys and I still have the problem where I can't boot into safe mode.
Also, for some reason, I cannot add to or replace my hosts file. The file does not appear to be write protected. I guess it's locked, but I have no idea what is locking it.
Hi again :)
Ok the mup.sys problem can be caused by many things. Have you noticed this problem before ?
Have you locked the hosts file with Spybot S&D ?
I'm not sure if I've noticed it before or not. I don't usually try to start that computer in safe mode.
I guess it's not really that big a deal anyway. We can drop that issue I guess.
Now all I have to do is figure out why ZoneAlarm keeps blocking internet access on IE and Firefox even though I have everything set to "allow".
Thank you for your help, I'll post back if I get any new issues.
You've been a great deal of help to me!
Hi again :)
Yes it is propably some faulty driver loading after mup.sys. Repair install might help but...
Are you sure you haven't blocked windows components from accessing the internet ? Have you allowed access for svchost.exe ?
Here is a good ZoneAlarm tutorial -> Link (http://www.markusjansson.net/eza.html)
:bigthumb:
Sorry for taking so long to reply. Yes, I have granted full access to svchost. Nothing seems to be blocked, I have followed the tutorial and I still am unable to use the internet with ZoneAlarm running.
Oh well. Instead of changing the host file manually I simply imported spybot's list of adservers from spybotS&D.
Ok :)
Hmm..so you haven't blocked any windows components...well you could try one of the other firewalls on my list and see if they work better on your pc.
:bigthumb:
I've tried using Outpost as well and I have the same problem.
I just won't use a firewall I guess.
Thanks for all your help Mr_JAk3, you've helped me salvage that PC once again!
Hi again and sorry for the delay, I was out of town.
Have you tried with default settings ?
You really must use one firewall, otherwise you'll get infected.
Have you tried Windows firewall? It is better than nothing.
Let me know :bigthumb:
I currently use the Windows Firewall.
Ok good :)
Everything is running fine now?
PS. You weren't using Windows firewall at the same time with ZoneAlarm and Oupost? Using two firewalls could be the reason why internet connection gets blocked.
:bigthumb:
As the problem appears to be resolved this topic has been archived.
If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.
Glad we could help :2thumb: