View Full Version : Something's hiding
dinosaur58
2009-01-11, 21:44
Got infected with a hijacker, deleted files with names starting with seneka using M.B.A.M. A few days, and a few reboots later getting hijacked again, and seneka files returned. Deleted them again [afraid to leave them alone or more damage], again 2nd M.B.A.M. scan [and Spybot scan] show clean, but this time attempted Kazpersky online scan [twice] and something crashed my browser part way through [both times]. Also slow boot up. Clearly something that's good at protecting itself is hinding on my system.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:29:P, on 1/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atwtusb.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\Program Files\Mozilla Firefox\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Save Flash - res://C:\Program Files\SWF-Get\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\SWF-Get\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206762645578
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 4140 bytes
Hello and Welcome to Safer Networking,
My name is peku006and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"
If you follow these instructions, everything should go smoothly.
1 - download and run RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
2 - Status Check
Please reply with
1.the logs from RSIT (log.txt ,info.txt)
Thanks peku006
dinosaur58
2009-01-16, 16:11
peku006 - Thanks for your help, logs follow. I did notice some unfamiliar exe files in C:windows. Left them alone awaiting advice.
Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-01-16 07:38:18
Microsoft Windows XP Professional Service Pack 2
System drive C: has 79 GB (69%) free of 114 GB
Total RAM: 958 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:38:A, on 1/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgFat.exe
C:\Program Files\Mozilla Firefox\FIREFOX.EXE
C:\Documents and Settings\Administrator.COMPUTER\My Documents\Anti-Smitfraud\R-SysInfoTool.exe
C:\Documents and Settings\Administrator.COMPUTER\My Documents\Anti-Smitfraud\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O8 - Extra context menu item: Save Flash - res://C:\Program Files\SWF-Get\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\SWF-Get\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206762645578
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 4720 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-12 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-12 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-12 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /install []
"atwtusb"=C:\WINDOWS\system32\atwtusb.exe [2007-03-20 315392]
"Tweak UI"=C:\WINDOWS\system32\TWEAKUI.CPL [1997-11-08 87312]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-11-11 90112]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-11-12 590848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start
Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-10-11 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start
Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ADMINI~1.COM^Start Menu^Programs^Startup^QuickShelf
2000.lnk]
C:\PROGRA~1\MICROS~4\BOOKSH~1\qshelf2k.exe [2007-10-24 110592]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk.disabled - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2008-03-25 79408]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoLogoff"=01000000
"NoRecentDocsNetHood"=01000000
"NoSMMyDocs"=01000000
"NoSMMyPictures"=01000000
"NoNetworkConnections"=01000000
"NoUserNameInStartMenu"=01000000
"ForceClassicControlPanel"=1
"NoDrives"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\System32\mmc.exe"="C:\WINDOWS\System32\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2009-01-16 07:38:18 ----D---- C:\rsit
2009-01-14 15:25:07 ----HD---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-14 04:10:38 ----SHD---- C:\FOUND.000
2009-01-12 08:30:56 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-01-12 08:26:19 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-12 08:26:19 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-12 08:26:19 ----A---- C:\WINDOWS\system32\java.exe
2009-01-12 08:26:19 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-11 12:35:53 ----D---- C:\WINDOWS\temp
2009-01-11 12:25:05 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-11 12:25:05 ----A---- C:\WINDOWS\gmer.ini
2009-01-11 12:25:05 ----A---- C:\WINDOWS\gmer.exe
2009-01-11 12:25:05 ----A---- C:\WINDOWS\gmer.dll
2009-01-11 12:18:32 ----A---- C:\WINDOWS\zip.exe
2009-01-11 12:18:32 ----A---- C:\WINDOWS\VFIND.exe
2009-01-11 12:18:32 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-11 12:18:32 ----A---- C:\WINDOWS\SWSC.exe
2009-01-11 12:18:32 ----A---- C:\WINDOWS\SWREG.exe
2009-01-11 12:18:32 ----A---- C:\WINDOWS\sed.exe
2009-01-11 12:18:32 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-11 12:18:32 ----A---- C:\WINDOWS\grep.exe
2009-01-11 12:18:32 ----A---- C:\WINDOWS\fdsv.exe
2009-01-11 07:54:50 ----D---- C:\Program Files\Trend Micro
2009-01-11 07:29:14 ----D---- C:\VundoFix Backups
2009-01-03 21:17:16 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-03 21:17:07 ----HD---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-03 12:28:07 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-03 12:28:03 ----HD---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-03 12:27:51 ----HD---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-03 12:27:45 ----HD---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-03 12:27:38 ----HD---- C:\WINDOWS\$NtUninstallKB956802$
======List of files/folders modified in the last 1 months======
2009-01-16 07:27:58 ----A---- C:\WINDOWS\win.ini
2009-01-15 21:32:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-14 09:15:52 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-13 23:27:44 ----A---- C:\WINDOWS\system.ini
2009-01-11 20:42:54 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-11 12:17:04 ----A---- C:\WINDOWS\KPCMS.INI
2009-01-11 08:04:40 ----A---- C:\VundoFix.txt
2009-01-03 21:17:14 ----A---- C:\WINDOWS\imsins.BAK
2009-01-03 12:09:00 ----A---- C:\WINDOWS\system32\183ad728-.txt
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aiptektp;Pen Pad; C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2006-06-06 22528]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-11-12 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2008-11-12 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2008-11-12 27776]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-06 3968]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-11-12 10760]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2007-06-16 31616]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2008-11-12 4960]
R2 BCMNTIO;BCMNTIO; \??\C:\PROGRA~1\CHECKIT\DIAGNO~1\BCMNTIO.sys []
R2 MAPMEM;MAPMEM; \??\C:\PROGRA~1\CHECKIT\DIAGNO~1\MAPMEM.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-12-02 3841856]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-09-17 6853088]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-02-17 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-02-17 13056]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
S2 portD;CMS PortIO Service; C:\WINDOWS\system32\DRIVERS\portd2k.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2008-11-12 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2008-11-12 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2008-11-12 406528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-12 152984]
S3 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2007-04-19 411168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2008-03-25 312880]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
[2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824]
S3 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
[2007-10-11 122880]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-09-17 155716]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.05 2009-01-16 07:38:37
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby
4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware SE Personal-->C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop
Elements\Uninst.dll"
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Adobe SVG Viewer-->C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
Ahead Nero Add-on Pack-->C:\Program Files\Ahead\Nero\uninstall-addonpack.exe
Ahead Nero Burning Rom PlugIn Pack 2.0.2 by MadHacker2k4-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation
Information\{2715D1D6-2B81-4DD5-A9DC-6EFF4D5E0993}\setup.exe" -l0x7 -removeonly
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Free Edition-->C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
BIMP Lite 1.62-->"C:\Documents and Settings\Administrator.COMPUTER\Start Menu\Programs\Accessories\BIMP Lite\uninstall.exe"
Bookshelf 2000-->"C:\Program Files\Microsoft Reference\Bookshelf 2000\bsuninst.exe" /uninstall
CheckIt Diagnostics-->C:\PROGRA~1\CHECKIT\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CHECKIT\DIAGNO~1\INSTALL.LOG
Cole2k Media - Codec Pack (Advanced)-->C:\WINDOWS\system32\C2MP\Uninst.exe
Combined Community Codec Pack 2007-02-22-->"C:\Program Files\Combined Community Codec Pack\unins001.exe"
Data Lifeguard Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield
Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
DiscWizard for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield
Installation Information\{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}\Setup.exe"
DivX Codec 3.1alpha release-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
EZ Mask v1.5 for Adobe Photoshop & Photoshop Elements-->C:\WINDOWS\unvise32.exe c:\program files\adobe\photoshop
elements\plug-ins\ezmask1.5_uninstal.log
Flash Saving Plugin-->"C:\Program Files\SWF-Get\Flash Saving Plugin\unins000.exe"
GSpot Codec Information Appliance-->C:\Program Files\GSpot\Uninstall.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Administrator.COMPUTER\My Documents\Anti-Smitfraud\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IconArt-->C:\PROGRA~1\ACCESS~1\ICONART\UNWISE.EXE C:\PROGRA~1\ACCESS~1\ICONART\INSTALL.LOG
IsoBuster 2.3-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MAGICISO\UNWISE.EXE C:\PROGRA~1\MAGICISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Movkit Batch Video Converter 2.8.8-->"C:\Program Files\Movkit\Movkit Batch Video Converter\unins000.exe"
Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.6)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 7 Ultra Edition-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
Nero Reloaded PlugIn Pack 2.0.4 by GEAR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup
"C:\Program Files\InstallShield Installation Information\{F3D7915D-6B42-49FA-9FC8-5020479A6A57}\setup.exe" -l0x9 -removeonly
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NETGEAR DG632 ADSL Modem-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program
Files\InstallShield Installation Information\{CC5BCC32-7EAB-4555-B7DC-E7B9BF927C5C}\setup.exe" -l0x9
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OneTouch Version 3.0-->C:\PROGRA~1\VISION~1\UNWISE.EXE C:\PROGRA~1\VISION~1\INSTALL.LOG
PaperPort 7.02-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ScanSoft\PaperPort\Config\DeIsL1.isu" -y -c"C:\Program
Files\ScanSoft\PaperPort\UnInstl2.dll"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeraCopy 1.22 Pro-->"C:\Program Files\TeraCopy\unins000.exe"
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
UnZixWin-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\UnZixWin\ST6UNST.LOG"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
USB Tablet Manager-->Rmtablet KNL
VCW VicMan's Photo Editor-->C:\Program Files\VCW VicMan's Photo Editor\uninstal.exe
VirtualCloneDrive-->"C:\Program Files\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\VirtualCloneDrive"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Support Tools-->MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AVG 7.5.552
System event log
Computer Name: COMPUTER
Event Code: 6006
Message: The Event log service was stopped.
Record Number: 16224
Source Name: EventLog
Time Written: 20081102082925.000000-420
Event Type: information
User:
Computer Name: COMPUTER
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.
Record Number: 16223
Source Name: Service Control Manager
Time Written: 20081102075447.000000-420
Event Type: information
User:
Computer Name: COMPUTER
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.
Record Number: 16222
Source Name: Service Control Manager
Time Written: 20081102075444.000000-420
Event Type: information
User:
Computer Name: COMPUTER
Event Code: 7036
Message: The Computer Browser service entered the running state.
Record Number: 16221
Source Name: Service Control Manager
Time Written: 20081102075443.000000-420
Event Type: information
User:
Computer Name: COMPUTER
Event Code: 7035
Message: The Computer Browser service was successfully sent a start control.
Record Number: 16220
Source Name: Service Control Manager
Time Written: 20081102075443.000000-420
Event Type: information
User: NT AUTHORITY\SYSTEM
Application event log
Computer Name: COMPUTER
Event Code: 100
Message: wuauclt (3660) The database engine 5.01.2600.2180 started.
Record Number: 24491
Source Name: ESENT
Time Written: 20080324034729.000000-360
Event Type: information
User:
Computer Name: COMPUTER
Event Code: 101
Message: wuauclt (3188) The database engine stopped.
Record Number: 24490
Source Name: ESENT
Time Written: 20080324034729.000000-360
Event Type: information
User:
Computer Name: COMPUTER
Event Code: 103
Message: wuaueng.dll (3188) SUS20ClientDataStore: The database engine stopped the instance (0).
Record Number: 24489
Source Name: ESENT
Time Written: 20080324034729.000000-360
Event Type: information
User:
Computer Name: COMPUTER
Event Code: 102
Message: wuaueng.dll (3188) SUS20ClientDataStore: The database engine started a new instance (0).
Record Number: 24488
Source Name: ESENT
Time Written: 20080324034728.000000-360
Event Type: information
User:
Computer Name: COMPUTER
Event Code: 100
Message: wuauclt (3188) The database engine 5.01.2600.2180 started.
Record Number: 24487
Source Name: ESENT
Time Written: 20080324034728.000000-360
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Smart
Projects\IsoBuster;C:\Program Files\Support Tools
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
-----------------EOF-----------------
Thanks again, D58
Hi dinosaur58
I do not see anything "unfamiliar exe files in C:windows"
Let us take a deeper look.
Download OTScanIt2.exe (http://download.bleepingcomputer.com/oldtimer/OTScanIt2.exe) to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
Close any open browsers
Open the OTScanit2 folder and double-click on OTScanit2.exe to start the program.
If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
In the Processes group click ALL
In the Services group click Safe List
In the Drivers group click Safe List
In the Registry group click ALL
In the Rootkit Search group select YES
In the Files Age drop down box click 90 days
Make sure use white list and include all unicode names boxes are checked
In the Files created and Files modified groups select whitelist/file age
in the Additional scans sections please press select Everything and make sure safe list box is checked
Now on the toolbar at the top select "Scan all users" then click the Run Scan button
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
When done, Notepad will open. Please post this log in your next reply.
Thanks peku006
dinosaur58
2009-01-16, 23:38
Again thanks,
All of the Exe files in the Windows directory weren't there previously as I recall. Additionally threatexpert.com [admittedly somewhat alarmist] associates all of these both with legitimate apps and a known rootkit: Trojan.NirCmd [PC Tools]. Also if it helps a Scheduled Task [named gcetnfqd] that I did not create appeared [set to run every hour] that called on system32\wvUonLCS.dll [hidden].
OTScanIt2 logfile created on: 1/16/2009 02:47:11 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.6.2 Folder = C:\Documents and Settings\Administrator.COMPUTER\My Documents\Anti-Smitfraud\OTScanIt2
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.46 Mb Total Physical Memory | 643.89 Mb Available Physical Memory | 67.18% Memory free
2.26 Gb Paging File | 2.05 Gb Available in Paging File | 90.92% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.76 Gb Total Space | 77.06 Gb Free Space | 68.95% Space Free | Partition Type: FAT32
Drive D: | 465.65 Gb Total Space | 236.45 Gb Free Space | 50.78% Space Free | Partition Type: FAT32
Drive E: | 149.01 Gb Total Space | 130.79 Gb Free Space | 87.77% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: COMPUTER
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days
[Processes - All]
alg.exe -> %SystemRoot%\System32\alg.exe -> [2004/08/04 01:00:00 | 00,044,544 | ---- | M] (Microsoft Corporation)
atwtusb.exe -> %SystemRoot%\system32\atwtusb.exe -> [2007/03/20 17:43:50 | 00,315,392 | ---- | M] ()
avgamsvr.exe -> %SystemDrive%\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe -> [2008/11/12 11:59:50 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.)
avgcc.exe -> %SystemDrive%\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe -> [2008/11/12 12:08:54 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.)
avgemc.exe -> %SystemDrive%\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe -> [2008/11/12 11:59:50 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.)
avgupsvc.exe -> %SystemDrive%\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe -> [2008/11/12 11:52:56 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.)
csrss.exe -> %SystemRoot%\system32\csrss.exe -> [2004/08/04 01:00:00 | 00,006,144 | ---- | M] (Microsoft Corporation)
explorer.exe -> %SystemRoot%\Explorer.EXE -> [2007/06/13 03:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation)
lsass.exe -> %SystemRoot%\system32\lsass.exe -> [2004/08/04 01:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation)
notepad.exe -> %SystemRoot%\system32\NOTEPAD.EXE -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\My Documents\Anti-Smitfraud\OTScanIt2\OTScanIt2.exe -> [2009/01/09 09:03:22 | 00,485,376 | ---- | M] (OldTimer
Tools)
services.exe -> %SystemRoot%\system32\services.exe -> [2004/08/04 01:00:00 | 00,108,032 | ---- | M] (Microsoft Corporation)
smss.exe -> %SystemRoot%\System32\smss.exe -> [2004/08/04 01:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation)
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> [2005/11/11 14:07:40 | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.)
spoolsv.exe -> %SystemRoot%\system32\spoolsv.exe -> [2005/06/10 16:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> [2004/08/04 01:00:00 | 00,014,336 | ---- | M]
(Microsoft Corporation)
-> %SystemRoot%\system32\rpcss.dll [DcomLaunch] -> [2005/07/25 21:39:50 | 00,397,824 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\termsrv.dll [TermService] -> [2004/08/04 01:00:00 | 00,295,424 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\system32\regsvc.dll [RemoteRegistry] -> [2004/08/04 01:00:00 | 00,059,904 | ---- | M] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> [2004/08/04 01:00:00 | 00,014,336 | ---- | M]
(Microsoft Corporation)
-> %SystemRoot%\System32\rpcss.dll [RpcSs] -> [2005/07/25 21:39:50 | 00,397,824 | ---- | M] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] -> [2004/08/04 01:00:00 | 00,014,336 | ---- | M]
(Microsoft Corporation)
-> %SystemRoot%\system32\wiaservc.dll [stisvc] -> [2006/12/19 11:16:48 | 00,333,824 | ---- | M] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> [2004/08/04 01:00:00 | 00,014,336 | ----
| M] (Microsoft Corporation)
-> %SystemRoot%\system32\alrsvc.dll [Alerter] -> [2004/08/04 01:00:00 | 00,017,408 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\lmhsvc.dll [LmHosts] -> [2004/08/04 01:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\system32\regsvc.dll [RemoteRegistry] -> [2004/08/04 01:00:00 | 00,059,904 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\ssdpsrv.dll [SSDPSRV] -> [2004/08/04 01:00:00 | 00,071,680 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\upnphost.dll [upnphost] -> [2007/02/05 13:17:02 | 00,185,344 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\webclnt.dll [WebClient] -> [2006/01/03 20:35:06 | 00,068,096 | ---- | M] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\System32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> [2004/08/04 01:00:00 | 00,014,336 | ---- | M]
(Microsoft Corporation)
-> %SystemRoot%\System32\appmgmts.dll [AppMgmt] -> [2004/08/04 01:00:00 | 00,167,936 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\audiosrv.dll [AudioSrv] -> [2004/08/04 01:00:00 | 00,042,496 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\system32\qmgr.dll [BITS] -> [2004/08/04 01:00:00 | 00,382,464 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\browser.dll [Browser] -> [2004/08/04 01:00:00 | 00,077,312 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\cryptsvc.dll [CryptSvc] -> [2004/08/04 01:00:00 | 00,060,416 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\dhcpcsvc.dll [Dhcp] -> [2006/05/19 05:59:42 | 00,111,616 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\dmserver.dll [dmserver] -> [2004/08/04 01:00:00 | 00,023,552 | ---- | M] (Microsoft Corp.)
-> %SystemRoot%\System32\ersvc.dll [ERSvc] -> [2004/08/04 01:00:00 | 00,023,040 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\system32\es.dll [EventSystem] -> [2008/07/07 14:32:22 | 00,253,952 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\shsvcs.dll [FastUserSwitchingCompatibility] -> [2006/12/19 14:52:18 | 00,134,656 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> [2004/08/04 01:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\hidserv.dll [HidServ] -> File not found
-> %SystemRoot%\System32\srvsvc.dll [lanmanserver] -> [2004/12/07 12:32:34 | 00,096,768 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\wkssvc.dll [lanmanworkstation] -> [2006/08/17 05:28:28 | 00,132,096 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\msgsvc.dll [Messenger] -> [2004/08/04 01:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\netman.dll [Netman] -> [2005/08/22 11:29:46 | 00,197,632 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\mswsock.dll [Nla] -> [2008/06/20 11:41:10 | 00,245,248 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\system32\ntmssvc.dll [NtmsSvc] -> [2004/08/04 01:00:00 | 00,435,200 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\rasauto.dll [RasAuto] -> [2004/08/04 01:00:00 | 00,089,088 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\rasmans.dll [RasMan] -> [2006/06/22 03:47:18 | 00,181,248 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\mprdim.dll [RemoteAccess] -> [2004/08/04 01:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\system32\schedsvc.dll [Schedule] -> [2004/08/04 01:00:00 | 00,190,976 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\seclogon.dll [seclogon] -> [2004/08/04 01:00:00 | 00,018,944 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\system32\sens.dll [SENS] -> [2004/08/04 01:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\ipnathlp.dll [SharedAccess] -> [2004/08/04 01:00:00 | 00,331,264 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\shsvcs.dll [ShellHWDetection] -> [2006/12/19 14:52:18 | 00,134,656 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\system32\srsvc.dll [srservice] -> [2004/08/04 01:00:00 | 00,170,496 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\tapisrv.dll [TapiSrv] -> [2005/07/08 09:27:56 | 00,249,344 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\shsvcs.dll [Themes] -> [2006/12/19 14:52:18 | 00,134,656 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\system32\trkwks.dll [TrkWks] -> [2004/08/04 01:00:00 | 00,090,624 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\system32\w32time.dll [W32Time] -> [2004/08/04 01:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\system32\wbem\WMIsvc.dll [winmgmt] -> [2004/08/04 01:00:00 | 00,144,896 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\advapi32.dll [Wmi] -> [2004/08/04 01:00:00 | 00,616,960 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\system32\wscsvc.dll [wscsvc] -> [2004/08/04 01:00:00 | 00,081,408 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\system32\wuauserv.dll [wuauserv] -> [2004/08/04 01:00:00 | 00,006,656 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\wzcsvc.dll [WZCSVC] -> [2004/08/04 01:00:00 | 00,359,936 | ---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\xmlprov.dll [xmlprov] -> [2004/08/04 01:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> [2004/08/04 01:00:00 | 00,014,336 |
---- | M] (Microsoft Corporation)
-> %SystemRoot%\System32\dnsrslvr.dll [Dnscache] -> [2008/02/19 23:32:44 | 00,045,568 | ---- | M] (Microsoft Corporation)
tblmouse.exe -> %SystemRoot%\system32\TBLMOUSE.EXE -> [2007/01/30 09:52:42 | 00,065,184 | ---- | M] (WALTOP International Corp.)
winlogon.exe -> %SystemRoot%\system32\winlogon.exe -> [2004/08/04 01:00:00 | 00,502,272 | ---- | M] (Microsoft Corporation)
[Win32 Services - Safe List]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Seagate\Schedule2\schedul2.exe -> [2007/04/19
21:29:44 | 00,411,168 | ---- | M] (Acronis)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe ->
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe ->
[2008/03/25 19:48:26 | 00,312,880 | ---- | M] (GRISOFT s.r.o.)
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe -> [2008/11/12
11:59:50 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.)
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe -> [2008/11/12 11:52:56 |
00,049,664 | ---- | M] (GRISOFT, s.r.o.)
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe -> [2008/11/12 11:59:50 |
00,406,528 | ---- | M] (GRISOFT, s.r.o.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] ->
%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] ->
%SystemRoot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft
Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel
32\IDriverT.exe -> [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication
Foundation\infocard.exe -> [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation)
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> [2007/03/14 19:19:10 |
00,779,824 | ---- | M] (Nero AG)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows
Communication Foundation\SMSvcHost.exe -> [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation)
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> [2007/03/12
13:49:46 | 00,271,920 | ---- | M] (Nero AG)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> [2007/09/17 01:07:00 |
00,155,716 | ---- | M] (NVIDIA Corporation)
(UMWdf) Windows User Mode Driver Framework [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 13:44:28 |
00,038,912 | ---- | M] (Microsoft Corporation)
[Driver Services - Safe List]
(aiptektp) Pen Pad [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\aiptektp.sys -> [2006/06/06 09:51:06 | 00,022,528 | ---- | M]
(WALTOP International Corp.)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> [2005/12/02
14:11:40 | 03,841,856 | ---- | M] (Realtek Semiconductor Corp.)
(AVG Anti-Rootkit) AVG Anti-Rootkit [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\avgarkt.sys -> [2007/01/31 06:33:46 | 00,005,632
| ---- | M] (GRISOFT, s.r.o.)
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys ->
[2008/03/25 19:48:24 | 00,011,000 | ---- | M] ()
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avg7core.sys -> [2008/11/12 11:59:46 | 00,821,856 | ---- |
M] (GRISOFT, s.r.o.)
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avg7rsw.sys -> [2008/11/12 11:52:58 | 00,004,224 | ----
| M] (GRISOFT, s.r.o.)
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avg7rsxp.sys -> [2008/11/12 11:59:46 |
00,027,776 | ---- | M] (GRISOFT, s.r.o.)
(AvgArCln) Avg Anti-Rootkit Clean Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\AvgArCln.sys -> [2007/01/18 05:00:28 |
00,003,968 | ---- | M] (GRISOFT, s.r.o.)
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\AvgAsCln.sys -> [2006/09/06 00:03:16 |
00,003,968 | ---- | M] (GRISOFT, s.r.o.)
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avgclean.sys -> [2008/11/12 11:59:54 | 00,010,760 |
---- | M] (GRISOFT, s.r.o.)
(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\System32\Drivers\avgtdi.sys -> [2008/11/12 11:53:00 | 00,004,960 |
---- | M] (GRISOFT, s.r.o.)
(BCMNTIO) BCMNTIO [Kernel | Auto | Running] -> %SystemDrive%\PROGRA~1\CHECKIT\DIAGNO~1\BCMNTIO.sys -> [2004/03/05 17:09:00 | 00,003,744 | ----
| M] ()
(ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\ElbyCDIO.sys -> [2007/08/07 12:48:34 | 00,025,160 |
---- | M] (Elaborate Bytes AG)
(ElbyDelay) ElbyDelay [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\ElbyDelay.sys -> [2007/02/15 17:56:50 | 00,011,984 | ----
| M] (Elaborate Bytes AG)
(gmer) gmer [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\gmer.sys -> [2009/01/11 12:25:06 | 00,085,969 | ---- | M] (GMER)
(MAPMEM) MAPMEM [Kernel | Auto | Running] -> %SystemDrive%\PROGRA~1\CHECKIT\DIAGNO~1\MAPMEM.sys -> [2004/03/05 17:09:02 | 00,003,904 | ---- |
M] ()
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\nv4_mini.sys -> [2007/09/17 01:07:00 | 06,853,088 | ---- | M] (NVIDIA
Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\NVENETFD.sys ->
[2006/02/17 11:28:30 | 00,034,176 | ---- | M] (NVIDIA Corporation)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\nvnetbus.sys -> [2006/02/17 11:28:32 |
00,013,056 | ---- | M] (NVIDIA Corporation)
(Pnp680r) Silicon Image SiI 0680 Medley Raid Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\pnp680r.sys -> [2002/05/31
01:35:02 | 00,076,976 | R--- | M] (Silicon Image, Inc)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2004/08/04 01:00:00 |
00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2007/11/13 03:25:54 | 00,020,480 | ---- | M]
(Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(VClone) VClone [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\VClone.sys -> [2007/06/16 14:16:40 | 00,031,616 | ---- | M]
(Elaborate Bytes AG)
[Registry - All]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> about:blank ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s ->
HKEY_CURRENT_USER\: SearchURL\\"provider" -> ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Microsoft Url Search
Hook] -> [2008/10/16 03:37:04 | 01,494,528 | ---- | M] (Microsoft Corporation)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\] > -> ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\: Main\\"Default_Search_URL" ->
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\: Main\\"Local Page" -> C:\windows\system32\blank.htm ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\: Main\\"Page_Transitions" -> ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\: Main\\"Start Page" -> about:blank ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\: SearchURL\\"provider" -> ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] ->
%SystemRoot%\system32\shdocvw.dll [Microsoft Url Search Hook] -> [2008/10/16 03:37:04 | 01,494,528 | ---- | M] (Microsoft Corporation)
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\: "ProxyEnable" -> 0 ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Administrator.COMPUTER\Application
Data\Mozilla\FireFox\Profiles\bvvl5608.default\prefs.js ->
browser.search.selectedEngine -> "Google" ->
browser.startup.homepage -> "about:blank" ->
browser.startup.homepage_override.mstone -> "rv:1.8.1.16" ->
< HOSTS File > (290065 bytes and 10041 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] ->
[2008/06/11 22:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15
14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2009/01/12 08:26:14 |
00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/01/12
08:26:14 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\browseui.dll [&Address] -> [2008/10/16 03:37:04 |
01,023,488 | ---- | M] (Microsoft Corporation)
ShellBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\SHELL32.dll [&Links] -> [2007/10/25 20:36:52 |
08,454,656 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\browseui.dll [&Address] -> [2008/10/16 03:37:04 |
01,023,488 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\SHELL32.dll [&Links] -> [2007/10/25 20:36:52 | 08,454,656
| ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\] > ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\browseui.dll [&Address] -> [2008/10/16 03:37:04 |
01,023,488 | ---- | M] (Microsoft Corporation)
ShellBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\SHELL32.dll [&Links] -> [2007/10/25 20:36:52 |
08,454,656 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\browseui.dll [&Address] -> [2008/10/16 03:37:04 |
01,023,488 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\SHELL32.dll [&Links] -> [2007/10/25 20:36:52 | 08,454,656
| ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"atwtusb" -> %SystemRoot%\system32\atwtusb.exe [atwtusb.exe] -> [2007/03/20 17:43:50 | 00,315,392 | ---- | M] ()
"AVG7_CC" -> [C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP] -> File not found
"NeroFilterCheck" -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> [2007/03/09
18:53:56 | 00,153,136 | ---- | M] (Nero AG)
"nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2007/09/17 01:07:00 | 01,626,112 | ---- | M] ()
"SoundMan" -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> [2005/11/11 14:07:40 | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.)
"Tweak UI" -> %SystemRoot%\system32\TWEAKUI.CPL [RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp] -> [1997/11/08 00:00:00 | 00,087,312 | ---- | M]
(Microsoft Corporation)
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AVG7_Run" -> %SystemDrive%\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe [C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE] -> [2008/11/12 11:59:52 |
00,219,136 | ---- | M] (GRISOFT, s.r.o.)
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AVG7_Run" -> %SystemDrive%\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe [C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE] -> [2008/11/12 11:59:52 |
00,219,136 | ---- | M] (GRISOFT, s.r.o.)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk ->
%CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [2000/10/11 18:08:00 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
< montyl Startup Folder > -> C:\Documents and Settings\montyl\Start Menu\Programs\Startup ->
< Default User.WINDOWS Startup Folder > -> C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup ->
< All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup ->
-> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk.disabled -> [2009/01/12 12:31:42 | 00,000,794 | ---- | M] ()
< Administrator.COMPUTER Startup Folder > -> C:\Documents and Settings\Administrator.COMPUTER\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500] > ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoLogoff" -> [01 00 00 00 [binary data]] -> File not found
\\"NoRecentDocsMenu" -> [01 00 00 00 [binary data]] -> File not found
\\"NoRecentDocsHistory" -> [01 00 00 00 [binary data]] -> File not found
\\"NoRecentDocsNetHood" -> [01 00 00 00 [binary data]] -> File not found
\\"NoSMMyDocs" -> [01 00 00 00 [binary data]] -> File not found
\\"NoSMMyPictures" -> [01 00 00 00 [binary data]] -> File not found
\\"NoNetworkConnections" -> [01 00 00 00 [binary data]] -> File not found
\\"NoUserNameInStartMenu" -> [01 00 00 00 [binary data]] -> File not found
\\"ForceClassicControlPanel" -> [1] -> File not found
\\"NoDrives" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500] > ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoLogoff" -> [01 00 00 00 [binary data]] -> File not found
\\"NoRecentDocsMenu" -> [01 00 00 00 [binary data]] -> File not found
\\"NoRecentDocsHistory" -> [01 00 00 00 [binary data]] -> File not found
\\"NoRecentDocsNetHood" -> [01 00 00 00 [binary data]] -> File not found
\\"NoSMMyDocs" -> [01 00 00 00 [binary data]] -> File not found
\\"NoSMMyPictures" -> [01 00 00 00 [binary data]] -> File not found
\\"NoNetworkConnections" -> [01 00 00 00 [binary data]] -> File not found
\\"NoUserNameInStartMenu" -> [01 00 00 00 [binary data]] -> File not found
\\"ForceClassicControlPanel" -> [1] -> File not found
\\"NoDrives" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500] > ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Save Flash -> %ProgramFiles%\SWF-Get\Flash Saving Plugin\FlashSButton.dll [res://C:\Program Files\SWF-Get\Flash Saving
Plugin\FlashSButton.dll/210] -> [2005/04/30 14:53:32 | 00,180,224 | ---- | M] (UnH Solutions)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\] > ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\Software\Microsoft\Internet Explorer\MenuExt\ ->
Save Flash -> %ProgramFiles%\SWF-Get\Flash Saving Plugin\FlashSButton.dll [res://C:\Program Files\SWF-Get\Flash Saving
Plugin\FlashSButton.dll/210] -> [2005/04/30 14:53:32 | 00,180,224 | ---- | M] (UnH Solutions)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [Menu:
Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
{43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\"ButtonText" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\"ClsidExtension" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\"Default Visible" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\"HotIcon" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\"Icon" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\"{43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [Spybot - Search & Destroy
Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\] > ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\Software\Microsoft\Internet Explorer\Extensions\ ->
{43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\"ButtonText" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\"ClsidExtension" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\"Default Visible" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\"HotIcon" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\"Icon" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\"{43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [Spybot - Search & Destroy
Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5248 domain(s) found. ->
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7832 domain(s) found. ->
55 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5254 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5254 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4107 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4107 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\] > ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key]
7832 domain(s) found. ->
55 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\] > ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77
range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} [HKLM] -> http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab [CKAVWebScan Object] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] ->
http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206762645578 [WUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab [Shockwave Flash Object]
->
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2007/06/13 03:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> [2004/08/04 01:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> [2004/08/04 01:00:00 | 00,514,560 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> [2007/10/25 20:36:52 | 08,454,656 | ---- | M] (Microsoft Corporation)
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> [2004/08/04 01:00:00 | 00,298,496 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
crypt32chain -> %SystemRoot%\system32\crypt32.dll -> [2004/08/04 01:00:00 | 00,597,504 | ---- | M] (Microsoft Corporation)
cryptnet -> %SystemRoot%\system32\cryptnet.dll -> [2004/08/04 01:00:00 | 00,063,488 | ---- | M] (Microsoft Corporation)
cscdll -> %SystemRoot%\system32\cscdll.dll -> [2004/08/04 01:00:00 | 00,101,888 | ---- | M] (Microsoft Corporation)
ScCertProp -> %SystemRoot%\system32\wlnotify.dll -> [2004/08/04 01:00:00 | 00,092,672 | ---- | M] (Microsoft Corporation)
Schedule -> %SystemRoot%\system32\wlnotify.dll -> [2004/08/04 01:00:00 | 00,092,672 | ---- | M] (Microsoft Corporation)
sclgntfy -> %SystemRoot%\system32\sclgntfy.dll -> [2004/08/04 01:00:00 | 00,020,992 | ---- | M] (Microsoft Corporation)
SensLogn -> %SystemRoot%\system32\WlNotify.dll -> [2004/08/04 01:00:00 | 00,092,672 | ---- | M] (Microsoft Corporation)
termsrv -> %SystemRoot%\system32\wlnotify.dll -> [2004/08/04 01:00:00 | 00,092,672 | ---- | M] (Microsoft Corporation)
WgaLogon -> %SystemRoot%\system32\WgaLogon.dll -> [2007/04/10 14:00:46 | 00,236,928 | ---- | M] (Microsoft Corporation)
wlballoon -> %SystemRoot%\system32\wlnotify.dll -> [2004/08/04 01:00:00 | 00,092,672 | ---- | M] (Microsoft Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{fbeb8a05-beee-4442-804e-409d6c4515e9}" [HKLM] -> %SystemRoot%\system32\SHELL32.dll [CDBurn] -> [2007/10/25 20:36:52 | 08,454,656 | ---- | M]
(Microsoft Corporation)
"{7849596a-48ea-486e-8937-a2a3009f31a9}" [HKLM] -> %SystemRoot%\system32\SHELL32.dll [PostBootReminder] -> [2007/10/25 20:36:52 | 08,454,656 |
---- | M] (Microsoft Corporation)
"{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> %SystemRoot%\system32\stobject.dll [SysTray] -> [2004/08/04 01:00:00 | 00,121,856 | ---- |
M] (Microsoft Corporation)
"{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKLM] -> %SystemRoot%\system32\upnpui.dll [UPnPMonitor] -> [2004/08/04 01:00:00 | 00,239,616 | ---- |
M] (Microsoft Corporation)
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> %SystemRoot%\system32\webcheck.dll [WebCheck] -> [2004/08/04 01:00:00 | 00,276,480 | ---- |
M] (Microsoft Corporation)
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Browseui preloader] -> [2008/10/16 03:37:04 | 01,023,488
| ---- | M] (Microsoft Corporation)
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Component Categories cache daemon] -> [2008/10/16
03:37:04 | 01,023,488 | ---- | M] (Microsoft Corporation)
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ ->
Your Image File Name Here without a path -> %SystemRoot%\System32\ntsd.exe [Debugger] -> [2004/08/04 01:00:00 | 00,031,744 | ---- | M]
(Microsoft Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] ->
[2008/03/25 19:48:24 | 00,079,408 | ---- | M] (GRISOFT s.r.o.)
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> %SystemRoot%\system32\shell32.dll [] -> [2007/10/25 20:36:52 | 08,454,656 | ---- | M]
(Microsoft Corporation)
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll -> %SystemRoot%\system32\msapsspc.dll -> [2004/08/04 01:00:00 | 00,086,016 | ---- | M] (Microsoft Corporation)
schannel.dll -> %SystemRoot%\system32\schannel.dll -> [2007/04/25 07:21:16 | 00,144,896 | ---- | M] (Microsoft Corporation)
digest.dll -> %SystemRoot%\system32\digest.dll -> [2004/08/04 01:00:00 | 00,068,608 | ---- | M] (Microsoft Corporation)
msnsspc.dll -> %SystemRoot%\system32\msnsspc.dll -> [2004/08/04 01:00:00 | 00,290,816 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> [2004/08/04 01:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\System32\kerberos.dll -> [2005/06/15 10:49:30 | 00,295,936 | ---- | M] (Microsoft Corporation)
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> [2004/08/04 01:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation)
schannel -> %SystemRoot%\System32\schannel.dll -> [2007/04/25 07:21:16 | 00,144,896 | ---- | M] (Microsoft Corporation)
wdigest -> %SystemRoot%\System32\wdigest.dll -> [2004/08/04 01:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] ->
[2004/08/04 01:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] ->
[2004/08/04 01:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" -> C:\Program Files\Grisoft\AVG Free\avgamsvr.exe [C:\Program Files\Grisoft\AVG
Free\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> [2008/11/12 11:59:50 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG Free\avgcc.exe" -> C:\Program Files\Grisoft\AVG Free\avgcc.exe [C:\Program Files\Grisoft\AVG
Free\avgcc.exe:*:Enabled:avgcc.exe] -> [2008/11/12 12:08:54 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG Free\avgemc.exe" -> C:\Program Files\Grisoft\AVG Free\avgemc.exe [C:\Program Files\Grisoft\AVG
Free\avgemc.exe:*:Enabled:avgemc.exe] -> [2008/11/12 11:59:50 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG Free\avginet.exe" -> C:\Program Files\Grisoft\AVG Free\avginet.exe [C:\Program Files\Grisoft\AVG
Free\avginet.exe:*:Enabled:avginet.exe] -> [2008/11/12 12:08:56 | 00,514,560 | ---- | M] (GRISOFT, s.r.o.)
"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent]
-> [2009/01/14 04:20:16 | 00,270,128 | ---- | M] (BitTorrent, Inc.)
"C:\WINDOWS\System32\mmc.exe" -> C:\WINDOWS\System32\mmc.exe [C:\WINDOWS\System32\mmc.exe:*:Disabled:Microsoft Management Console] ->
[2004/08/04 01:00:00 | 00,815,104 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] ->
[2004/08/04 01:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2004/08/04 01:00:00 | 00,049,536 | ---- | M] (Microsoft
Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ FAT32 ] -> [2007/10/23 00:49:12 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
Log too long for 1 reply
dinosaur58
2009-01-16, 23:42
Log continued:
< ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608500} [HKLM] -> C:\WINDOWS\System32\Java.exe [(default): Java (Sun); IsInstalled: 1] -> [2009/01/12 08:26:14 |
00,144,792 | ---- | M] (Sun Microsystems, Inc.)
{10072CEC-8CC1-11D1-986E-00A0C955B42F} [HKLM] -> [(default): Vector Graphics Rendering (VML); IsInstalled: 01 00 00 00 [binary data]] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> [(default): Macromedia Shockwave Director 7.0.0; IsInstalled: 01 00 00 00 [binary data]] ->
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [StubPath] -> [ComponentID: NetShow; IsInstalled: 1] ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> [(default): Microsoft Windows Media Player 6.4; IsInstalled: 1] ->
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> [(default): Adobe Shockwave Director 10.1.4; IsInstalled: 01 00 00 00 [binary data]] ->
{283807B5-2C60-11D0-A31D-00AA00B92C03} [HKLM] -> [(default): DirectAnimation; IsInstalled: 1] ->
{2A202491-F00D-11cf-87CC-0020AFEECF20} [HKLM] -> [(default): Macromedia Shockwave Director 7.0.0; IsInstalled: 01 00 00 00 [binary data]] ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [StubPath] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[(default): Themes Setup; IsInstalled: 1] ->
{36f8ec70-c29a-11d1-b5c7-0000f8051515} [HKLM] -> [(default): Dynamic HTML Data Binding for Java; IsInstalled: 1] ->
{3af36230-a269-11d1-b5bf-0000f8051515} [HKLM] -> [(default): Offline Browsing Pack; IsInstalled: 1] ->
{3bf42070-b3b1-11d1-b5c5-0000f8051515} [HKLM] -> [(default): Uniscribe; IsInstalled: 1] ->
{4278c270-a269-11d1-b5bf-0000f8051515} [HKLM] -> [(default): Advanced Authoring; IsInstalled: 1] ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[(default): Microsoft Outlook Express 6; IsInstalled: 1] ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection
C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [(default): NetMeeting 3.01; IsInstalled: 01 00 00 00 [binary data]] ->
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> [(default): DirectShow; IsInstalled: 1] ->
{44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKLM] -> [(default): DirectDrawEx; IsInstalled: 1] ->
{45ea75a0-a269-11d1-b5bf-0000f8051515} [HKLM] -> [(default): Internet Explorer Help; IsInstalled: 1] ->
{4b218e3e-bc98-4770-93d3-2731b9329278} [StubPath] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896
%systemroot%\inf\ie.inf [(default): Internet Explorer; IsInstalled: 1] ->
{4f216970-c90c-11d1-b5c7-0000f8051515} [HKLM] -> [(default): DirectAnimation Java Classes; IsInstalled: 1] ->
{4f645220-306d-11d2-995d-00c04f98bbc9} [HKLM] -> [(default): Microsoft Windows Script 5.6; IsInstalled: 1] ->
{5056b317-8d4c-43ee-8543-b9d1e234b8f4} [HKLM] -> C:\WINDOWS\System32\Security.dll [(default): Security Update for Windows XP (KB923789);
IsInstalled: 1] -> [2004/08/04 01:00:00 | 00,005,632 | ---- | M] (Microsoft Corporation)
{5945c046-1e7d-11d1-bc44-00c04fd912be} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection
C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [(default): Windows Messenger 4.7; IsInstalled: 1] ->
{5A8D6EE0-3E18-11D0-821E-444553540000} [HKLM] -> Reg Error: Value does not exist or could not be read. [ComponentID: ICW; IsInstalled: 1] ->
File not found
{5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKLM] -> [(default): Internet Explorer Setup Tools; IsInstalled: 1] ->
{630b1da0-b465-11d1-9948-00c04f98bbc9} [HKLM] -> [(default): Browsing Enhancements; IsInstalled: 1] ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [(default):
Microsoft Windows Media Player; IsInstalled: 1] ->
{6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKLM] -> [(default): MSN Site Access; IsInstalled: 1] ->
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} [HKLM] -> [(default): .NET Framework] ->
{7790769C-0471-11d2-AF11-00C04FA35D02} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[(default): Address Book 6; IsInstalled: 1] ->
{89820200-ECBD-11cf-8B85-00AA005B4340} [StubPath] -> regsvr32.exe /s /n /i:U shell32.dll [(default): Windows Desktop Update; IsInstalled: 1] ->
{89820200-ECBD-11cf-8B85-00AA005B4383} [StubPath] -> %SystemRoot%\system32\ie4uinit.exe [(default): Internet Explorer 6; IsInstalled: 1] ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [StubPath] -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install [ComponentID:
DOTNETFRAMEWORKS; IsInstalled: 1] ->
{9381D8F2-0288-11D0-9501-00AA00B911A5} [HKLM] -> [(default): Dynamic HTML Data Binding; IsInstalled: 1] ->
{ACC563BC-4266-43f0-B6ED-9D38C4202C7E} [HKLM] -> Reg Error: Value does not exist or could not be read. [(no name)] -> File not found
{B508B3F1-A24A-32C0-B310-85786919EF28} [HKLM] -> [(default): .NET Framework] ->
{C9E9A340-D1F1-11D0-821E-444553540600} [HKLM] -> [(default): Internet Explorer Core Fonts; IsInstalled: 1] ->
{CC2A9BA0-3BDD-11D0-821E-444553540000} [HKLM] -> [(default): Task Scheduler; IsInstalled: 1] ->
{CDD7975E-60F8-41d5-8149-19E51D6F71D0} [HKLM] -> Reg Error: Value does not exist or could not be read. [ComponentID: Windows Movie Maker v2.1;
IsInstalled: 01 00 00 00 [binary data]] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> [(default): Adobe Flash Player; IsInstalled: 01 00 00 00 [binary data]] ->
{de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKLM] -> [(default): HTML Help; IsInstalled: 1] ->
{E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKLM] -> [(default): Active Directory Service Interface; IsInstalled: 01 00 00 00 [binary data]] ->
{EF289A85-8E57-408d-BE47-73B55609861A} [HKLM] -> [(default): RootsUpdate; IsInstalled: 1] ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP [(default): Microsoft Windows Media Player;
IsInstalled: 0] ->
>{26923b43-4d38-484f-9b9e-de460746276c} [StubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [(default): Internet Explorer;
IsInstalled: 1] ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [StubPath] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [(default): Browser Customizations;
IsInstalled: 1] ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [StubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [(default): Outlook Express;
IsInstalled: 0] ->
Microsoft Base Smart Card Crypto Provider Package [HKLM] -> Reg Error: Value does not exist or could not be read. [(no name); IsInstalled: 1]
-> File not found
< ActiveX StubPath [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [HKLM] -> [HKLM: Microsoft NetShow Player] ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [HKLM] -> [HKLM: Windows Media Player] ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKLM] -> [(no name)] ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> [(no name)] ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> [(no name)] ->
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> [(no name)] ->
{4b218e3e-bc98-4770-93d3-2731b9329278} [HKLM] -> [(no name)] ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} [HKLM] -> [(no name)] ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [HKLM] -> [HKLM: Windows Media Player] ->
{7790769C-0471-11d2-AF11-00C04FA35D02} [HKLM] -> [(no name)] ->
{89820200-ECBD-11cf-8B85-00AA005B4340} [HKLM] -> [(no name)] ->
{89820200-ECBD-11cf-8B85-00AA005B4383} [HKLM] -> [(no name)] ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKLM] -> Reg Error: Value does not exist or could not be read. [(no name)] -> File not found
>{26923b43-4d38-484f-9b9e-de460746276c} [HKLM] -> [(no name)] ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [HKLM] -> C:\WINDOWS\System32\Browser.dll [(no name)] -> [2004/08/04 01:00:00 | 00,077,312 | ----
| M] (Microsoft Corporation)
< ActiveX StubPath [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [HKLM] -> Reg Error: Key does not exist or could not be opened. [HKLM: Microsoft NetShow Player] -> File
not found
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [HKLM] -> Reg Error: Key does not exist or could not be opened. [HKLM: Windows Media Player] -> File not
found
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [HKLM] -> Reg Error: Key does not exist or could not be opened. [HKLM: Windows Media Player] -> File not
found
< ActiveX StubPath [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [HKLM] -> Reg Error: Key does not exist or could not be opened. [HKLM: Microsoft NetShow Player] -> File
not found
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [HKLM] -> Reg Error: Key does not exist or could not be opened. [HKLM: Windows Media Player] -> File not
found
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [HKLM] -> Reg Error: Key does not exist or could not be opened. [HKLM: Windows Media Player] -> File not
found
< ActiveX StubPath [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [HKLM] -> Reg Error: Key does not exist or could not be opened. [HKLM: Microsoft NetShow Player] -> File
not found
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [HKLM] -> Reg Error: Key does not exist or could not be opened. [HKLM: Windows Media Player] -> File not
found
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [HKLM] -> Reg Error: Key does not exist or could not be opened. [HKLM: Windows Media Player] -> File not
found
< ActiveX StubPath [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [HKLM] -> Reg Error: Key does not exist or could not be opened. [HKLM: Microsoft NetShow Player] -> File
not found
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [HKLM] -> Reg Error: Key does not exist or could not be opened. [HKLM: Windows Media Player] -> File not
found
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [HKLM] -> Reg Error: Key does not exist or could not be opened. [HKLM: Windows Media Player] -> File not
found
< ActiveX StubPath [HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\] > ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [HKLM] -> Reg Error: Key does not exist or could not be opened. [HKLM: Microsoft NetShow Player] -> File
not found
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [HKLM] -> Reg Error: Key does not exist or could not be opened. [HKLM: Windows Media Player] -> File not
found
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{4b218e3e-bc98-4770-93d3-2731b9329278} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [HKLM] -> Reg Error: Key does not exist or could not be opened. [HKLM: Windows Media Player] -> File not
found
{7790769C-0471-11d2-AF11-00C04FA35D02} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4340} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4383} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
>{26923b43-4d38-484f-9b9e-de460746276c} [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [HKLM] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ ->
AcroRd32.exe -> %ProgramFiles%\Adobe\Reader 9.0\Reader\AcroRd32.exe [C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe] -> [2008/06/12
02:47:22 | 00,349,544 | ---- | M] (Adobe Systems Incorporated)
Adobe SVG Viewer -> [C:\WINDOWS\System32\Adobe\SVG Viewer\Adobe SVG Viewer] -> File not found
AVGSE.DLL -> %SystemDrive%\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll [C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll] -> [2008/11/12 11:52:56 | 00,050,688 |
---- | M] (GRISOFT, s.r.o.)
AVGW.EXE -> %SystemDrive%\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe [C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe] -> [2008/11/12 11:59:52 | 00,219,136 |
---- | M] (GRISOFT, s.r.o.)
BackItUp.exe -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\BackItUp.exe [C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp.exe] -> [2007/03/14
19:18:06 | 19,416,624 | ---- | M] (Nero AG)
BounceBack Express -> [C:\Program Files\CMS Peripherals\BounceBack Express\BounceBack Express] -> File not found
CheckIt.exe -> %SystemDrive%\PROGRA~1\CheckIt\Diagnostics\CheckIt.exe [C:\PROGRA~1\CheckIt\Diagnostics\CheckIt.exe] -> [2004/08/06 15:40:44 |
00,528,384 | ---- | M] (Smith Micro Software, Inc.)
cmmgr32.exe -> %SystemRoot%\system32\cmmgr32.exe [C:\WINDOWS\system32\cmmgr32.exe] -> File not found
combofix.exe -> %UserProfile%\My Documents\Anti-Smitfraud\Country.exe [C:\Documents and Settings\Administrator.COMPUTER\My
Documents\Anti-Smitfraud\Country.exe] -> [2009/01/11 12:18:16 | 02,915,194 | R--- | M] ()
CONF.EXE -> %ProgramFiles%\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe] -> [2004/08/04 01:00:00 | 01,032,192 | ---- | M]
(Microsoft Corporation)
DataLifeguard.exe -> %ProgramFiles%\Western Digital\Data Lifeguard Tools\DataLifeguard.exe [C:\Program Files\Western Digital\Data Lifeguard
Tools\DataLifeguard.exe] -> [2004/03/29 15:40:06 | 00,049,152 | ---- | M] (Kroll Ontrack Inc.)
dialer.exe -> %ProgramFiles%\Windows NT\dialer.exe [C:\Program Files\Windows NT\dialer.exe] -> [2004/08/04 01:00:00 | 00,539,136 | ---- | M]
(Microsoft Corporation)
dwwin.exe -> %ProgramFiles%\DiscWizard for Windows\dwwin.exe [C:\Program Files\DiscWizard for Windows\dwwin.exe] -> [2004/03/31 09:19:52 |
00,552,960 | ---- | M] (Kroll Ontrack Inc)
ElbyDVD.exe -> %ProgramFiles%\VirtualCloneDrive\ElbyDVD.exe [C:\Program Files\VirtualCloneDrive\ElbyDVD.exe] -> [2004/08/20 03:34:36 |
00,069,632 | ---- | M] (Elaborate Bytes AG)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe] -> [2008/07/23 20:12:36 | 07,667,312 |
---- | M] (Mozilla Corporation)
frontpg.exe -> %SystemDrive%\PROGRA~1\MICROS~2\Office\FRONTPG.EXE [C:\PROGRA~1\MICROS~2\Office\FRONTPG.EXE] -> [1999/03/19 23:06:38 |
01,990,730 | R--- | M] (Microsoft Corporation)
HELPCTR.EXE -> %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe] -> [2004/08/04 01:00:00 |
00,768,512 | ---- | M] (Microsoft Corporation)
HijackThis.exe -> %UserProfile%\My Documents\Anti-Smitfraud\hijackthis.exe [C:\Documents and Settings\Administrator.COMPUTER\My
Documents\Anti-Smitfraud\hijackthis.exe] -> [2008/07/14 22:48:00 | 00,401,720 | ---- | M] (Trend Micro Inc.)
hypertrm.exe -> %ProgramFiles%\Windows NT\hypertrm.exe ["C:\Program Files\Windows NT\hypertrm.exe"] -> [2004/08/04 01:00:00 | 00,028,160 | ----
| M] (Hilgraeve, Inc.)
ICWCONN1.EXE -> %ProgramFiles%\Internet Explorer\Connection Wizard\ICWCONN1.EXE ["C:\Program Files\Internet Explorer\Connection
Wizard\ICWCONN1.EXE"] -> [2004/08/04 01:00:00 | 00,214,528 | ---- | M] (Microsoft Corporation)
ICWCONN2.EXE -> %ProgramFiles%\Internet Explorer\Connection Wizard\ICWCONN2.EXE ["C:\Program Files\Internet Explorer\Connection
Wizard\ICWCONN2.EXE"] -> [2004/08/04 01:00:00 | 00,086,016 | ---- | M] (Microsoft Corporation)
IEXPLORE.EXE -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe] -> [2004/08/04 01:00:00 |
00,093,184 | ---- | M] (Microsoft Corporation)
ImageDrive.exe -> %ProgramFiles%\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe [C:\Program Files\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe] ->
[2007/03/14 19:20:30 | 01,070,640 | ---- | M] (Nero AG)
INETWIZ.EXE -> %ProgramFiles%\Internet Explorer\Connection Wizard\INETWIZ.EXE ["C:\Program Files\Internet Explorer\Connection
Wizard\INETWIZ.EXE"] -> [2004/08/04 01:00:00 | 00,020,480 | ---- | M] (Microsoft Corporation)
install.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not
found
ISIGNUP.EXE -> %ProgramFiles%\Internet Explorer\Connection Wizard\ISIGNUP.EXE ["C:\Program Files\Internet Explorer\Connection
Wizard\ISIGNUP.EXE"] -> [2004/08/04 01:00:00 | 00,016,384 | ---- | M] (Microsoft Corporation)
IsoBuster.exe -> %ProgramFiles%\Smart Projects\IsoBuster\IsoBuster.exe [C:\Program Files\Smart Projects\IsoBuster\IsoBuster.exe] -> [2007/12/21
16:52:08 | 04,404,664 | ---- | M] (Smart Projects)
javaws.exe -> %ProgramFiles%\Java\jre6\bin\javaws.exe [C:\Program Files\Java\jre6\bin\javaws.exe] -> [2009/01/12 08:26:14 | 00,148,888 | ---- |
M] (Sun Microsystems, Inc.)
mbam.exe -> %ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe [C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe] -> [2009/01/14 16:11:26 |
01,273,488 | ---- | M] (Malwarebytes Corporation)
migwiz.exe -> %SystemRoot%\system32\usmt\migwiz.exe [%SystemRoot%\system32\usmt\migwiz.exe] -> [2004/08/04 01:00:00 | 00,240,128 | ---- | M]
(Microsoft Corporation)
moviemk.exe -> %ProgramFiles%\Movie Maker\moviemk.exe [C:\Program Files\Movie Maker\moviemk.exe] -> [2004/08/04 01:00:00 | 03,555,328 | ---- |
M] (Microsoft Corporation)
mplayer2.exe -> %ProgramFiles%\Windows Media Player\mplayer2.exe ["C:\Program Files\Windows Media Player\mplayer2.exe"] -> [2004/08/04 01:00:00
| 00,004,639 | ---- | M] ()
MSCONFIG.EXE -> %SystemRoot%\pchealth\helpctr\Binaries\MSCONFIG.EXE [%systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE] -> [2004/08/04
01:00:00 | 00,158,208 | ---- | M] (Microsoft Corporation)
msimn.exe -> %ProgramFiles%\Outlook Express\msimn.exe [%ProgramFiles%\Outlook Express\msimn.exe] -> [2004/08/04 01:00:00 | 00,060,416 | -HS- |
M] (Microsoft Corporation)
msinfo32.exe -> %CommonProgramFiles%\Microsoft Shared\MSInfo\MSInfo32.exe [C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe]
-> [2004/08/04 01:00:00 | 00,039,936 | ---- | M] (Microsoft Corporation)
MSMSGS.EXE -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found
MsoHtmEd.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not
found
NCoverEd.exe -> %ProgramFiles%\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe [C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe] ->
[2007/02/28 19:20:06 | 05,740,080 | ---- | M] (Nero AG)
Nero.exe -> %ProgramFiles%\Nero\Nero 7\Core\Nero.exe [C:\Program Files\Nero\Nero 7\Core\Nero.exe] -> [2007/03/14 11:40:22 | 36,673,072 | ---- |
M] (Nero AG)
NeroBurnRights.exe -> %ProgramFiles%\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe [C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe]
-> [2007/03/14 19:19:50 | 00,919,088 | ---- | M] (Nero AG)
NeroMediaHome.exe -> %ProgramFiles%\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe [C:\Program Files\Nero\Nero 7\Nero
MediaHome\NeroMediaHome.exe] -> [2007/03/12 13:50:58 | 04,216,368 | ---- | M] (Nero AG)
NeroVision.exe -> %ProgramFiles%\Nero\Nero 7\Nero Vision\NeroVision.exe [C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe] ->
[2007/02/28 20:51:38 | 01,005,616 | ---- | M] (Nero AG)
PaprPort.exe -> %ProgramFiles%\ScanSoft\PaperPort\PaprPort.exe [C:\Program Files\ScanSoft\PaperPort\PaprPort.exe] -> [2001/10/15 15:16:16 |
00,307,712 | ---- | M] (Scansoft Inc.)
pbrush.exe -> %SystemRoot%\system32\mspaint.exe [%SystemRoot%\system32\mspaint.exe] -> [2004/08/04 01:00:00 | 00,343,040 | ---- | M] (Microsoft
Corporation)
PhotoshopElements.exe -> %ProgramFiles%\Adobe\Photoshop Elements\PhotoshopElements.exe [C:\Program Files\Adobe\Photoshop
Elements\PhotoshopElements.exe] -> [2009/01/12 12:31:40 | 13,381,632 | ---- | M] (Adobe Systems, Incorporated)
PhotoSnapViewer.exe -> %ProgramFiles%\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe [C:\Program Files\Nero\Nero 7\Nero
PhotoSnap\PhotoSnapViewer.exe] -> [2007/03/14 19:24:52 | 02,938,416 | ---- | M] (Nero AG)
PictureViewer.exe -> %ProgramFiles%\QuickTime\PictureViewer.exe [C:\Program Files\QuickTime\PictureViewer.exe] -> [2008/05/27 10:50:24 |
00,548,864 | ---- | M] (Apple Inc.)
PowerPnt.exe -> %SystemDrive%\PROGRA~1\MICROS~2\Office\POWERPNT.EXE [C:\PROGRA~1\MICROS~2\Office\POWERPNT.EXE] -> [1999/03/16 21:41:22 |
04,325,428 | R--- | M] ()
QuickTimePlayer.exe -> %ProgramFiles%\QuickTime\QuickTimePlayer.exe [C:\Program Files\QuickTime\QuickTimePlayer.exe] -> [2008/05/27 10:50:48 |
07,677,232 | ---- | M] (Apple Inc.)
RealPlay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe] -> [2007/10/23 23:59:18 |
00,214,560 | ---- | M] (RealNetworks, Inc.)
Recode.exe -> %ProgramFiles%\Nero\Nero 7\Nero Recode\Recode.exe [C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe] -> [2007/03/14 19:27:40 |
11,863,600 | ---- | M] (Nero AG)
rnxproc.exe -> %CommonProgramFiles%\Real\Update_OB\rnxproc.exe [C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe] -> [2007/10/23
23:59:16 | 00,058,912 | ---- | M] (RealNetworks, Inc.)
RogueRemover.exe -> %ProgramFiles%\RogueRemover FREE\RogueRemover.exe [C:\Program Files\RogueRemover FREE\RogueRemover.exe] -> [2008/02/24
14:53:10 | 00,266,240 | ---- | M] (Malwarebytes)
setup.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found
ShowTime.exe -> %ProgramFiles%\Nero\Nero 7\Nero ShowTime\ShowTime.exe [C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe] -> [2007/02/28
15:41:02 | 05,199,408 | ---- | M] (Nero AG)
SMRegister.exe -> %SystemDrive%\PROGRA~1\COMMON~1\SMITHM~1\SMREGI~1.EXE [C:\PROGRA~1\COMMON~1\SMITHM~1\SMREGI~1.EXE] -> [2004/03/15 14:08:10 |
00,184,320 | ---- | M] (Smith Micro Software, Inc.)
SoundTrax.exe -> %ProgramFiles%\Nero\Nero 7\Nero SoundTrax\SoundTrax.exe [C:\Program Files\Nero\Nero 7\Nero SoundTrax\SoundTrax.exe] ->
[2007/02/28 19:23:56 | 03,167,792 | ---- | M] (Nero AG)
table30.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not
found
thunderbird.exe -> %ProgramFiles%\Mozilla Thunderbird\thunderbird.exe [C:\Program Files\Mozilla Thunderbird\thunderbird.exe] -> [2007/11/24
21:24:10 | 08,472,936 | ---- | M] (Mozilla Corporation)
UnZixWin.exe -> %ProgramFiles%\UnZixWin\UnZixWin.exe [C:\Program Files\UnZixWin\UnZixWin.exe] -> [2007/11/25 20:49:24 | 00,270,336 | ---- | M]
(Last Resort Software)
VCDDaemon.exe -> %ProgramFiles%\VirtualCloneDrive\VCDDaemon.exe [C:\Program Files\VirtualCloneDrive\VCDDaemon.exe] -> [2006/04/29 06:21:30 |
00,094,208 | ---- | M] (Elaborate Bytes AG)
VCDMount.exe -> %ProgramFiles%\VirtualCloneDrive\VCDMount.exe [C:\Program Files\VirtualCloneDrive\VCDMount.exe] -> [2006/02/13 06:10:06 |
00,034,304 | ---- | M] (Elaborate Bytes AG)
VCDPrefs.exe -> %ProgramFiles%\VirtualCloneDrive\VCDPrefs.exe [C:\Program Files\VirtualCloneDrive\VCDPrefs.exe] -> [2007/10/28 08:02:42 |
00,848,384 | ---- | M] (Elaborate Bytes AG)
wab.exe -> %ProgramFiles%\Outlook Express\wab.exe [%ProgramFiles%\Outlook Express\wab.exe] -> [2004/08/04 01:00:00 | 00,046,080 | ---- | M]
(Microsoft Corporation)
wabmig.exe -> %ProgramFiles%\Outlook Express\wabmig.exe [%ProgramFiles%\Outlook Express\wabmig.exe] -> [2004/08/04 01:00:00 | 00,030,208 | ----
| M] (Microsoft Corporation)
waveedit.exe -> %ProgramFiles%\Nero\Nero 7\Nero WaveEditor\waveedit.exe [C:\Program Files\Nero\Nero 7\Nero WaveEditor\waveedit.exe] ->
[2007/02/28 19:22:46 | 00,788,016 | ---- | M] (Nero AG)
winnt32.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not
found
WinRAR.exe -> %ProgramFiles%\WinRAR\WinRAR.exe [C:\Program Files\WinRAR\WinRAR.exe] -> [2007/12/11 23:21:34 | 00,915,968 | ---- | M] ()
Winword.exe -> %SystemDrive%\PROGRA~1\MICROS~2\Office\WINWORD.EXE [C:\PROGRA~1\MICROS~2\Office\WINWORD.EXE] -> [1999/03/17 23:38:10 |
08,798,260 | R--- | M] (Microsoft Corporation)
WMPBurn.exe -> %ProgramFiles%\Nero\Nero 7\Nero Fast CD-DVD Burning Plug-in\WMPBurn.exe [C:\Program Files\Nero\Nero 7\Nero Fast CD-DVD Burning
Plug-in\WMPBurn.exe] -> [2007/03/14 19:20:20 | 01,340,976 | ---- | M] (Nero AG)
wmplayer.exe -> %ProgramFiles%\Windows Media Player\wmplayer.exe [C:\Program Files\Windows Media Player\wmplayer.exe] -> [2004/08/04 01:00:00 |
00,073,728 | ---- | M] (Microsoft Corporation)
WORDPAD.EXE -> %ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2004/08/04 01:00:00
| 00,214,528 | ---- | M] (Microsoft Corporation)
WRITE.EXE -> %ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2004/08/04 01:00:00 |
00,214,528 | ---- | M] (Microsoft Corporation)
XPSViewer.exe -> %SystemRoot%\system32\XPSViewer\XPSViewer.exe ["C:\WINDOWS\system32\XPSViewer\XPSViewer.exe"] -> [2007/10/09 13:03:08 |
00,308,760 | ---- | M] (Microsoft Corporation)
yourapp.Exe -> %SystemRoot%\yourapp.Exe [C:\WINDOWS\yourapp.Exe] -> File not found
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{00022613-0000-0000-C000-000000000046}" [HKLM] -> %SystemRoot%\system32\mmsys.cpl [Multimedia File Property Sheet] -> [2004/08/04 01:00:00 |
00,618,496 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{00BB2763-6A77-11D0-A535-00C04FD7D062}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Microsoft AutoComplete] -> [2008/10/16 03:37:04 |
01,023,488 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{00BB2764-6A77-11D0-A535-00C04FD7D062}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Microsoft History AutoComplete List] -> [2008/10/16
03:37:04 | 01,023,488 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{00BB2765-6A77-11D0-A535-00C04FD7D062}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Microsoft Multiple AutoComplete List Container] ->
[2008/10/16 03:37:04 | 01,023,488 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" [HKLM] -> %SystemRoot%\system32\shimgvw.DLL [Autoplay for SlideShow] -> [2004/08/04 01:00:00 |
00,438,272 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\browseui.dll [&Address] -> [2008/10/16 03:37:04 | 01,023,488 | ---- |
M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{03C036F1-A186-11D0-824A-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Microsoft Shell Folder AutoComplete List] -> [2008/10/16
03:37:04 | 01,023,488 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{0561EC90-CE54-4f0c-9C55-E226110A740C}" [HKLM] -> %SystemRoot%\system32\mmfinfo.dll [Haali Column Provider] -> [2007/12/28 17:04:02 |
00,159,744 | ---- | M] ()
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{07798131-AF23-11d1-9111-00A0C98BA67D}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Web Search] -> [2008/10/16 03:37:04 | 01,023,488 | ----
| M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{08165EA0-E946-11CF-9C87-00AA005127ED}" [HKLM] -> %SystemRoot%\system32\webcheck.dll [WebCheckWebCrawler] -> [2004/08/04 01:00:00 | 00,276,480
| ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{0A89A860-D7B1-11CE-8350-444553540000}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Shell Automation Inproc Service] -> [2008/10/16 03:37:04
| 01,494,528 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{0B124F8F-91F0-11D1-B8B5-006008059382}" [HKLM] -> %SystemRoot%\system32\appwiz.cpl [Installed Apps Enumerator] -> [2004/08/04 01:00:00 |
00,549,888 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}" [HKLM] -> %SystemRoot%\system32\cabview.dll [.CAB file viewer] -> [2004/08/04 01:00:00 | 00,084,480 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}" [HKLM] -> %SystemRoot%\system32\dsuiext.dll [Directory Property UI] -> [2004/08/04 01:00:00 |
00,113,152 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}" [HKLM] -> %SystemRoot%\system32\shell32.DLL [Taskbar and Start Menu] -> [2007/10/25 20:36:52 |
08,454,656 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}" [HKLM] -> %SystemRoot%\system32\docprop2.dll [Microsoft DocProp Inplace Droplist Combo Control] ->
[2004/08/04 01:00:00 | 00,048,128 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}" [HKLM] -> %SystemRoot%\System32\cscui.dll [Offline Files Folder Options] -> [2004/08/04 01:00:00 |
00,326,656 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{131A6951-7F78-11D0-A979-00C04FD705A2}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [ISFBand OC] -> [2008/10/16 03:37:04 | 01,494,528 | ---- |
M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}" [HKLM] -> %SystemRoot%\msagent\agentpsh.dll [Microsoft Agent Character Property Sheet Handler] ->
[2004/08/04 01:00:00 | 00,024,064 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}" [HKLM] -> %SystemRoot%\system32\dsquery.dll [Directory Object Find] -> [2004/08/04 01:00:00 |
00,239,104 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" [HKLM] -> %SystemRoot%\system32\browseui.dll [In-pane search] -> [2008/10/16 03:37:04 | 01,023,488 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{176d6597-26d3-11d1-b350-080036a75b03}" [HKLM] -> %SystemRoot%\system32\icmui.dll [ICM Scanner Management] -> [2004/08/04 01:00:00 |
00,054,784 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" [HKLM] -> %SystemRoot%\system32\nvshell.dll [Desktop Explorer] -> [2007/09/17 01:07:00 | 00,466,944 |
---- | M] ()
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" [HKLM] -> %SystemRoot%\system32\nvshell.dll [Desktop Explorer Menu] -> [2007/09/17 01:07:00 |
00,466,944 | ---- | M] ()
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" [HKLM] -> %SystemRoot%\system32\nvshell.dll [nView Desktop Context Menu] -> [2007/09/17 01:07:00 |
00,466,944 | ---- | M] ()
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}" [HKLM] -> %SystemRoot%\system32\rshx32.dll [NTFS Security Page] -> [2004/08/04 01:00:00 | 00,039,936 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{21569614-B795-46b1-85F4-E737A8DC09AD}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Shell Search Band] -> [2008/10/16 03:37:04 | 01,023,488
| ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" [HKLM] -> %CommonProgramFiles%\System\Ole DB\oledb32.dll [Microsoft Data Link] -> [2004/08/04 01:00:00
| 00,487,424 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Download Status] -> [2008/10/16 03:37:04 | 01,023,488 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Search] -> [2008/10/16 03:37:04 | 01,494,528 | ---- | M]
(Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Help and Support] -> [2008/10/16 03:37:04 | 01,494,528 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Help and Support] -> [2008/10/16 03:37:04 | 01,494,528 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Run...] -> [2008/10/16 03:37:04 | 01,494,528 | ---- | M]
(Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Internet] -> [2008/10/16 03:37:04 | 01,494,528 | ---- |
M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [E-mail] -> [2008/10/16 03:37:04 | 01,494,528 | ---- | M]
(Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Set Program Access and Defaults] -> [2008/10/16 03:37:04
| 01,494,528 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}" [HKLM] -> %SystemRoot%\system32\docprop2.dll [Microsoft DocProp Inplace Time Control] -> [2004/08/04
01:00:00 | 00,048,128 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{30D02401-6A81-11d0-8274-00C04FD5AE38}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Search Band] -> [2008/10/16 03:37:04 | 01,023,488 | ----
| M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{32714800-2E5F-11d0-8B85-00AA0044F941}" [HKLM] -> %ProgramFiles%\Outlook Express\wabfind.dll [For &People...] -> [2004/08/04 01:00:00 |
00,032,768 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{327669A0-59A7-4be9-B99E-1C9F3A57611A}" [HKLM] -> %SystemRoot%\system32\mmfinfo.dll [Haali Matroska Thumbnail Extractor] -> [2007/12/28
17:04:02 | 00,159,744 | ---- | M] ()
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{352EC2B7-8B9A-11D1-B8AE-006008059382}" [HKLM] -> %SystemRoot%\system32\appwiz.cpl [Shell Application Manager] -> [2004/08/04 01:00:00 |
00,549,888 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Microsoft Url History Service] -> [2008/10/16 03:37:04 |
01,494,528 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Shell DeskBarApp] -> [2008/10/16 03:37:04 | 01,023,488 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [The Internet] -> [2008/10/16 03:37:04 | 01,494,528 | ----
| M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" [HKLM] -> %SystemRoot%\system32\docprop.dll [OLE Docfile Property Page] -> [2004/08/04 01:00:00 |
00,046,080 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}" [HKLM] -> %SystemRoot%\system32\shimgvw.dll [GDI+ file thumbnail extractor] -> [2004/08/04 01:00:00 |
00,438,272 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}" [HKLM] -> %SystemRoot%\system32\wiashext.dll [Scanners & Cameras] -> [2004/08/04 01:00:00 | 00,589,312
| ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" [HKLM] -> %SystemRoot%\system32\shmedia.dll [Video Media Properties Handler] -> [2004/08/04 01:00:00 |
00,151,552 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" [HKLM] -> %SystemRoot%\system32\ntshrui.dll [Shell extensions for sharing] -> [2004/08/04 01:00:00 |
00,143,872 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{41E300E0-78B6-11ce-849B-444553540000}" [HKLM] -> %SystemRoot%\system32\themeui.dll [PlusPack CPL Extension] -> [2004/08/04 01:00:00 |
00,385,536 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{42071712-76d4-11d1-8b24-00a0c9068ff3}" [HKLM] -> %SystemRoot%\system32\deskadp.dll [Display Adapter CPL Extension] -> [2004/08/04 01:00:00 |
00,016,384 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{42071713-76d4-11d1-8b24-00a0c9068ff3}" [HKLM] -> %SystemRoot%\system32\deskmon.dll [Display Monitor CPL Extension] -> [2004/08/04 01:00:00 |
00,016,896 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" [HKLM] -> [Display Panning CPL Extension] -> File not found
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{44121072-A222-48f2-A58A-6D9AD51EBBE9}" [HKLM] -> %SystemRoot%\System32\XPSSHHDR.DLL [Microsoft.XPS.Shell.Thumbnail.1] -> [2007/03/23 06:07:54
| 00,583,504 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{45670FA8-ED97-4F44-BC93-305082590BFB}" [HKLM] -> %SystemRoot%\System32\XPSSHHDR.DLL [Microsoft.XPS.Shell.Metadata.1] -> [2007/03/23 06:07:54
| 00,583,504 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}" [HKLM] -> %SystemRoot%\system32\mydocs.dll [MyDocs Properties] -> [2004/08/04 01:00:00 | 00,090,624 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{4E40F770-369C-11d0-8922-00A024AB2DBB}" [HKLM] -> %SystemRoot%\system32\dssec.dll [DS Security Page] -> [2004/08/04 01:00:00 | 00,051,200 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" [HKLM] -> %SystemRoot%\system32\SlayerXP.dll [Compatibility Page] -> [2004/08/04 01:00:00 | 00,025,088
| ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{5574006C-28F5-4a65-A28C-74DE6BFBE0BB}" [HKLM] -> %SystemRoot%\system32\mmfinfo.dll [Haali Matroska Shell Property Page] -> [2007/12/28
17:04:02 | 00,159,744 | ---- | M] ()
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{56117100-C0CD-101B-81E2-00AA004AE837}" [HKLM] -> %SystemRoot%\system32\shscrap.dll [Shell Scrap DataHandler] -> [2004/08/04 01:00:00 |
00,027,648 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{58f1f272-9240-4f51-b6d4-fd63d1618591}" [HKLM] -> %SystemRoot%\system32\netplwiz.dll [Get a Passport Wizard] -> [2004/08/04 01:00:00 |
00,875,008 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{59099400-57FF-11CE-BD94-0020AF85B590}" [HKLM] -> %SystemRoot%\system32\diskcopy.dll [Disk Copy Extension] -> [2004/08/04 01:00:00 |
01,501,696 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{596AB062-B4D2-4215-9F74-E9109B0A8153}" [HKLM] -> %SystemRoot%\system32\twext.dll [Previous Versions Property Page] -> [2004/08/04 01:00:00 |
00,044,032 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}" [HKLM] -> %SystemRoot%\system32\ntlanui2.dll [Shell extensions for Microsoft Windows Network objects]
-> [2004/08/04 01:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}" [HKLM] -> %SystemRoot%\System32\icmui.dll [ICM Monitor Management] -> [2004/08/04 01:00:00 |
00,054,784 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{5E6AB780-7743-11CF-A12B-00AA004AE837}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Microsoft Internet Toolbar] -> [2008/10/16 03:37:04 |
01,023,488 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" [HKLM] -> %SystemRoot%\system32\wuaucpl.cpl [Auto Update Property Sheet Extension] -> [2008/10/16
14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{60254CA5-953B-11CF-8C96-00AA00B8708C}" [HKLM] -> %SystemRoot%\system32\wshext.dll [Shell extensions for Windows Script Host] -> [2004/08/04
01:00:00 | 00,065,536 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{60fd46de-f830-4894-a628-6fa81bc0190d}" [HKLM] -> %SystemRoot%\system32\photowiz.dll [%DESC_PublishDropTarget%] -> [2004/08/04 01:00:00 |
00,176,128 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{62AE1F9A-126A-11D0-A14B-0800361B1103}" [HKLM] -> %SystemRoot%\system32\dsuiext.dll [Directory Context Menu Verbs] -> [2004/08/04 01:00:00 |
00,113,152 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{63da6ec0-2e98-11cf-8d82-444553540000}" [HKLM] -> %SystemRoot%\system32\msieftp.dll [FTP Folders Webview] -> [2004/08/04 01:00:00 | 00,248,832
| ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{6413BA2C-B461-11d1-A18A-080036B11A03}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Augmented Shell Folder 2] -> [2008/10/16 03:37:04 |
01,023,488 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}" [HKLM] -> %SystemRoot%\system32\shimgvw.dll [Shell Image Data Factory] -> [2004/08/04 01:00:00 |
00,438,272 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{6756A641-DE71-11d0-831B-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\browseui.dll [MRU AutoComplete List] -> [2008/10/16 03:37:04 |
01,023,488 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{675F097E-4C4D-11D0-B6C1-0800091AA605}" [HKLM] -> %SystemRoot%\system32\icmui.dll [ICM Printer Management] -> [2004/08/04 01:00:00 |
00,054,784 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [CDF Extension Copy Hook] -> [2008/10/16 03:37:04 |
01,494,528 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}" [HKLM] -> %SystemRoot%\system32\extmgr.dll [Extensions Manager Folder] -> [2008/10/16 03:37:02 |
00,055,808 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Custom MRU AutoCompleted List] -> [2008/10/16 03:37:04 |
01,023,488 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{6A205B57-2567-4A2C-B881-F787FAB579A3}" [HKLM] -> %SystemRoot%\system32\docprop2.dll [Microsoft DocProp Inplace Calendar Control] ->
[2004/08/04 01:00:00 | 00,048,128 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}" [HKLM] -> %SystemRoot%\system32\netplwiz.dll [Shell Publishing Wizard Object] -> [2004/08/04 01:00:00
| 00,875,008 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}" [HKLM] -> %SystemRoot%\system32\NETSHELL.dll [Network Connections] -> [2004/08/04 01:00:00 |
01,708,032 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{7376D660-C583-11d0-A3A5-00C04FD706EC}" [HKLM] -> %SystemRoot%\system32\browseui.dll [TridentImageExtractor] -> [2008/10/16 03:37:04 |
01,023,488 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}" [HKLM] -> %SystemRoot%\system32\cryptext.dll [Crypto PKO Extension] -> [2004/08/04 01:00:00 |
00,053,760 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}" [HKLM] -> %SystemRoot%\system32\cryptext.dll [Crypto Sign Extension] -> [2004/08/04 01:00:00 |
00,053,760 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{750fdf0e-2a26-11d1-a3ea-080036587f03}" [HKLM] -> %SystemRoot%\System32\cscui.dll [Offline Files Menu] -> [2004/08/04 01:00:00 | 00,326,656 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{764BF0E1-F219-11ce-972D-00AA00A14F56}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Shell extensions for file
compression] -> File not found
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{77597368-7b15-11d0-a0c2-080036af3f03}" [HKLM] -> %SystemRoot%\system32\printui.dll [Web Printer Shell Extension] -> [2004/08/04 01:00:00 |
00,560,640 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" [HKLM] -> %SystemRoot%\system32\mstask.dll [Tasks Folder Shell Extension] -> [2004/08/04 01:00:00 |
00,274,944 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{7988B573-EC89-11cf-9C00-00AA00A14F56}" [HKLM] -> %SystemRoot%\system32\dskquoui.dll [Disk Quota UI] -> [2004/08/04 01:00:00 | 00,144,384 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}" [HKLM] -> %SystemRoot%\System32\mmcshext.dll [MMC Icon Handler] -> [2004/08/04 01:00:00 | 00,050,688 |
dinosaur58
2009-01-16, 23:45
Log Continued:
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{7A9D77BD-5403-11d2-8785-2E0420524153}" [HKLM] -> %SystemRoot%\system32\netplwiz.DLL [User Accounts] -> [2004/08/04 01:00:00 | 00,875,008 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Microsoft BrowserBand] -> [2008/10/16 03:37:04 |
01,023,488 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Temporary Internet Files] -> [2008/10/16 03:37:04 |
01,494,528 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Temporary Internet Files] -> [2008/10/16 03:37:04 |
01,494,528 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}" [HKLM] -> %SystemRoot%\system32\webcheck.dll [Code Download Agent] -> [2004/08/04 01:00:00 |
00,276,480 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{7e653215-fa25-46bd-a339-34a2790f3cb7}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Accessible] -> [2008/10/16 03:37:04 | 01,023,488 | ----
| M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] ->
[2007/03/14 11:39:32 | 01,807,920 | ---- | M] (Nero AG)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}" [HKLM] -> %SystemRoot%\system32\webcheck.dll [WebCheck SyncMgr Handler] -> [2004/08/04 01:00:00 |
00,276,480 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{83bbcbf3-b28a-4919-a5aa-73027445d672}" [HKLM] -> %SystemRoot%\system32\wiashext.dll [Scanners & Cameras] -> [2004/08/04 01:00:00 | 00,589,312
| ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Encryption Context Menu] -> File not
found
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{85BBD920-42A0-1069-A2E4-08002B30309D}" [HKLM] -> %SystemRoot%\system32\syncui.dll [Briefcase] -> [2004/08/04 01:00:00 | 00,191,488 | ---- |
M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{871C5380-42A0-1069-A2EA-08002B30309D}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Internet Name Space] -> [2008/10/16 03:37:04 | 01,494,528
| ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" [HKLM] -> %SystemRoot%\system32\shmedia.dll [Audio Media Properties Handler] -> [2004/08/04 01:00:00 |
00,151,552 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" [HKLM] -> %SystemRoot%\system32\shmedia.dll [Avi Properties Handler] -> [2004/08/04 01:00:00 |
00,151,552 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{883373C3-BF89-11D1-BE35-080036B11A03}" [HKLM] -> %SystemRoot%\system32\docprop2.dll [Microsoft DocProp Shell Ext] -> [2004/08/04 01:00:00 |
00,048,128 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{88895560-9AA2-1069-930E-00AA0030EBC8}" [HKLM] -> %SystemRoot%\system32\hticons.dll [HyperTerminal Icon Ext] -> [2004/08/04 01:00:00 |
00,044,544 | ---- | M] (Hilgraeve, Inc.)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}" [HKLM] -> %SystemRoot%\system32\zipfldr.dll [Compressed (zipped) Folder SendTo Target] -> [2004/08/04
01:00:00 | 00,337,920 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{88C6C381-2E85-11D0-94DE-444553540000}" [HKLM] -> %SystemRoot%\system32\occache.dll [ActiveX Cache Folder] -> [2004/08/04 01:00:00 |
00,096,256 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}" [HKLM] -> %SystemRoot%\system32\dsquery.dll [Directory Query UI] -> [2004/08/04 01:00:00 | 00,239,104
| ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{8DD448E6-C188-4aed-AF92-44956194EB1F}" [HKLM] -> %SystemRoot%\system32\wmpshell.dll [Windows Media Player Play as Playlist Context Menu
Handler] -> [2004/08/04 01:00:00 | 00,102,400 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{8EE97210-FD1F-4B19-91DA-67914005F020}" [HKLM] -> %SystemRoot%\system32\docprop2.dll [Microsoft DocProp Inplace ML Edit Box Control] ->
[2004/08/04 01:00:00 | 00,048,128 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{905667aa-acd6-11d2-8080-00805f6596d2}" [HKLM] -> %SystemRoot%\system32\wiashext.dll [Scanners & Cameras] -> [2004/08/04 01:00:00 | 00,589,312
| ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Augmented Shell Folder] -> [2008/10/16 03:37:04 |
01,023,488 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Search Assistant OC] -> [2008/10/16 03:37:04 | 01,494,528
| ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [NeroCoverEd Live Icons]
-> [2007/02/28 19:21:16 | 01,963,568 | ---- | M] (Nero AG)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{992CFFA0-F557-101A-88EC-00DD010CCC48}" [HKLM] -> %SystemRoot%\system32\NETSHELL.dll [Network Connections] -> [2004/08/04 01:00:00 |
01,708,032 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{9DB7A13C-F208-4981-8353-73CC61AE2783}" [HKLM] -> %SystemRoot%\system32\twext.dll [Previous Versions] -> [2004/08/04 01:00:00 | 00,044,032 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}" [HKLM] -> %SystemRoot%\system32\shimgvw.dll [Summary Info Thumbnail handler (DOCFILES)] -> [2004/08/04
01:00:00 | 00,438,272 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}" [HKLM] -> %SystemRoot%\system32\dsquery.dll [Shell properties for a DS object] -> [2004/08/04 01:00:00
| 00,239,104 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}" [HKLM] -> %SystemRoot%\system32\sendmail.dll [Sendmail service] -> [2004/08/04 01:00:00 | 00,055,296 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}" [HKLM] -> %SystemRoot%\system32\sendmail.dll [Sendmail service] -> [2004/08/04 01:00:00 | 00,055,296 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> [2008/11/12 11:52:56 |
00,050,688 | ---- | M] (GRISOFT, s.r.o.)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Find Extension] -> [2008/11/12 11:52:56 |
00,050,688 | ---- | M] (GRISOFT, s.r.o.)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{A08C11D2-A228-11d0-825B-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Address EditBox] -> [2008/10/16 03:37:04 | 01,023,488 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [IE4 Suite Splash Screen] -> [2008/10/16 03:37:04 |
01,494,528 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Microsoft Browser Architecture] -> [2008/10/16 03:37:04 |
01,494,528 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" [HKLM] -> %SystemRoot%\system32\shmedia.dll [Midi Properties Handler] -> [2004/08/04 01:00:00 |
00,151,552 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7}" [HKLM] -> %ProgramFiles%\TeraCopy\TeraCopy.dll [TeraCopy] -> [2007/06/21 21:26:50 | 00,324,608 | ----
| M] ()
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{A70C977A-BF00-412C-90B7-034C51DA2439}" [HKLM] -> %SystemRoot%\system32\nvcpl.dll [NvCpl DesktopContext Class] -> [2007/09/17 01:07:00 |
08,491,008 | ---- | M] (NVIDIA Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}" [HKLM] -> %SystemRoot%\system32\docprop2.dll [Microsoft DocProp Inplace Edit Box Control] ->
[2004/08/04 01:00:00 | 00,048,128 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}" [HKLM] -> %SystemRoot%\system32\webcheck.dll [Subscription Mgr] -> [2004/08/04 01:00:00 | 00,276,480 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{acf35015-526e-4230-9596-becbe19f0ac9}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Track Popup Bar] -> [2008/10/16 03:37:04 | 01,023,488 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{add36aa8-751a-4579-a266-d66f5202ccbb}" [HKLM] -> %SystemRoot%\system32\netplwiz.dll [Print Ordering via the Web] -> [2004/08/04 01:00:00 |
00,875,008 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Registry Tree Options Utility] -> [2008/10/16 03:37:04 |
01,023,488 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}" [HKLM] -> %SystemRoot%\System32\cscui.dll [Offline Files Folder] -> [2004/08/04 01:00:00 | 00,326,656
| ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{B327765E-D724-4347-8B16-78AE18552FC3}" [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] -> [2007/03/14
11:39:32 | 01,807,920 | ---- | M] (Nero AG)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" [HKLM] -> %ProgramFiles%\WinRAR\rarext.dll [WinRAR shell extension] -> [2006/12/03 14:53:06 |
00,126,464 | ---- | M] ()
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{B7056B8E-4F99-44f8-8CBD-282390FE5428}" [HKLM] -> %ProgramFiles%\VirtualCloneDrive\ElbyVCDShell.dll [VirtualCloneDrive] -> [2006/02/18
17:46:16 | 00,069,632 | ---- | M] (Elaborate Bytes AG)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{BD472F60-27FA-11cf-B8B4-444553540000}" [HKLM] -> %SystemRoot%\system32\zipfldr.dll [Compressed (zipped) Folder Right Drag Handler] ->
[2004/08/04 01:00:00 | 00,337,920 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{BD84B380-8CA2-1069-AB1D-08000948F534}" [HKLM] -> %SystemRoot%\system32\fontext.dll [Fonts] -> [2004/08/04 01:00:00 | 00,382,976 | ---- | M]
(Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{c5a40261-cd64-4ccf-84cb-c394da41d590}" [HKLM] -> %SystemRoot%\system32\shmedia.dll [Video Thumbnail Extractor] -> [2004/08/04 01:00:00 |
00,151,552 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}" [HKLM] -> %SystemRoot%\system32\netplwiz.dll [Web Publishing Wizard] -> [2004/08/04 01:00:00 |
00,875,008 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" [HKLM] -> %SystemRoot%\system32\wmpshell.dll [Windows Media Player Burn Audio CD Context Menu Handler]
-> [2004/08/04 01:00:00 | 00,102,400 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Microsoft Url Search Hook] -> [2008/10/16 03:37:04 |
01,494,528 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{CFCCC7A0-A282-11D1-9082-006008059382}" [HKLM] -> %SystemRoot%\system32\appwiz.cpl [Darwin App Publisher] -> [2004/08/04 01:00:00 | 00,549,888
| ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{D20EA4E1-3957-11d2-A40B-0C5020524152}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Fonts] -> [2008/10/16 03:37:04 | 01,494,528 | ---- | M]
(Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{D20EA4E1-3957-11d2-A40B-0C5020524153}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Administrative Tools] -> [2008/10/16 03:37:04 |
01,494,528 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" [HKLM] -> %SystemRoot%\system32\mstask.dll [Scheduled Tasks] -> [2004/08/04 01:00:00 | 00,274,944 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}" [HKLM] -> %SystemRoot%\system32\webcheck.dll [PostAgent] -> [2004/08/04 01:00:00 | 00,276,480 | ---- |
M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" [HKLM] -> %SystemRoot%\system32\icmui.dll [ICC Profile] -> [2004/08/04 01:00:00 | 00,054,784 | ---- |
M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" [HKLM] -> %SystemRoot%\system32\mstask.dll [Tasks Folder Icon Handler] -> [2004/08/04 01:00:00 |
00,274,944 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" [HKLM] -> %SystemRoot%\system32\browseui.dll [User Assist] -> [2008/10/16 03:37:04 | 01,023,488 | ----
| M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}" [HKLM] -> %SystemRoot%\system32\wiashext.dll [Scanners & Cameras] -> [2004/08/04 01:00:00 | 00,589,312
| ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" [HKLM] -> %SystemRoot%\system32\dfshim.dll [Shell Icon Handler for Application References] ->
[2007/10/24 01:47:28 | 00,096,760 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}" [HKLM] -> %SystemRoot%\system32\webcheck.dll [WebCheckChannelAgent] -> [2004/08/04 01:00:00 |
00,276,480 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}" [HKLM] -> %SystemRoot%\system32\shmedia.dll [Wav Properties Handler] -> [2004/08/04 01:00:00 |
00,151,552 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{E4D8441D-F89C-4b5c-90AC-A857E1768F1F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Haali Matroska Thumbnail Exctractor]
-> File not found
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" [HKLM] -> %SystemRoot%\system32\upnpui.dll [Universal Plug and Play Devices] -> [2004/08/04 01:00:00 |
00,239,616 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}" [HKLM] -> %SystemRoot%\system32\webcheck.dll [ConnectionAgent] -> [2004/08/04 01:00:00 | 00,276,480 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> %SystemRoot%\system32\webcheck.dll [WebCheck] -> [2004/08/04 01:00:00 | 00,276,480 | ---- |
M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Shell DocObject Viewer] -> [2008/10/16 03:37:04 |
01,494,528 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" [HKLM] -> %SystemRoot%\system32\dfshim.dll [ShellLink for Application References] -> [2007/10/24
01:47:28 | 00,096,760 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{e84fda7c-1d6a-45f6-b725-cb260c236066}" [HKLM] -> %SystemRoot%\system32\shimgvw.dll [Shell Image Verbs] -> [2004/08/04 01:00:00 | 00,438,272 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}" [HKLM] -> %SystemRoot%\system32\zipfldr.dll [Compressed (zipped) Folder] -> [2004/08/04 01:00:00 |
00,337,920 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}" [HKLM] -> %SystemRoot%\system32\webcheck.dll [TrayAgent] -> [2004/08/04 01:00:00 | 00,276,480 | ---- |
M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{EAB841A0-9550-11cf-8C16-00805F1408F3}" [HKLM] -> %SystemRoot%\system32\shimgvw.dll [HTML Thumbnail Extractor] -> [2004/08/04 01:00:00 |
00,438,272 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}" [HKLM] -> %SystemRoot%\system32\shimgvw.dll [Shell Image Property Handler] -> [2004/08/04 01:00:00 |
00,438,272 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}" [HKLM] -> %SystemRoot%\system32\dfsshlex.dll [DfsShell] -> [2004/08/04 01:00:00 | 00,028,672 | ---- |
M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Shell DeskBar] -> [2008/10/16 03:37:04 | 01,023,488 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Shell Rebar BandSite] -> [2008/10/16 03:37:04 |
01,023,488 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Shell Band Site Menu] -> [2008/10/16 03:37:04 |
01,023,488 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{ECF03A32-103D-11d2-854D-006008059367}" [HKLM] -> %SystemRoot%\system32\mydocs.dll [MyDocs Drop Target] -> [2004/08/04 01:00:00 | 00,090,624 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{ECF03A33-103D-11d2-854D-006008059367}" [HKLM] -> %SystemRoot%\system32\mydocs.dll [MyDocs Copy Hook] -> [2004/08/04 01:00:00 | 00,090,624 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Global Folder Settings] -> [2008/10/16 03:37:04 |
01,023,488 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Favorites Band] -> [2008/10/16 03:37:04 | 01,494,528 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [Explorer Band] -> [2008/10/16 03:37:04 | 01,494,528 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{F0152790-D56E-4445-850E-4F3117DB740C}" [HKLM] -> %SystemRoot%\system32\remotepg.dll [Remote Sessions CPL Extension] -> [2004/08/04 01:00:00 |
00,060,416 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{F020E586-5264-11d1-A532-0000F8757D7E}" [HKLM] -> %SystemRoot%\system32\dsquery.dll [Directory Start/Search Find] -> [2004/08/04 01:00:00 |
00,239,104 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] ->
[2007/10/23 23:59:20 | 00,054,848 | ---- | M] (RealNetworks, Inc.)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}" [HKLM] -> %SystemRoot%\system32\wmpshell.dll [Windows Media Player Add to Playlist Context Menu
Handler] -> [2004/08/04 01:00:00 | 00,102,400 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" [HKLM] -> %SystemRoot%\system32\rshx32.dll [Printers Security Page] -> [2004/08/04 01:00:00 |
00,039,936 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}" [HKLM] -> %SystemRoot%\system32\cdfview.dll [Channel File] -> [2008/10/16 03:37:02 | 00,151,040 | ----
| M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}" [HKLM] -> %SystemRoot%\system32\cdfview.dll [Channel Shortcut] -> [2008/10/16 03:37:02 | 00,151,040 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}" [HKLM] -> %SystemRoot%\system32\cdfview.dll [Channel Handler Object] -> [2008/10/16 03:37:02 |
00,151,040 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}" [HKLM] -> %SystemRoot%\system32\cdfview.dll [Channel Menu] -> [2008/10/16 03:37:02 | 00,151,040 | ----
| M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}" [HKLM] -> %SystemRoot%\system32\cdfview.dll [Channel Properties] -> [2008/10/16 03:37:02 | 00,151,040
| ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{F5175861-2688-11d0-9C5E-00AA00A45957}" [HKLM] -> %SystemRoot%\system32\webcheck.dll [Subscription Folder] -> [2004/08/04 01:00:00 |
00,276,480 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\browseui.dll [BandProxy] -> [2008/10/16 03:37:04 | 01,023,488 | ---- |
M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" [HKLM] -> %SystemRoot%\system32\ntshrui.dll [Shell extensions for sharing] -> [2004/08/04 01:00:00 |
00,143,872 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}" [HKLM] -> %SystemRoot%\system32\deskperf.dll [Display TroubleShoot CPL Extension] -> [2004/08/04
01:00:00 | 00,018,432 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" [HKLM] -> %SystemRoot%\system32\wiashext.dll [Scanners & Cameras] -> [2004/08/04 01:00:00 | 00,589,312
| ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [InternetShortcut] -> [2008/10/16 03:37:04 | 01,494,528 |
---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{FF393560-C2A7-11CF-BFF4-444553540000}" [HKLM] -> %SystemRoot%\system32\shdocvw.dll [History] -> [2008/10/16 03:37:04 | 01,494,528 | ---- | M]
(Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
->
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" [HKLM] -> %SystemRoot%\system32\nvcpl.dll [Play on my TV helper] -> [2007/09/17 01:07:00 | 08,491,008
| ---- | M] (NVIDIA Corporation)
< Approved Shell Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ->
"" [HKLM] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< Approved Shell Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ->
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}" [HKLM] -> %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Web Folders] -> [2001/05/19
22:57:40 | 00,561,209 | ---- | M] ()
< Approved Shell Extensions [HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\] > ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ->
"" [HKLM] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< Approved Shell Extensions [HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\] > ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ->
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}" [HKLM] -> %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Web Folders] -> [2001/05/19
22:57:40 | 00,561,209 | ---- | M] ()
< ColumnHandlers - Folder [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ ->
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> %SystemRoot%\system32\mmfinfo.dll [Haali Column Provider] -> [2007/12/28 17:04:02 | 00,159,744
| ---- | M] ()
{7D4D6379-F301-4311-BEBA-E26EB0561882} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalColumnHandler Class] ->
[2007/03/14 11:39:32 | 01,807,920 | ---- | M] (Nero AG)
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\PDFShell.dll [PDF Shell Extension] -> [2008/06/11
22:49:10 | 00,378,200 | ---- | M] (Adobe Systems, Inc.)
< ContextMenuHandlers - * [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shell\ ->
sdfiles -> %ProgramFiles%\Spybot - Search & Destroy\SDFiles.exe ["C:\Program Files\Spybot - Search & Destroy\SDFiles.exe" "%1" /ask] ->
[2008/07/07 09:36:46 | 01,430,016 | ---- | M] (Safer Networking Limited)
TeraCopy -> %ProgramFiles%\TeraCopy\add.exe [C:\Program Files\TeraCopy\add.exe Add "%L"] -> [2007/08/07 05:59:46 | 00,041,472 | ---- | M] ()
< ContextMenuHandlers - * [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ ->
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> [2007/03/14
19:19:16 | 00,079,408 | ---- | M] (Nero AG)
< ContextMenuHandlers - * [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ ->
(AVG Anti-Spyware):{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [CContextScan
Object] -> [2008/03/25 19:48:24 | 00,144,944 | ---- | M] (GRISOFT s.r.o.)
< ContextMenuHandlers - * [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ ->
(AVG7 Shell Extension):{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension Class]
-> [2008/11/12 11:52:56 | 00,050,688 | ---- | M] (GRISOFT, s.r.o.)
< ContextMenuHandlers - * [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ ->
(Cover Designer):{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
[NeroCoverEdContextMenu Class] -> [2007/02/28 19:21:16 | 01,963,568 | ---- | M] (Nero AG)
< ContextMenuHandlers - * [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ ->
(MagicISO):{DB85C504-C730-49DD-BEC1-7B39C6103B7A} [HKLM] -> %ProgramFiles%\MagicISO\misosh.dll [MShellExtMenu Class] -> [2006/06/05 14:06:22 |
00,020,992 | ---- | M] (MagicISO, Inc.)
< ContextMenuHandlers - * [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ ->
(Offline Files):{750fdf0e-2a26-11d1-a3ea-080036587f03} [HKLM] -> %SystemRoot%\System32\cscui.dll [Offline Files Menu] -> [2004/08/04 01:00:00 |
00,326,656 | ---- | M] (Microsoft Corporation)
< ContextMenuHandlers - * [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ ->
(ShellExtension): [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Value does not exist or could not be read.] ->
File not found
< ContextMenuHandlers - * [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ ->
(WinRAR):{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\rarext.dll [WinRAR] -> [2006/12/03 14:53:06 | 00,126,464 | ----
| M] ()
< ContextMenuHandlers - AllFilesystemObjects [HKEY_LOCAL_MACHINE\] > ->
HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ ->
(MBAMShlExt):{57CE581A-0CB6-4266-9CA0-19364C90A0B3} [HKLM] -> %ProgramFiles%\Malwarebytes' Anti-Malware\mbamext.dll [MBAMShlExt Class] ->
[2008/09/08 00:11:02 | 00,073,392 | ---- | M] (Malwarebytes Corporation)
< ContextMenuHandlers - Directory [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shell\ ->
find -> %SystemRoot%\Explorer.exe [%SystemRoot%\Explorer.exe] -> [2007/06/13 03:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation)
< ContextMenuHandlers - Directory [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ ->
(AVG Anti-Spyware):{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [CContextScan
Object] -> [2008/03/25 19:48:24 | 00,144,944 | ---- | M] (GRISOFT s.r.o.)
< ContextMenuHandlers - Directory [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ ->
(MagicISO):{DB85C504-C730-49DD-BEC1-7B39C6103B7A} [HKLM] -> %ProgramFiles%\MagicISO\misosh.dll [MShellExtMenu Class] -> [2006/06/05 14:06:22 |
00,020,992 | ---- | M] (MagicISO, Inc.)
< ContextMenuHandlers - Directory [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ ->
(Offline Files):{750fdf0e-2a26-11d1-a3ea-080036587f03} [HKLM] -> %SystemRoot%\System32\cscui.dll [Offline Files Menu] -> [2004/08/04 01:00:00 |
00,326,656 | ---- | M] (Microsoft Corporation)
< ContextMenuHandlers - Directory [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ ->
(Sharing):{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} [HKLM] -> %SystemRoot%\system32\ntshrui.dll [Shell extensions for sharing] -> [2004/08/04
01:00:00 | 00,143,872 | ---- | M] (Microsoft Corporation)
< ContextMenuHandlers - Directory [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ ->
(ShellExtension): [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Value does not exist or could not be read.] ->
File not found
< ContextMenuHandlers - Directory [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ ->
(WinRAR):{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\rarext.dll [WinRAR] -> [2006/12/03 14:53:06 | 00,126,464 | ----
| M] ()
< ContextMenuHandlers - Directory\Background [HKEY_LOCAL_MACHINE\] > ->
HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ ->
(00nView):{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %SystemRoot%\system32\nvshell.dll [nView Desktop Context Menu] -> [2007/09/17
01:07:00 | 00,466,944 | ---- | M] ()
< ContextMenuHandlers - Directory\Background [HKEY_LOCAL_MACHINE\] > ->
HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ ->
(NvCplDesktopContext):{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %SystemRoot%\system32\nvcpl.dll [DesktopContext Class] -> [2007/09/17
01:07:00 | 08,491,008 | ---- | M] (NVIDIA Corporation)
< ContextMenuHandlers - Folder [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shell\ ->
explore -> %SystemRoot%\Explorer.exe [%SystemRoot%\Explorer.exe /e,/idlist,%I,%L] -> [2007/06/13 03:23:08 | 01,033,216 | ---- | M] (Microsoft
Corporation)
open -> %SystemRoot%\Explorer.exe [%SystemRoot%\Explorer.exe /idlist,%I,%L] -> [2007/06/13 03:23:08 | 01,033,216 | ---- | M] (Microsoft
Corporation)
sdfiles -> %ProgramFiles%\Spybot - Search & Destroy\SDFiles.exe ["C:\Program Files\Spybot - Search & Destroy\SDFiles.exe" "%1" /ask] ->
[2008/07/07 09:36:46 | 01,430,016 | ---- | M] (Safer Networking Limited)
TeraCopy -> %ProgramFiles%\TeraCopy\add.exe [C:\Program Files\TeraCopy\add.exe Add "%L"] -> [2007/08/07 05:59:46 | 00,041,472 | ---- | M] ()
< ContextMenuHandlers - Folder [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ ->
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> [2007/03/14
19:19:16 | 00,079,408 | ---- | M] (Nero AG)
< ContextMenuHandlers - Folder [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ ->
(AVG7 Shell Extension):{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension Class]
-> [2008/11/12 11:52:56 | 00,050,688 | ---- | M] (GRISOFT, s.r.o.)
< ContextMenuHandlers - Folder [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ ->
(MagicISO):{DB85C504-C730-49DD-BEC1-7B39C6103B7A} [HKLM] -> %ProgramFiles%\MagicISO\misosh.dll [MShellExtMenu Class] -> [2006/06/05 14:06:22 |
00,020,992 | ---- | M] (MagicISO, Inc.)
< ContextMenuHandlers - Folder [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ ->
(MBAMShlExt):{57CE581A-0CB6-4266-9CA0-19364C90A0B3} [HKLM] -> %ProgramFiles%\Malwarebytes' Anti-Malware\mbamext.dll [MBAMShlExt Class] ->
[2008/09/08 00:11:02 | 00,073,392 | ---- | M] (Malwarebytes Corporation)
< ContextMenuHandlers - Folder [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ ->
(WinRAR):{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\rarext.dll [WinRAR] -> [2006/12/03 14:53:06 | 00,126,464 | ----
| M] ()
< ControlSets > -> HKEY_LOCAL_MACHINE\SYSTEM\Select ->
HKEY_LOCAL_MACHINE\SYSTEM\Select
\\"Current" -> [2] -> File not found
\\"Default" -> [2] -> File not found
\\"Failed" -> [1] -> File not found
\\"LastKnownGood" -> [4] -> File not found
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^DOCUME~1^ADMINI~1.COM^Start Menu^Programs^Startup^QuickShelf 2000.lnk -> %SystemDrive%\PROGRA~1\MICROS~4\BOOKSH~1\qshelf2k.exe ->
[2007/10/24 23:54:04 | 00,110,592 | ---- | M] (Microsoft Corporation)
C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk ->
%SystemDrive%\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE -> [2000/10/11 18:08:00 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk -> %SystemDrive%\PROGRA~1\MICROS~2\Office\OSA9.EXE
-> [1999/02/17 14:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->
"bootini" -> 0 ->
"services" -> 0 ->
"startup" -> 2 ->
"system.ini" -> 0 ->
"win.ini" -> 0 ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2005/05/26 16:22:02 | 00,010,752 | ---- | M] (Microsoft Corporation)
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = ComFile] -> "%1" %* ->
.cpl [@ = cplfile] -> %SystemRoot%\system32\shell32.DLL -> [2007/10/25 20:36:52 | 08,454,656 | ---- | M] (Microsoft Corporation)
.exe [@ = exefile] -> "%1" %* ->
.hlp [@ = hlpfile] -> %SystemRoot%\System32\winhlp32.exe -> [2004/08/04 01:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation)
.hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2004/08/04 01:00:00 | 00,029,184 | ---- | M] (Microsoft Corporation)
.html [@ = FirefoxHTML] -> %SystemDrive%\PROGRA~1\MOZILL~1\FIREFOX.EXE -> [2008/07/23 20:12:36 | 07,667,312 | ---- | M] (Mozilla Corporation)
.inf [@ = inffile] -> %SystemRoot%\System32\NOTEPAD.EXE -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
.ini [@ = inifile] -> %SystemRoot%\System32\NOTEPAD.EXE -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
.url [@ = InternetShortcut] -> %SystemRoot%\system32\shdocvw.DLL -> [2008/10/16 03:37:04 | 01,494,528 | ---- | M] (Microsoft Corporation)
.js [@ = JSFile] -> %SystemRoot%\System32\WScript.exe -> [2004/08/04 01:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
.jse [@ = JSEFile] -> %SystemRoot%\System32\WScript.exe -> [2004/08/04 01:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* ->
.reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2004/08/04 01:00:00 | 00,146,432 | ---- | M] (Microsoft Corporation)
.scr [@ = scrfile] -> "%1" /S ->
.txt [@ = txtfile] -> %SystemRoot%\system32\NOTEPAD.EXE -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
.vbe [@ = VBEFile] -> %SystemRoot%\System32\WScript.exe -> [2004/08/04 01:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
.vbs [@ = VBSFile] -> %SystemRoot%\System32\WScript.exe -> [2004/08/04 01:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
.wsf [@ = WSFFile] -> %SystemRoot%\System32\WScript.exe -> [2004/08/04 01:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
.wsh [@ = WSHFile] -> %SystemRoot%\System32\WScript.exe -> [2004/08/04 01:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> [] ->
HidServ -> C:\WINDOWS\System32\hidserv.dll [C:\WINDOWS\System32\hidserv.dll] -> File not found
Ias -> [] ->
Iprip -> [] ->
Irmon -> [] ->
NWCWorkstation -> [] ->
Nwsapagent -> [] ->
WmdmPmSp -> [] ->
helpsvc -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll] -> [2004/08/04 01:00:00 |
00,038,912 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< NeverShowExt [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Classes\ ->
lnkfile\\"NeverShowExt" -> ->
piffile\\"NeverShowExt" -> ->
SHCmdFile\\"NeverShowExt" -> ->
< Hidden File Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden
->
dinosaur58
2009-01-16, 23:47
Log file conclusion:
\\"Text" -> %SystemRoot%\system32\shell32.dll [@shell32.dll,-30499] -> [2007/10/25 20:36:52 | 08,454,656 | ---- | M] (Microsoft Corporation)
\\"Type" -> [group] -> File not found
\\"Bitmap" -> %SystemRoot%\system32\SHELL32.dll [%SystemRoot%\system32\SHELL32.dll,4] -> [2007/10/25 20:36:52 | 08,454,656 | ---- | M]
(Microsoft Corporation)
\\"HelpID" -> [shell.hlp#51131] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN
\NOHIDDEN\\"RegPath" -> [Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] -> File not found
\NOHIDDEN\\"Text" -> %SystemRoot%\system32\shell32.dll [@shell32.dll,-30501] -> [2007/10/25 20:36:52 | 08,454,656 | ---- | M] (Microsoft
Corporation)
\NOHIDDEN\\"Type" -> [radio] -> File not found
\NOHIDDEN\\"CheckedValue" -> [2] -> File not found
\NOHIDDEN\\"ValueName" -> [Hidden] -> File not found
\NOHIDDEN\\"DefaultValue" -> [2] -> File not found
\NOHIDDEN\\"HKeyRoot" -> [-2147483647] -> File not found
\NOHIDDEN\\"HelpID" -> [shell.hlp#51104] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
\SHOWALL\\"RegPath" -> [Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] -> File not found
\SHOWALL\\"Text" -> %SystemRoot%\system32\shell32.dll [@shell32.dll,-30500] -> [2007/10/25 20:36:52 | 08,454,656 | ---- | M] (Microsoft
Corporation)
\SHOWALL\\"Type" -> [radio] -> File not found
\SHOWALL\\"CheckedValue" -> [1] -> File not found
\SHOWALL\\"ValueName" -> [Hidden] -> File not found
\SHOWALL\\"DefaultValue" -> [2] -> File not found
\SHOWALL\\"HKeyRoot" -> [-2147483647] -> File not found
\SHOWALL\\"HelpID" -> [shell.hlp#51105] -> File not found
< Hidden File Settings [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
\\"Type" -> [checkbox] -> File not found
\\"Text" -> %SystemRoot%\system32\shell32.dll [@shell32.dll,-30503] -> [2007/10/25 20:36:52 | 08,454,656 | ---- | M] (Microsoft Corporation)
\\"HKeyRoot" -> [-2147483647] -> File not found
\\"RegPath" -> [Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] -> File not found
\\"ValueName" -> [HideFileExt] -> File not found
\\"CheckedValue" -> [1] -> File not found
\\"UncheckedValue" -> [0] -> File not found
\\"DefaultValue" -> [1] -> File not found
\\"HelpID" -> [shell.hlp#51101] -> File not found
< Hidden File Settings [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
\\"Type" -> [checkbox] -> File not found
\\"Text" -> %SystemRoot%\system32\shell32.dll [@shell32.dll,-30508] -> [2007/10/25 20:36:52 | 08,454,656 | ---- | M] (Microsoft Corporation)
\\"WarningIfNotDefault" -> %SystemRoot%\system32\shell32.dll [@shell32.dll,-28964] -> [2007/10/25 20:36:52 | 08,454,656 | ---- | M] (Microsoft
Corporation)
\\"HKeyRoot" -> [-2147483647] -> File not found
\\"RegPath" -> [Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] -> File not found
\\"ValueName" -> [ShowSuperHidden] -> File not found
\\"CheckedValue" -> [0] -> File not found
\\"UncheckedValue" -> [1] -> File not found
\\"DefaultValue" -> [0] -> File not found
\\"HelpID" -> [shell.hlp#51103] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden
\Policy\DontShowSuperHidden\\"" -> [] -> File not found
< Hidden File Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ->
\\"Hidden" -> 1 ->
\\"HideFileExt" -> 0 ->
\\"ShowSuperHidden" -> 1 ->
< Print Monitors [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\ ->
BJ Language Monitor -> %SystemRoot%\system32\cnbjmon.dll -> [2004/08/04 01:00:00 | 00,047,104 | ---- | M] (Microsoft Corporation)
Local Port -> %SystemRoot%\system32\localspl.dll -> [2004/08/04 01:00:00 | 00,341,504 | ---- | M] (Microsoft Corporation)
PJL Language Monitor -> %SystemRoot%\system32\pjlmon.dll -> [2004/08/04 01:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation)
Standard TCP/IP Port -> %SystemRoot%\system32\tcpmon.dll -> [2004/08/04 01:00:00 | 00,045,568 | ---- | M] (Microsoft Corporation)
USB Monitor -> %SystemRoot%\system32\usbmon.dll -> [2004/08/04 01:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKLM] -> No CLSID value
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL[Microsoft OLE DB
Moniker Binder for Internet Publishing] -> [2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation)
msdaipp: [HKLM] -> No CLSID value
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL[Microsoft OLE DB
Moniker Binder for Internet Publishing] -> [2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL[MSDAIPP.BINDER] ->
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation)
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
AVG Anti-Spyware Driver -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [2008/03/25 19:48:24 | 00,011,000 | ---- | M] ()
AVG Anti-Spyware Guard -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> [2008/03/25 19:48:26 | 00,312,880 | ---- | M] (GRISOFT
s.r.o.)
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vga.sys -> Driver
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{1a3e09be-1e45-494b-9174-d7385b45bbf5} -> Reg Error: Value does not exist or could not be read.
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
AVG Anti-Spyware Driver -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [2008/03/25 19:48:24 | 00,011,000 | ---- | M] ()
AVG Anti-Spyware Guard -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> [2008/03/25 19:48:26 | 00,312,880 | ---- | M] (GRISOFT
s.r.o.)
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
rdpdd.sys -> %SystemRoot%\System32\rdpdd.dll -> [2004/08/04 01:00:00 | 00,092,168 | ---- | M] (Microsoft Corporation)
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"FirstRunDisabled" -> [1] -> File not found
\\"AntiVirusDisableNotify" -> [0] -> File not found
\\"FirewallDisableNotify" -> [0] -> File not found
\\"UpdatesDisableNotify" -> [1] -> File not found
\\"AntiVirusOverride" -> [0] -> File not found
\\"FirewallOverride" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" -> [1] -> File not found
\\"DoNotAllowExceptions" -> [0] -> File not found
\\"DisableNotifications" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->
"BootExecute" -> autocheck autochk *; ->
"ExcludeFromKnownDlls" -> ->
*ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories ->
\Windows -> -> File not found
\RPC Control -> -> File not found
*MultiFile Done* -> ->
*PendingFileRenameOperations* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\PendingFileRenameOperations ->
\??\C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7upd\install.1\upd_vers.cfg [\??\C:\Documents and
Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7upd\install.1\upd_vers.cfg] -> %AllUsersProfile%\Application
Data\Grisoft\Avg7Data\avg7upd\install.1\upd_vers.cfg [%AllUsersProfile%\Application Data\Grisoft\Avg7Data\avg7upd\install.1\upd_vers.cfg] ->
File not found
!\??\C:\Program Files\Grisoft\AVG Free\upd_vers.cfg [!\??\C:\Program Files\Grisoft\AVG Free\upd_vers.cfg] -> [] -> File not found
\??\C:\Program Files\Grisoft\AVG Free\wait4sd [\??\C:\Program Files\Grisoft\AVG Free\wait4sd] -> [] -> File not found
*MultiFile Done* -> ->
< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Environment ->
"ComSpec" -> C:\WINDOWS\system32\cmd.exe -> [2004/08/04 01:00:00 | 00,388,608 | ---- | M] (Microsoft Corporation)
"TEMP" -> %SystemRoot%\TEMP ->
"TMP" -> %SystemRoot%\TEMP ->
"windir" -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
%systemroot%\system32 -> %SystemRoot%\system32 -> [2007/10/23 00:21:28 | 00,000,000 | ---D | M]
%systemroot% -> %SystemRoot% -> [2007/10/23 00:21:28 | 00,000,000 | ---D | M]
%systemroot%\system32\wbem -> %SystemRoot%\system32\wbem -> [2007/10/23 00:21:28 | 00,000,000 | ---D | M]
C:\Program Files\QuickTime\QTSystem -> %ProgramFiles%\QuickTime\QTSystem -> [2008/08/18 23:18:24 | 00,000,000 | ---D | M]
C:\Program Files\Smart Projects\IsoBuster -> %ProgramFiles%\Smart Projects\IsoBuster -> [2008/03/26 03:55:36 | 00,000,000 | ---D | M]
C:\Program Files\Support Tools -> -> File not found
*MultiFile Done* -> ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> -> File not found
.EXE -> -> File not found
.BAT -> -> File not found
.CMD -> -> File not found
.VBS -> -> File not found
.VBE -> -> File not found
.JS -> -> File not found
.JSE -> -> File not found
.WSF -> -> File not found
.WSH -> -> File not found
*MultiFile Done* -> ->
< Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\FileRenameOperations ->
< Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls ->
"advapi32" -> C:\WINDOWS\system32\advapi32.dll -> [2004/08/04 01:00:00 | 00,616,960 | ---- | M] (Microsoft Corporation)
"comdlg32" -> C:\WINDOWS\system32\comdlg32.dll -> [2004/08/04 01:00:00 | 00,276,992 | ---- | M] (Microsoft Corporation)
"DllDirectory" -> C:\WINDOWS\system32 -> [2007/10/23 00:21:28 | 00,000,000 | ---D | M]
"gdi32" -> C:\WINDOWS\system32\gdi32.dll -> [2008/10/23 06:01:36 | 00,283,648 | ---- | M] (Microsoft Corporation)
"imagehlp" -> C:\WINDOWS\system32\imagehlp.dll -> [2004/08/04 01:00:00 | 00,144,384 | ---- | M] (Microsoft Corporation)
"kernel32" -> C:\WINDOWS\system32\kernel32.dll -> [2007/04/16 08:52:54 | 00,984,576 | ---- | M] (Microsoft Corporation)
"lz32" -> C:\WINDOWS\system32\lz32.dll -> [2004/08/04 01:00:00 | 00,002,560 | ---- | M] (Microsoft Corporation)
"ole32" -> C:\WINDOWS\system32\ole32.dll -> [2005/07/25 21:39:48 | 01,285,120 | ---- | M] (Microsoft Corporation)
"oleaut32" -> C:\WINDOWS\system32\oleaut32.dll -> [2007/12/04 11:38:14 | 00,550,912 | ---- | M] (Microsoft Corporation)
"olecli32" -> C:\WINDOWS\system32\olecli32.dll -> [2005/07/25 21:39:48 | 00,074,752 | ---- | M] (Microsoft Corporation)
"olecnv32" -> C:\WINDOWS\system32\olecnv32.dll -> [2005/07/25 21:39:50 | 00,037,888 | ---- | M] (Microsoft Corporation)
"olesvr32" -> C:\WINDOWS\system32\olesvr32.dll -> [2004/08/04 01:00:00 | 00,022,016 | ---- | M] (Microsoft Corporation)
"olethk32" -> C:\WINDOWS\system32\olethk32.dll -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
"rpcrt4" -> C:\WINDOWS\system32\rpcrt4.dll -> [2007/07/09 06:09:42 | 00,584,192 | ---- | M] (Microsoft Corporation)
"shell32" -> C:\WINDOWS\system32\shell32.dll -> [2007/10/25 20:36:52 | 08,454,656 | ---- | M] (Microsoft Corporation)
"url" -> C:\WINDOWS\system32\url.dll -> [2004/08/04 01:00:00 | 00,037,888 | ---- | M] (Microsoft Corporation)
"urlmon" -> C:\WINDOWS\system32\urlmon.dll -> [2008/10/16 03:37:04 | 00,615,936 | ---- | M] (Microsoft Corporation)
"user32" -> C:\WINDOWS\system32\user32.dll -> [2007/03/08 08:36:28 | 00,577,536 | ---- | M] (Microsoft Corporation)
"version" -> C:\WINDOWS\system32\version.dll -> [2004/08/04 01:00:00 | 00,018,944 | ---- | M] (Microsoft Corporation)
"wininet" -> C:\WINDOWS\system32\wininet.dll -> [2008/10/16 03:37:04 | 00,659,456 | ---- | M] (Microsoft Corporation)
"wldap32" -> C:\WINDOWS\system32\wldap32.dll -> [2004/08/04 01:00:00 | 00,172,032 | ---- | M] (Microsoft Corporation)
< Session Manager SFC Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC ->
"CommonFilesDir" -> C:\Program Files\Common Files -> [2007/10/23 00:25:50 | 00,000,000 | ---D | M]
"ProgramFilesDir" -> C:\Program Files -> [2007/12/13 18:38:36 | 00,000,000 | R--D | M]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
batfile [open] -> "%1" %* -> File not found
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> [2005/05/26 16:22:02 | 00,010,752 | ---- | M] (Microsoft Corporation)
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
cmdfile [open] -> "%1" %* -> File not found
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
comfile [open] -> "%1" %* -> File not found
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> [2007/10/25 20:36:52 | 08,454,656 | ---- | M] (Microsoft Corporation)
exefile [open] -> "%1" %* -> File not found
helpfile [open] -> winhlp32.exe %1 -> [2004/08/04 01:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation)
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> [2004/08/04 01:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation)
htafile [open] -> %SystemRoot%\system32\mshta.exe "%1" %* -> [2004/08/04 01:00:00 | 00,029,184 | ---- | M] (Microsoft Corporation)
htmlfile [edit] -> Reg Error: Key does not exist or could not be opened.
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> [2004/08/04 01:00:00 | 00,093,184 | ---- | M] (Microsoft
Corporation)
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> [2004/08/04 01:00:00 | 00,093,184 | ---- | M] (Microsoft
Corporation)
htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> [2008/12/12 10:33:24 | 03,060,224 | ---- | M] (Microsoft
Corporation)
http [open] -> %SystemDrive%\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" -> [2008/07/23 20:12:36 | 07,667,312 | ---- | M]
(Mozilla Corporation)
https [open] -> %SystemDrive%\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" -> [2008/07/23 20:12:36 | 07,667,312 | ---- | M]
(Mozilla Corporation)
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> [2004/08/04 01:00:00 | 00,033,280
| ---- | M] (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> [2008/10/16 03:37:04 | 01,494,528 | ---- | M] (Microsoft Corporation)
InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> [2008/12/12 10:33:24 | 03,060,224 | ---- | M]
(Microsoft Corporation)
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004/08/04 01:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004/08/04 01:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* -> File not found
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" -> [2004/08/04 01:00:00 | 00,146,432 | ---- | M] (Microsoft Corporation)
regfile [merge] -> Reg Error: Key does not exist or could not be opened.
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
scrfile [config] -> "%1" -> File not found
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2004/08/04 01:00:00 | 00,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S -> File not found
txtfile [edit] -> Reg Error: Key does not exist or could not be opened.
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft
Corporation)
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004/08/04 01:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004/08/04 01:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004/08/04 01:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2004/08/04 01:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> [2007/10/25 20:36:52 | 08,454,656
| ---- | M] (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe -> [2007/06/13 03:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2007/06/13 03:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2007/06/13 03:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2007/06/13 03:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation)
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> [2004/08/04 01:00:00 | 00,093,184 | ---- | M]
(Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" -> [2004/08/04 01:00:00 |
00,093,184 | ---- | M] (Microsoft Corporation)
< Tcpip Persistent Routes > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes ->
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{00000409-78E1-11D2-B60F-006097C998E7} -> Microsoft Office 2000 Premium
{00203668-8170-44A0-BE44-B632FA4D780F} -> Adobe AIR
{02DFF6B1-1654-411C-8D7B-FD6052EF016F} -> Apple Software Update
{08CA9554-B5FE-4313-938F-D4A417B81175} -> QuickTime
{26A24AE4-039D-4CA4-87B4-2F83216011FF} -> Java(TM) 6 Update 11
{2715D1D6-2B81-4DD5-A9DC-6EFF4D5E0993} -> Ahead Nero Burning Rom PlugIn Pack 2.0.2 by MadHacker2k4
{2BA00471-0328-3743-93BD-FA813353A783} -> Microsoft .NET Framework 3.0 Service Pack 1
{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2} -> Data Lifeguard Tools
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{43FFE159-3199-4188-A1CD-629166AD1033} -> Nero 7 Ultra Edition
{56C049BE-79E9-4502-BEA7-9754A3E60F9B} -> neroxml
{6D74E1F4-32D5-44D0-9054-8D57E981F59F}_is1 -> Flash Saving Plugin
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{77DCDCE3-2DED-62F3-8154-05E745472D07} -> Acrobat.com
{89B078C4-50B0-453E-BF53-3A7E6A0D85FA} -> Windows Support Tools
{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B} -> DiscWizard for Windows
{AC76BA86-7AD7-1033-7B44-A90000000001} -> Adobe Reader 9
{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
{B508B3F1-A24A-32C0-B310-85786919EF28} -> Microsoft .NET Framework 2.0 Service Pack 1
{BAF78226-3200-4DB4-BE33-4D922A799840} -> Windows Presentation Foundation
{CC5BCC32-7EAB-4555-B7DC-E7B9BF927C5C} -> NETGEAR DG632 ADSL Modem
{F3D7915D-6B42-49FA-9FC8-5020479A6A57} -> Nero Reloaded PlugIn Pack 2.0.4 by GEAR
{FB08F381-6533-4108-B7DD-039E11FBC27E} -> Realtek AC'97 Audio
Ad-Aware SE Personal -> Ad-Aware SE Personal
Adobe AIR -> Adobe AIR
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 1.0 -> Adobe Photoshop Elements
Adobe Shockwave Player -> Adobe Shockwave Player
Adobe SVG Viewer -> Adobe SVG Viewer
Ahead Nero Add-on Pack -> Ahead Nero Add-on Pack
AVG7Uninstall -> AVG Free Edition
AVGantiRootkit -> AVG Anti-Rootkit Free
AVGAntiSpyware75 -> AVG Anti-Spyware 7.5
BIMPLite -> BIMP Lite 1.62
Bookshelf 2k -> Bookshelf 2000
CheckIt Diagnostics -> CheckIt Diagnostics
Cole2k Media - Codec Pack -> Cole2k Media - Codec Pack (Advanced)
com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Acrobat.com
Combined Community Codec Pack_is1 -> Combined Community Codec Pack 2007-02-22
DIVXCodec -> DivX Codec 3.1alpha release
ERUNT_is1 -> ERUNT 1.1j
EZ Mask v1.5 for Adobe Photoshop & Photoshop Elements -> EZ Mask v1.5 for Adobe Photoshop & Photoshop Elements
GSpot -> GSpot Codec Information Appliance
HijackThis -> HijackThis 2.0.2
IconArt -> IconArt
IsoBuster_is1 -> IsoBuster 2.3
Kaspersky Online Scanner -> Kaspersky Online Scanner
Magic ISO Maker v5.4 (build 0251) -> Magic ISO Maker v5.4 (build 0251)
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Malwarebytes' RogueRemover FREE_is1 -> Malwarebytes' RogueRemover
Movkit Batch Video Converter_is1 -> Movkit Batch Video Converter 2.8.8
Mozilla Firefox (2.0.0.16) -> Mozilla Firefox (2.0.0.16)
Mozilla Thunderbird (2.0.0.6) -> Mozilla Thunderbird (2.0.0.6)
NVIDIA Drivers -> NVIDIA Drivers
OggDS -> Direct Show Ogg Vorbis Filter (remove only)
OneTouch Version 3.0 -> OneTouch Version 3.0
PaperPort 7.02 -> PaperPort 7.02
RealPlayer 6.0 -> RealPlayer
RmTablet -> USB Tablet Manager
SLD Codec Pack -> SLD Codec Pack
SpywareBlaster_is1 -> SpywareBlaster 4.1
ST6UNST #1 -> UnZixWin
SystemRequirementsLab -> System Requirements Lab
TeraCopy_is1 -> TeraCopy 1.22 Pro
Tweak UI 2.10 -> Tweak UI
VCW VicMan's Photo Editor -> VCW VicMan's Photo Editor
VirtualCloneDrive -> VirtualCloneDrive
Windows Media Format Runtime -> Windows Media Format Runtime
WinRAR archiver -> WinRAR archiver
XpsEPSC -> XML Paper Specification Shared Components Pack 1.0
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
uTorrent -> µTorrent
< Uninstall List [HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\] > ->
HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
uTorrent -> µTorrent
< WOW Settings [HKEY_LOCAL_MACHINE] - Select to Repair > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW ->
"cmdline" -> %SystemRoot%\system32\ntvdm.exe ->
"wowcmdline" -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 1/3/2009 12:49:08 PM Computer Name = COMPUTER | Source = Application Error | ID = 1000 -> Description = Faulting
application k9261108.exe, version 3.1.0.2, faulting module unknown, version 0.0.0.0, fault address 0x0084465d.
Application [ Error ] 1/6/2009 06:18:14 AM Computer Name = COMPUTER | Source = Application Error | ID = 1000 -> Description = Faulting
application media.player.classic.6.4.9.0.exe, version 6.4.9.0, faulting module proppage.dll, version 6.5.1.1126, fault address 0x0001ee68.
Application [ Error ] 1/11/2009 11:21:49 AM Computer Name = COMPUTER | Source = crypt32 | ID = 131080 -> Description = Failed auto update
retrieval of third-party root list sequence number from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the
timeout period expired.
Application [ Error ] 1/11/2009 11:21:57 AM Computer Name = COMPUTER | Source = Application Error | ID = 1000 -> Description = Faulting
application sed.exe, version 0.0.0.0, faulting module sed.exe, version 0.0.0.0, fault address 0x00013e87.
Application [ Error ] 1/11/2009 03:21:28 PM Computer Name = COMPUTER | Source = Application Error | ID = 1000 -> Description = Faulting
application swreg.cfexe, version 3.0.0.0, faulting module swreg.cfexe, version 3.0.0.0, fault address 0x00003cba.
Application [ Error ] 1/11/2009 03:34:57 PM Computer Name = COMPUTER | Source = Application Error | ID = 1000 -> Description = Faulting
application swreg.cfexe, version 3.0.0.0, faulting module swreg.cfexe, version 3.0.0.0, fault address 0x00003cba.
Application [ Error ] 1/13/2009 10:26:57 AM Computer Name = COMPUTER | Source = Application Error | ID = 1000 -> Description = Faulting
application firefox.exe, version 1.8.20080.4669, faulting module js3250.dll, version 4.0.0.0, fault address 0x0004b827.
Application [ Error ] 1/13/2009 02:44:05 PM Computer Name = COMPUTER | Source = Application Error | ID = 1000 -> Description = Faulting
application photoshopelements.exe, version 1.0.128.0, faulting module psicon.dll, version 6.6.64.53, fault address 0x000019e4.
Application [ Error ] 1/14/2009 06:23:43 PM Computer Name = COMPUTER | Source = Application Error | ID = 1000 -> Description = Faulting
application mrt.exe, version 2.6.2427.0, faulting module mpengine.dll, version 1.1.4208.0, fault address 0x002372cb.
Application [ Error ] 1/16/2009 04:23:53 PM Computer Name = COMPUTER | Source = Application Error | ID = 1000 -> Description = Faulting
application firefox.exe, version 1.8.20080.4669, faulting module firefox.exe, version 1.8.20080.4669, fault address 0x0019109c.
System [ Error ] 1/12/2009 12:03:38 AM Computer Name = COMPUTER | Source = Service Control Manager | ID = 7001 -> Description = The SSDP
Discovery Service service depends on the HTTP service which failed to start because of the following error: %%5
System [ Error ] 1/12/2009 12:15:50 PM Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000 -> Description = The CMS PortIO
Service service failed to start due to the following error: %%2
System [ Error ] 1/12/2009 02:10:13 PM Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000 -> Description = The CMS PortIO
Service service failed to start due to the following error: %%2
System [ Error ] 1/12/2009 03:19:06 PM Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000 -> Description = The CMS PortIO
Service service failed to start due to the following error: %%2
System [ Error ] 1/13/2009 02:23:43 AM Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000 -> Description = The CMS PortIO
Service service failed to start due to the following error: %%2
System [ Error ] 1/14/2009 06:59:49 AM Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000 -> Description = The CMS PortIO
Service service failed to start due to the following error: %%2
System [ Error ] 1/14/2009 07:11:13 AM Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000 -> Description = The CMS PortIO
Service service failed to start due to the following error: %%2
System [ Error ] 1/14/2009 09:31:51 AM Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000 -> Description = The CMS PortIO
Service service failed to start due to the following error: %%2
System [ Error ] 1/16/2009 12:30:40 AM Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000 -> Description = The CMS PortIO
Service service failed to start due to the following error: %%2
System [ Error ] 1/16/2009 10:28:01 AM Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000 -> Description = The CMS PortIO
Service service failed to start due to the following error: %%2
[Files/Folders - Created Within 90 Days]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
rsit -> %SystemDrive%\rsit -> [2009/01/16 07:38:18 | 00,000,000 | ---D | C]
FOUND.000 -> %SystemDrive%\FOUND.000 -> [2009/01/14 04:10:38 | 00,000,000 | -HSD | C]
ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/01/13 14:08:51 | 11,030,528 | ---- | C] ()
Adobe Gamma Loader.exe.lnk.disabled -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk.disabled -> [2009/01/12
12:31:40 | 00,000,794 | ---- | C] ()
Adobe AIR -> %CommonProgramFiles%\Adobe AIR -> [2009/01/12 08:30:56 | 00,000,000 | ---D | C]
temp -> %SystemRoot%\temp -> [2009/01/11 12:35:53 | 00,000,000 | ---D | C]
Country -> %SystemDrive%\Country -> [2009/01/11 12:32:27 | 00,000,000 | ---D | C]
gmer.dll -> %SystemRoot%\gmer.dll -> [2009/01/11 12:25:05 | 00,884,736 | ---- | C] ()
gmer.exe -> %SystemRoot%\gmer.exe -> [2009/01/11 12:25:05 | 00,811,008 | ---- | C] ()
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> [2009/01/11 12:25:05 | 00,085,969 | ---- | C] (GMER)
gmer.ini -> %SystemRoot%\gmer.ini -> [2009/01/11 12:25:05 | 00,000,250 | ---- | C] ()
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [2009/01/11 12:25:05 | 00,000,080 | ---- | C] ()
SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> [2009/01/11 12:18:32 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> %SystemRoot%\SWREG.exe -> [2009/01/11 12:18:32 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> %SystemRoot%\SWSC.exe -> [2009/01/11 12:18:32 | 00,136,704 | ---- | C] (SteelWerX)
sed.exe -> %SystemRoot%\sed.exe -> [2009/01/11 12:18:32 | 00,098,816 | ---- | C] ()
fdsv.exe -> %SystemRoot%\fdsv.exe -> [2009/01/11 12:18:32 | 00,089,504 | ---- | C] (Smallfrogs Studio)
grep.exe -> %SystemRoot%\grep.exe -> [2009/01/11 12:18:32 | 00,080,412 | ---- | C] ()
zip.exe -> %SystemRoot%\zip.exe -> [2009/01/11 12:18:32 | 00,068,096 | ---- | C] ()
VFIND.exe -> %SystemRoot%\VFIND.exe -> [2009/01/11 12:18:32 | 00,049,152 | ---- | C] ()
NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> [2009/01/11 12:18:32 | 00,028,672 | ---- | C] (NirSoft)
Trend Micro -> %ProgramFiles%\Trend Micro -> [2009/01/11 07:54:50 | 00,000,000 | ---D | C]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [2009/01/11 07:29:14 | 00,000,000 | ---D | C]
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/01/03 21:17:16 | 20,853,704 | ---- | C] (Microsoft Corporation)
1A-MontyWallpaper4.bmp -> %UserProfile%\My Documents\1A-MontyWallpaper4.bmp -> [2008/11/18 12:54:42 | 01,922,456 | ---- | C] ()
1A-MontyWallpaper3.bmp -> %UserProfile%\My Documents\1A-MontyWallpaper3.bmp -> [2008/11/18 12:49:29 | 01,922,456 | ---- | C] ()
1A-Montywallpaper2.bmp -> %UserProfile%\My Documents\1A-Montywallpaper2.bmp -> [2008/11/18 12:43:44 | 01,920,054 | ---- | C] ()
1A-MontyWallpaper1.bmp -> %UserProfile%\My Documents\1A-MontyWallpaper1.bmp -> [2008/11/18 12:39:03 | 01,922,456 | ---- | C] ()
KPCMS.INI -> %SystemRoot%\KPCMS.INI -> [2008/11/18 05:24:12 | 00,000,048 | ---- | C] ()
uninst.exe -> %SystemRoot%\uninst.exe -> [2008/11/18 05:21:02 | 00,297,472 | ---- | C] (InstallShield Corporation, Inc.)
Deckard -> %SystemDrive%\Deckard -> [2008/11/15 08:52:07 | 00,000,000 | ---D | C]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [2008/11/15 08:17:43 | 00,000,000 | RH-D | C]
NVIDIA.lnk -> %UserProfile%\Desktop\NVIDIA.lnk -> [2008/11/14 11:15:08 | 00,000,228 | ---- | C] ()
AVG7QT.DAT -> %SystemDrive%\AVG7QT.DAT -> [2008/11/14 10:49:28 | 12,512,467 | ---- | C] ()
AVG7 -> %AppData%\AVG7 -> [2008/11/12 11:53:04 | 00,000,000 | ---D | C]
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> [2008/11/12 11:52:59 | 00,026,952 | ---- | C] (GRISOFT, s.r.o.)
avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> [2008/11/12 11:52:59 | 00,010,760 | ---- | C] (GRISOFT, s.r.o.)
avgtdi.sys -> %SystemRoot%\System32\drivers\avgtdi.sys -> [2008/11/12 11:52:59 | 00,004,960 | ---- | C] (GRISOFT, s.r.o.)
avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> [2008/11/12 11:52:57 | 00,027,776 | ---- | C] (GRISOFT, s.r.o.)
avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> [2008/11/12 11:52:57 | 00,004,224 | ---- | C] (GRISOFT, s.r.o.)
avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> [2008/11/12 11:52:56 | 00,821,856 | ---- | C] (GRISOFT, s.r.o.)
avg7 -> %AllUsersProfile%\Application Data\avg7 -> [2008/11/12 11:52:55 | 00,000,000 | ---D | C]
ERUNT -> %UserProfile%\My Documents\ERUNT -> [2008/11/12 11:51:17 | 00,000,000 | ---D | C]
Avg8 -> %AllUsersProfile%\Application Data\Avg8 -> [2008/11/12 10:59:38 | 00,000,000 | ---D | C]
NVIDIA -> %AllUsersProfile%\Application Data\NVIDIA -> [2008/11/12 02:41:43 | 00,000,000 | ---D | C]
Ahead -> %ProgramFiles%\Ahead -> [2008/11/02 08:51:57 | 00,000,000 | ---D | C]
Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage -> [2008/11/02 08:18:49 | 00,000,000 | ---D | C]
Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage -> [2008/11/02 08:18:43 | 00,000,000 | ---D | C]
WebsitePasswords1.jpg -> %UserProfile%\My Documents\WebsitePasswords1.jpg -> [2008/10/21 14:16:21 | 00,119,768 | ---- | C] ()
CoreCodec -> %ProgramFiles%\CoreCodec -> [2008/10/21 13:18:18 | 00,000,000 | ---D | C]
[Files/Folders - Modified Within 90 Days]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
3 C:\Documents and Settings\Administrator.COMPUTER\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Administrator.COMPUTER\Local
Settings\temp\*.tmp ->
3 C:\Documents and Settings\Administrator.COMPUTER\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Administrator.COMPUTER\Local
Settings\temp\*.tmp ->
Perflib_Perfdata_664.dat -> %UserProfile%\Local Settings\temp\Perflib_Perfdata_664.dat -> [2009/01/16 14:15:18 | 00,016,384 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2009/01/16 07:27:58 | 00,000,705 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/01/16 07:27:52 | 00,013,668 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/01/16 07:27:48 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/01/16 07:27:46 | 00,002,048 | --S- | M] ()
ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/01/15 21:32:44 | 11,030,528 | ---- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/01/15 21:32:44 | 00,000,178 | -HS- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/01/15 21:29:30 | 00,005,498 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/01/15 21:29:30 | 00,004,232 | ---- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes
Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
mpengine.dll -> %UserProfile%\Local Settings\temp\mpengine.dll -> [2009/01/14 15:23:22 | 04,141,904 | ---- | M] (Microsoft Corporation)
default.pls -> %UserProfile%\default.pls -> [2009/01/14 09:15:52 | 00,000,162 | ---- | M] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2009/01/14 09:15:52 | 00,000,069 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->
[2009/01/14 08:02:34 | 00,168,960 | ---- | M] ()
µTorrent.lnk -> %UserProfile%\Desktop\µTorrent.lnk -> [2009/01/14 04:22:46 | 00,001,404 | ---- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2009/01/13 23:27:44 | 00,000,227 | ---- | M] ()
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [2009/01/12 23:23:22 | 00,000,000 | ---- | M] ()
Adobe Gamma Loader.exe.lnk.disabled -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk.disabled -> [2009/01/12
12:31:42 | 00,000,794 | ---- | M] ()
gmer.ini -> %SystemRoot%\gmer.ini -> [2009/01/11 20:58:16 | 00,000,250 | ---- | M] ()
gmer.dll -> %SystemRoot%\gmer.dll -> [2009/01/11 12:25:06 | 00,884,736 | ---- | M] ()
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> [2009/01/11 12:25:06 | 00,085,969 | ---- | M] (GMER)
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [2009/01/11 12:25:06 | 00,000,080 | ---- | M] ()
KPCMS.INI -> %SystemRoot%\KPCMS.INI -> [2009/01/11 12:17:04 | 00,000,048 | ---- | M] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/01/09 18:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation)
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/01/03 21:17:14 | 00,001,355 | ---- | M] ()
mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008/12/12 10:33:24 | 03,060,224 | ---- | M] (Microsoft Corporation)
mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2008/12/12 10:33:24 | 03,060,224 | ---- | M] (Microsoft Corporation)
srv.sys -> %SystemRoot%\System32\drivers\srv.sys -> [2008/12/11 04:57:22 | 00,333,184 | ---- | M] (Microsoft Corporation)
srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/12/11 04:57:22 | 00,333,184 | ---- | M] (Microsoft Corporation)
1A-MontyWallpaper4.bmp -> %UserProfile%\My Documents\1A-MontyWallpaper4.bmp -> [2008/11/18 12:54:46 | 01,922,456 | ---- | M] ()
1A-MontyWallpaper1.bmp -> %UserProfile%\My Documents\1A-MontyWallpaper1.bmp -> [2008/11/18 12:50:08 | 01,922,456 | ---- | M] ()
1A-MontyWallpaper3.bmp -> %UserProfile%\My Documents\1A-MontyWallpaper3.bmp -> [2008/11/18 12:49:34 | 01,922,456 | ---- | M] ()
NVIDIA.lnk -> %UserProfile%\Desktop\NVIDIA.lnk -> [2008/11/14 11:15:10 | 00,000,228 | ---- | M] ()
AVG7QT.DAT -> %SystemDrive%\AVG7QT.DAT -> [2008/11/14 10:49:32 | 12,512,467 | ---- | M] ()
avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> [2008/11/12 11:59:54 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.)
avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> [2008/11/12 11:59:46 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.)
avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> [2008/11/12 11:59:46 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.)
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> [2008/11/12 11:59:46 | 00,026,952 | ---- | M] (GRISOFT, s.r.o.)
avgtdi.sys -> %SystemRoot%\System32\drivers\avgtdi.sys -> [2008/11/12 11:53:00 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.)
avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> [2008/11/12 11:52:58 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.)
Computer Management.lnk -> %UserProfile%\My Documents\Computer Management.lnk -> [2008/11/11 22:47:58 | 00,001,494 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2008/11/11 22:16:44 | 00,000,322 | -HS- | M] ()
OggDSUninst.exe -> %SystemRoot%\System32\OggDSUninst.exe -> [2008/11/02 08:46:50 | 00,037,270 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2008/11/02 07:57:28 | 00,093,584 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/11/02 07:51:32 | 01,600,160 | ---- | M] ()
mrxsmb.sys -> %SystemRoot%\System32\drivers\mrxsmb.sys -> [2008/10/24 04:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation)
mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/10/24 04:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation)
gdi32.dll -> %SystemRoot%\System32\gdi32.dll -> [2008/10/23 06:01:36 | 00,283,648 | ---- | M] (Microsoft Corporation)
gdi32.dll -> %SystemRoot%\System32\dllcache\gdi32.dll -> [2008/10/23 06:01:36 | 00,283,648 | ---- | M] (Microsoft Corporation)
tzchange.exe -> %SystemRoot%\System32\tzchange.exe -> [2008/10/22 02:47:08 | 00,062,976 | ---- | M] (Microsoft Corporation)
WebsitePasswords1.jpg -> %UserProfile%\My Documents\WebsitePasswords1.jpg -> [2008/10/21 14:16:24 | 00,119,768 | ---- | M] ()
hhcolreg.dat -> %AllUsersProfile%\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [2008/07/20 08:23:24 | 00,004,944 | ---- | M] ()
FileAssoc.dll -> %UserProfile%\Local Settings\temp\_ISTMP1.DIR\_ISTMP0.DIR\FileAssoc.dll -> [2001/02/21 18:44:00 | 00,172,032 | R--- | M] ()
Adobeisf.dll -> %UserProfile%\Local Settings\temp\_ISTMP1.DIR\_ISTMP0.DIR\Adobeisf.dll -> [2001/02/14 17:22:00 | 00,045,056 | R--- | M] (Adobe
Systems, Inc.)
Asn.er.dll -> %UserProfile%\Local Settings\temp\_ISTMP1.DIR\_ISTMP0.DIR\Asn.er.dll -> [2001/02/01 16:40:20 | 00,233,472 | R--- | M] (Adobe
Systems Incorporated)
EnigmaValidation.dll -> %UserProfile%\Local Settings\temp\_ISTMP1.DIR\_ISTMP0.DIR\EnigmaValidation.dll -> [2001/02/01 16:40:20 | 00,135,168 |
R--- | M] (Adobe Systems, Incorporated)
WINTDIST.EXE -> %UserProfile%\Local Settings\temp\_ISTMP1.DIR\_ISTMP0.DIR\WINTDIST.EXE -> [2001/01/19 13:30:26 | 00,401,760 | R--- | M]
(Microsoft Corporation)
IccTest.dll -> %UserProfile%\Local Settings\temp\_ISTMP1.DIR\_ISTMP0.DIR\IccTest.dll -> [2001/01/19 13:30:26 | 00,126,976 | R--- | M] (Adobe
Systems, Inc.)
ICOMP.EXE -> %UserProfile%\Local Settings\temp\_ISTMP1.DIR\_ISTMP0.DIR\ICOMP.EXE -> [2001/01/19 13:30:26 | 00,119,808 | R--- | M] ()
ShFolder.Exe -> %UserProfile%\Local Settings\temp\_ISTMP1.DIR\_ISTMP0.DIR\ShFolder.Exe -> [2001/01/19 13:30:26 | 00,117,288 | R--- | M]
(Microsoft Corporation)
73c1c.DLL -> %UserProfile%\Local Settings\temp\_ISTMP1.DIR\_ISTMP0.DIR\73c1c.DLL -> [2001/01/19 13:30:26 | 00,040,960 | R--- | M] (Adobe
Systems, Inc.)
[File - Lop Check]
Application Data -> C:\Documents and Settings\Default User\Application Data -> [2007/10/23 00:25:40 | 00,000,000 | RH-D | M]
Application Data -> C:\Documents and Settings\All Users\Application Data -> [2007/10/23 00:25:40 | 00,000,000 | RH-D | M]
AVG7 -> C:\Documents and Settings\All Users\Application Data\AVG7 -> [2007/10/23 01:09:56 | 00,000,000 | ---D | M]
EnterNHelp -> C:\Documents and Settings\All Users\Application Data\EnterNHelp -> [2007/10/23 13:36:12 | 00,000,000 | ---D | M]
FLEXnet -> C:\Documents and Settings\All Users\Application Data\FLEXnet -> [2007/10/23 13:36:12 | 00,000,000 | ---D | M]
Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [2007/10/23 01:09:56 | 00,000,000 | ---D | M]
Ultima_T15 -> C:\Documents and Settings\All Users\Application Data\Ultima_T15 -> [2007/10/23 13:36:12 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\NetworkService\Application Data -> [2007/10/23 00:53:14 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\LocalService\Application Data -> [2007/10/23 00:55:16 | 00,000,000 | ---D | M]
AVG7 -> C:\Documents and Settings\LocalService\Application Data\AVG7 -> [2007/10/23 15:26:26 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\montyl\Application Data -> [2007/10/23 00:25:40 | 00,000,000 | RH-D | M]
AVG7 -> C:\Documents and Settings\montyl\Application Data\AVG7 -> [2007/10/23 01:10:08 | 00,000,000 | ---D | M]
Hulubulu -> C:\Documents and Settings\montyl\Application Data\Hulubulu -> [2007/10/23 14:26:18 | 00,000,000 | ---D | M]
MSNInstaller -> C:\Documents and Settings\montyl\Application Data\MSNInstaller -> [2007/10/23 14:26:20 | 00,000,000 | ---D | M]
Thunderbird -> C:\Documents and Settings\montyl\Application Data\Thunderbird -> [2007/10/23 14:25:44 | 00,000,000 | ---D | M]
Uniblue -> C:\Documents and Settings\montyl\Application Data\Uniblue -> [2007/10/23 14:26:18 | 00,000,000 | ---D | M]
uTorrent -> C:\Documents and Settings\montyl\Application Data\uTorrent -> [2007/10/23 14:26:20 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\Administrator\Application Data -> [2007/10/23 13:36:08 | 00,000,000 | -H-D | M]
Thunderbird -> C:\Documents and Settings\Administrator\Application Data\Thunderbird -> [2007/10/23 13:36:10 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\Default User.WINDOWS\Application Data -> [2007/10/23 15:51:56 | 00,000,000 | RH-D | M]
Application Data -> C:\Documents and Settings\All Users.WINDOWS\Application Data -> [2007/10/23 15:51:56 | 00,000,000 | RH-D | M]
Ahead -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead -> [2008/04/09 08:25:40 | 00,000,000 | ---D | M]
avg7 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7 -> [2008/11/12 11:52:56 | 00,000,000 | ---D | M]
Digital Film Tools -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Digital Film Tools -> [2007/10/25 20:18:28 | 00,000,000 |
---D | M]
Grisoft -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft -> [2007/10/23 18:05:16 | 00,000,000 | ---D | M]
Propellerhead Software -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Propellerhead Software -> [2007/12/11 23:56:56 |
00,000,000 | ---D | M]
Seagate -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Seagate -> [2008/03/11 20:52:44 | 00,000,000 | ---D | M]
Tablet -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Tablet -> [2008/07/01 22:35:14 | 00,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP -> [2007/12/05 07:02:36 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data -> [2007/10/23 16:06:02 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data -> [2007/10/23 16:14:52 | 00,000,000 | ---D | M]
AVG7 -> C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7 -> [2008/11/12 11:53:02 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\Administrator.COMPUTER\Application Data -> [2007/10/23 15:51:56 | 00,000,000 | RH-D | M]
Ahead -> C:\Documents and Settings\Administrator.COMPUTER\Application Data\Ahead -> [2008/04/11 10:12:40 | 00,000,000 | ---D | M]
AVG7 -> C:\Documents and Settings\Administrator.COMPUTER\Application Data\AVG7 -> [2008/11/12 11:53:06 | 00,000,000 | ---D | M]
Grisoft -> C:\Documents and Settings\Administrator.COMPUTER\Application Data\Grisoft -> [2008/03/25 07:25:16 | 00,000,000 | ---D | M]
Propellerhead Software -> C:\Documents and Settings\Administrator.COMPUTER\Application Data\Propellerhead Software -> [2007/12/19 23:22:20 |
00,000,000 | ---D | M]
SystemRequirementsLab -> C:\Documents and Settings\Administrator.COMPUTER\Application Data\SystemRequirementsLab -> [2008/03/08 20:24:44 |
00,000,000 | ---D | M]
TeraCopy -> C:\Documents and Settings\Administrator.COMPUTER\Application Data\TeraCopy -> [2008/09/19 20:48:22 | 00,000,000 | ---D | M]
Thunderbird -> C:\Documents and Settings\Administrator.COMPUTER\Application Data\Thunderbird -> [2007/10/23 17:15:40 | 00,000,000 | ---D | M]
uTorrent -> C:\Documents and Settings\Administrator.COMPUTER\Application Data\uTorrent -> [2007/10/23 20:12:24 | 00,000,000 | ---D | M]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2007/10/23 00:48:04 | 00,000,000 | --SD | M]
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/04 01:00:00 | 00,000,065 | RH-- | M] ()
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009/01/16 07:27:48 | 00,000,006 | -H-- | M] ()
[File - Purity Scan]
[File - Signature Check]
< Cached Copy > -> < OS Copy > -> < MD5's >
C:\WINDOWS\system32\dllcache\explorer.exe [2007/06/13 03:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\explorer.exe
[2007/06/13 03:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation) -> Cached Copy = 97BD6515465659FF8F3B7BE375B2EA87 \ OS Copy =
97BD6515465659FF8F3B7BE375B2EA87
C:\WINDOWS\system32\dllcache\csrss.exe [2004/08/04 01:00:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\csrss.exe
[2004/08/04 01:00:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -> Cached Copy = F12B178B1678D778CFD3FF1FC38C71FB \ OS Copy =
F12B178B1678D778CFD3FF1FC38C71FB
C:\WINDOWS\system32\dllcache\lsass.exe [2004/08/04 01:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\lsass.exe
[2004/08/04 01:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -> Cached Copy = 84885F9B82F4D55C6146EBF6065D75D2 \ OS Copy =
84885F9B82F4D55C6146EBF6065D75D2
C:\WINDOWS\system32\dllcache\rundll32.exe [2004/08/04 01:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) ->
C:\WINDOWS\system32\rundll32.exe [2004/08/04 01:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -> Cached Copy =
DA285490BBD8A1D0CE6623577D5BA1FF \ OS Copy = DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\system32\dllcache\services.exe [2004/08/04 01:00:00 | 00,108,032 | ---- | M] (Microsoft Corporation) ->
C:\WINDOWS\system32\services.exe [2004/08/04 01:00:00 | 00,108,032 | ---- | M] (Microsoft Corporation) -> Cached Copy =
C6CE6EEC82F187615D1002BB3BB50ED4 \ OS Copy = C6CE6EEC82F187615D1002BB3BB50ED4
C:\WINDOWS\system32\dllcache\smss.exe [2004/08/04 01:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\smss.exe
[2004/08/04 01:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -> Cached Copy = BD7FB0957C716F1A60333AEE04DE2178 \ OS Copy =
BD7FB0957C716F1A60333AEE04DE2178
C:\WINDOWS\system32\dllcache\spoolsv.exe [2005/06/10 16:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) ->
C:\WINDOWS\system32\spoolsv.exe [2005/06/10 16:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -> Cached Copy =
DA81EC57ACD4CDC3D4C51CF3D409AF9F \ OS Copy = DA81EC57ACD4CDC3D4C51CF3D409AF9F
C:\WINDOWS\system32\dllcache\svchost.exe [2004/08/04 01:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) ->
C:\WINDOWS\system32\svchost.exe [2004/08/04 01:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -> Cached Copy =
8F078AE4ED187AAABC0A305146DE6716 \ OS Copy = 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\system32\dllcache\taskmgr.exe [2004/08/04 01:00:00 | 00,135,680 | ---- | M] (Microsoft Corporation) ->
C:\WINDOWS\system32\taskmgr.exe [2004/08/04 01:00:00 | 00,135,680 | ---- | M] (Microsoft Corporation) -> Cached Copy =
FC160ACE21C81837692B339D230DD4BE \ OS Copy = FC160ACE21C81837692B339D230DD4BE
C:\WINDOWS\system32\dllcache\userinit.exe [2004/08/04 01:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation) ->
C:\WINDOWS\system32\userinit.exe [2004/08/04 01:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation) -> Cached Copy =
39B1FFB03C2296323832ACBAE50D2AFF \ OS Copy = 39B1FFB03C2296323832ACBAE50D2AFF
C:\WINDOWS\system32\dllcache\winlogon.exe [2004/08/04 01:00:00 | 00,502,272 | ---- | M] (Microsoft Corporation) ->
C:\WINDOWS\system32\winlogon.exe [2004/08/04 01:00:00 | 00,502,272 | ---- | M] (Microsoft Corporation) -> Cached Copy =
01C3346C241652F43AED8E2149881BFE \ OS Copy = 01C3346C241652F43AED8E2149881BFE
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
scan completed successfully
hidden files: 0
< End of report >
[/code]
Hi dinosaur58
WordWrap
The formatting of your post is messed up. This is caused by having Word Wrap checked.
1. Click Start > All Programs > Accessories > Notepad
2. On the menu bar in Notepad select Format and click on WordWrap so it appears unchecked.
1 - Scan With ComboFix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
How to Temporarily Disable Anti-virus (http://www.bleepingcomputer.com/forums/topic114351.html)
Please include the C:\ComboFix.txt in your next reply for further review.
2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
3 - Status Check
Please reply with
1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log
Thanks peku006
dinosaur58
2009-01-19, 19:38
Peku006, again my thanks for your help. Confirmed Word Wrap UNchecked, sorry about hard to read log. If it matters - when Combofix finished running 1 Firefox browser window and 2 Windows Explorer windows [open during scan] closed spontaneously. Scans run in Normal mode.
ComboFix 09-01-19.01 - Administrator 2009-01-19 11:23:34.6 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1466 [GMT -7:00]
Running from: c:\documents and settings\Administrator.COMPUTER\My Documents\Anti-Smitfraud\Country1.exe
AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.
2009-01-16 07:38 . 2009-01-16 07:38 <DIR> d-------- C:\rsit
2009-01-14 05:14 . 2007-12-11 19:46 3,468 --a------ c:\documents and settings\dht.dat.old
2009-01-14 05:14 . 2007-12-13 10:29 3,338 --a------ c:\documents and settings\dht.dat
2009-01-14 05:14 . 2007-09-08 00:33 2,890 --a------ c:\documents and settings\resume.old
2009-01-14 05:14 . 2007-12-13 10:29 2,260 --a------ c:\documents and settings\settings.dat
2009-01-14 05:14 . 2007-12-13 09:45 2,259 --a------ c:\documents and settings\settings.dat.old
2009-01-14 05:14 . 2007-09-08 00:33 2,245 --a------ c:\documents and settings\settings.old
2009-01-14 05:14 . 2007-09-08 00:33 111 --a------ c:\documents and settings\dht.old
2009-01-14 05:14 . 2007-12-13 10:27 58 --a------ c:\documents and settings\resume.dat.old
2009-01-14 05:14 . 2007-12-13 10:29 58 --a------ c:\documents and settings\resume.dat
2009-01-14 04:10 . 2009-01-14 04:10 <DIR> d--hs---- C:\FOUND.000
2009-01-12 08:30 . 2009-01-12 08:30 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-12 08:26 . 2009-01-12 08:26 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-12 08:26 . 2009-01-12 08:26 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-11 12:32 . 2009-01-11 12:32 <DIR> d-------- C:\Country
2009-01-11 12:25 . 2009-01-11 20:58 250 --a------ c:\windows\gmer.ini
2009-01-11 07:54 . 2009-01-11 07:54 <DIR> d-------- c:\program files\Trend Micro
2009-01-11 07:29 . 2009-01-11 07:29 <DIR> d-------- C:\VundoFix Backups
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 23:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 23:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-12 17:33 3,060,224 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\dllcache\srv.sys
2008-11-14 17:49 12,512,467 ------w C:\AVG7QT.DAT
2008-11-02 15:46 37,270 ----a-w c:\windows\system32\OggDSUninst.exe
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2006-03-03 11:27 1,010 ----a-w c:\documents and settings\Mozilla\registry.dat
2004-04-09 22:13 114,688 ----a-w c:\program files\NETGEAR DG632 USB Driveruninstalldrv.exe
2002-01-03 13:15 61,440 ----a-w c:\windows\inf\i386\onetUSD.dll
2001-10-02 15:58 36,864 ----a-w c:\windows\inf\i386\Wiamicro.dll
2001-09-28 15:00 139,264 ----a-w c:\windows\inf\i386\Rtscan.dll
2001-09-27 15:11 167,936 ----a-w c:\windows\inf\i386\viceo.dll
2008-07-24 03:12 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-07-24 03:12 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-24 03:12 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-07-24 03:12 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-07-24 03:12 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( snapshot_2009-01-11_12.21.18.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-11 19:25:06 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 04:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2007-12-12 22:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
- 2000-08-31 15:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 15:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2009-01-11 19:25:06 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2008-02-22 08:23:36 135,168 ----a-w c:\windows\system32\java.exe
+ 2009-01-12 15:26:14 144,792 ----a-w c:\windows\system32\java.exe
- 2008-02-22 08:23:40 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2009-01-12 15:26:14 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-02-22 09:33:32 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2009-01-12 15:26:14 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-12-09 22:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
- 2008-07-09 07:37:44 13,196 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2009-01-14 11:07:52 1,403,752 ----a-w c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-11-12 590848]
"nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe]
"atwtusb"="atwtusb.exe" [2007-03-20 c:\windows\system32\Atwtusb.exe]
"Tweak UI"="TWEAKUI.CPL" [1997-11-08 c:\windows\system32\TWEAKUI.CPL]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2008-11-12 219136]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk.disabled [2009-01-12 794]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"NoNetworkConnections"= 01000000
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.X264"= x264vfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.l3codec"= l3codecp.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^DOCUME~1^ADMINI~1.COM^Start Menu^Programs^Startup^QuickShelf 2000.lnk]
path=c:\docume~1\ADMINI~1.COM\Start Menu\Programs\Startup\QuickShelf 2000.lnk
backup=c:\windows\pss\QuickShelf 2000.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" /s
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12000:TCP"= 12000:TCP:Utor1
R1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [2008-07-01 22528]
R4 BCMNTIO;BCMNTIO;c:\progra~1\CHECKIT\DIAGNO~1\BCMNTIO.sys [2007-12-20 3744]
R4 MAPMEM;MAPMEM;c:\progra~1\CHECKIT\DIAGNO~1\MAPMEM.sys [2007-12-20 3904]
S4 portD;CMS PortIO Service;c:\windows\system32\DRIVERS\portd2k.sys --> c:\windows\system32\DRIVERS\portd2k.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Save Flash - c:\program files\SWF-Get\Flash Saving Plugin\FlashSButton.dll/210
FF - ProfilePath - c:\documents and settings\Administrator.COMPUTER\Application Data\Mozilla\Firefox\Profiles\bvvl5608.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 11:25:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08437B63-CA86-7C11-1E25-5A214BD5C952}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abnllihdbjplkgkdpkebpdfihejcgiaodb"=hex:61,62,6c,65,69,61,66,69,69,68,6d,65,
63,6d,6c,6e,63,67,63,66,6d,6a,6b,63,64,6d,67,61,68,66,62,70,65,61,00,00
"bbnllihdbjplkgkdpkfbdachibjdfkjonkac"=hex:61,62,67,67,63,64,64,61,65,69,68,62,
66,6d,63,70,63,64,65,68,6d,67,6e,6c,65,67,6a,6e,70,67,6e,6d,6f,63,00,00
.
Completion time: 2009-01-19 11:26:14
ComboFix-quarantined-files.txt 2009-01-19 18:26:14
ComboFix4.txt 2009-01-03 19:25:34
ComboFix3.txt 2009-01-11 19:22:08
ComboFix5.txt 2009-01-19 18:23:08
ComboFix2.txt 2009-01-11 19:35:54
Pre-Run: 82,711,445,504 bytes free
Post-Run: 82,855,559,168 bytes free
174 --- E O F --- 2009-01-14 22:25:12
===================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:A, on 1/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements\PhotoshopElements.exe
C:\Program Files\Common Files\Adobe\Web\AOM.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\FIREFOX.EXE
C:\Documents and Settings\Administrator.COMPUTER\My Documents\Anti-Smitfraud\HiJackThis.new.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O8 - Extra context menu item: Save Flash - res://C:\Program Files\SWF-Get\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\SWF-Get\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206762645578
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 4345 bytes
=========================
Thanks D58
Hi dinosaur58
Run Malwarebytes' Anti-Malware
Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Please reply with
the Malwarebytes' Anti-Malware Log
Thanks peku006
dinosaur58
2009-01-20, 13:55
Peku, Ran an M.B.A.M. Full Scan [usually run Quick Scan]. It found and deleted "Trojan horse Downloader Banload.AHMF Still unable to browse to wvUonLCS.dll
D58
dinosaur58
2009-01-20, 17:20
Peku006, again my thanks for your help. Confirmed Word Wrap UNchecked, sorry about hard to read log.
When Combofix finished running 1 Firefox browser window and 2 Windows Explorer windows [open during scan] closed spontaneously.
Ran an M.B.A.M. Full Scan [usually run Quick Scan]. It found and deleted "Trojan horse Downloader Banload.AHMF Still unable to browse to wvUonLCS.dll
Scans run in Normal mode.
ComboFix 09-01-19.01 - Administrator 2009-01-19 11:23:34.6 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1466 [GMT -7:00]
Running from: c:\documents and settings\Administrator.COMPUTER\My Documents\Anti-Smitfraud\Country1.exe
AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.
2009-01-16 07:38 . 2009-01-16 07:38 <DIR> d-------- C:\rsit
2009-01-14 05:14 . 2007-12-11 19:46 3,468 --a------ c:\documents and settings\dht.dat.old
2009-01-14 05:14 . 2007-12-13 10:29 3,338 --a------ c:\documents and settings\dht.dat
2009-01-14 05:14 . 2007-09-08 00:33 2,890 --a------ c:\documents and settings\resume.old
2009-01-14 05:14 . 2007-12-13 10:29 2,260 --a------ c:\documents and settings\settings.dat
2009-01-14 05:14 . 2007-12-13 09:45 2,259 --a------ c:\documents and settings\settings.dat.old
2009-01-14 05:14 . 2007-09-08 00:33 2,245 --a------ c:\documents and settings\settings.old
2009-01-14 05:14 . 2007-09-08 00:33 111 --a------ c:\documents and settings\dht.old
2009-01-14 05:14 . 2007-12-13 10:27 58 --a------ c:\documents and settings\resume.dat.old
2009-01-14 05:14 . 2007-12-13 10:29 58 --a------ c:\documents and settings\resume.dat
2009-01-14 04:10 . 2009-01-14 04:10 <DIR> d--hs---- C:\FOUND.000
2009-01-12 08:30 . 2009-01-12 08:30 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-12 08:26 . 2009-01-12 08:26 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-12 08:26 . 2009-01-12 08:26 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-11 12:32 . 2009-01-11 12:32 <DIR> d-------- C:\Country
2009-01-11 12:25 . 2009-01-11 20:58 250 --a------ c:\windows\gmer.ini
2009-01-11 07:54 . 2009-01-11 07:54 <DIR> d-------- c:\program files\Trend Micro
2009-01-11 07:29 . 2009-01-11 07:29 <DIR> d-------- C:\VundoFix Backups
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 23:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 23:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-12 17:33 3,060,224 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\dllcache\srv.sys
2008-11-14 17:49 12,512,467 ------w C:\AVG7QT.DAT
2008-11-02 15:46 37,270 ----a-w c:\windows\system32\OggDSUninst.exe
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2006-03-03 11:27 1,010 ----a-w c:\documents and settings\Mozilla\registry.dat
2004-04-09 22:13 114,688 ----a-w c:\program files\NETGEAR DG632 USB Driveruninstalldrv.exe
2002-01-03 13:15 61,440 ----a-w c:\windows\inf\i386\onetUSD.dll
2001-10-02 15:58 36,864 ----a-w c:\windows\inf\i386\Wiamicro.dll
2001-09-28 15:00 139,264 ----a-w c:\windows\inf\i386\Rtscan.dll
2001-09-27 15:11 167,936 ----a-w c:\windows\inf\i386\viceo.dll
2008-07-24 03:12 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-07-24 03:12 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-24 03:12 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-07-24 03:12 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-07-24 03:12 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( snapshot_2009-01-11_12.21.18.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-11 19:25:06 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 04:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2007-12-12 22:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
- 2000-08-31 15:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 15:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2009-01-11 19:25:06 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2008-02-22 08:23:36 135,168 ----a-w c:\windows\system32\java.exe
+ 2009-01-12 15:26:14 144,792 ----a-w c:\windows\system32\java.exe
- 2008-02-22 08:23:40 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2009-01-12 15:26:14 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-02-22 09:33:32 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2009-01-12 15:26:14 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-12-09 22:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
- 2008-07-09 07:37:44 13,196 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2009-01-14 11:07:52 1,403,752 ----a-w c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-11-12 590848]
"nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe]
"atwtusb"="atwtusb.exe" [2007-03-20 c:\windows\system32\Atwtusb.exe]
"Tweak UI"="TWEAKUI.CPL" [1997-11-08 c:\windows\system32\TWEAKUI.CPL]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2008-11-12 219136]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk.disabled [2009-01-12 794]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"NoNetworkConnections"= 01000000
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.X264"= x264vfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.l3codec"= l3codecp.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^DOCUME~1^ADMINI~1.COM^Start Menu^Programs^Startup^QuickShelf 2000.lnk]
path=c:\docume~1\ADMINI~1.COM\Start Menu\Programs\Startup\QuickShelf 2000.lnk
backup=c:\windows\pss\QuickShelf 2000.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" /s
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12000:TCP"= 12000:TCP:Utor1
R1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [2008-07-01 22528]
R4 BCMNTIO;BCMNTIO;c:\progra~1\CHECKIT\DIAGNO~1\BCMNTIO.sys [2007-12-20 3744]
R4 MAPMEM;MAPMEM;c:\progra~1\CHECKIT\DIAGNO~1\MAPMEM.sys [2007-12-20 3904]
S4 portD;CMS PortIO Service;c:\windows\system32\DRIVERS\portd2k.sys --> c:\windows\system32\DRIVERS\portd2k.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Save Flash - c:\program files\SWF-Get\Flash Saving Plugin\FlashSButton.dll/210
FF - ProfilePath - c:\documents and settings\Administrator.COMPUTER\Application Data\Mozilla\Firefox\Profiles\bvvl5608.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 11:25:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08437B63-CA86-7C11-1E25-5A214BD5C952}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abnllihdbjplkgkdpkebpdfihejcgiaodb"=hex:61,62,6c,65,69,61,66,69,69,68,6d,65,
63,6d,6c,6e,63,67,63,66,6d,6a,6b,63,64,6d,67,61,68,66,62,70,65,61,00,00
"bbnllihdbjplkgkdpkfbdachibjdfkjonkac"=hex:61,62,67,67,63,64,64,61,65,69,68,62,
66,6d,63,70,63,64,65,68,6d,67,6e,6c,65,67,6a,6e,70,67,6e,6d,6f,63,00,00
.
Completion time: 2009-01-19 11:26:14
ComboFix-quarantined-files.txt 2009-01-19 18:26:14
ComboFix4.txt 2009-01-03 19:25:34
ComboFix3.txt 2009-01-11 19:22:08
ComboFix5.txt 2009-01-19 18:23:08
ComboFix2.txt 2009-01-11 19:35:54
Pre-Run: 82,711,445,504 bytes free
Post-Run: 82,855,559,168 bytes free
174 --- E O F --- 2009-01-14 22:25:12
===================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:A, on 1/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements\PhotoshopElements.exe
C:\Program Files\Common Files\Adobe\Web\AOM.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\FIREFOX.EXE
C:\Documents and Settings\Administrator.COMPUTER\My Documents\Anti-Smitfraud\HiJackThis.new.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O8 - Extra context menu item: Save Flash - res://C:\Program Files\SWF-Get\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\SWF-Get\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1206762645578
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 4345 bytes
=========================
Thanks D58
Hi dinosaur58
Press Start->Run, copy/paste the following command into the box and press OK:
cmd /c dir C:\*.* /L /A /B /S|Find "wvUonLCS.dll" >> "%userprofile%\desktop\look.txt"
A file called look.txt should appear on your Desktop. Please post the contents of this file.
Thanks peku006
dinosaur58
2009-01-20, 17:40
Peku, regret double post. I was not seeing your response of yesterday 12:04. MBAM log [Program did not ask about drives] referred to in my most recent post follows :
Malwarebytes' Anti-Malware 1.33
Database version: 1668
Windows 5.1.2600 Service Pack 2
1/20/2009 12:01:58 AM
mbam-log-2009-01-20 (00-01-58).txt
Scan type: Full Scan (C:\|)
Objects scanned: 112744
Time elapsed: 18 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Administrator.COMPUTER\My Documents\ReActivate\WinXP_Activate\Windows XP Keygen.exe (Malware.Tool) -> Not selected for removal.
C:\System Volume Information\_restore{A08155B8-3425-4173-9474-2C7C1FC3A3D2}\RP160\A0020203.exe (Adware.Agent) -> Quarantined and deleted successfully.
Thanks Again, D58
Hi dinosaur58
Do you know what this program is?
C:\Documents and Settings\Administrator.COMPUTER\My Documents\ReActivate\WinXP_Activate\Windows XP Keygen.exe
dinosaur58
2009-01-20, 18:27
look.txt file is empty. Re Windows XP Keygen.exe - was helping a freind of mine to reinstall his OS, didn't know how to find his key. Tried to use the keygen, but never got a good key from it. Finally found software for key retrieval. Can delete it if it's dangerous. Haven't run it in over a year, have had Kaspersky Full scans clean since then.
D58
Hi D58
You will need to validate your copy of Windows, please use Internet Explorer for the next step
Click here (http://www.microsoft.com/genuine/) to visit Microsoft website.
Click on the Validate Windows button on the top right hand corner to validate your Windows.
Click on Continue.
You will be prompted to install an ActiveX. Please install it.
Please copy and paste the results of the validation in your next reply.
thanks peku006
dinosaur58
2009-01-20, 19:40
All I got was this:
Validation Complete!
Thank you for completing the validation process and for using genuine Microsoft software.
By using genuine Microsoft software, you can be confident that you will have access to the latest features, security, and support, which will help to improve your productivity and expand the capabilities of your computer.
You will also have access to new innovations and offerings available only to genuine Microsoft software customers.
Hi D58
Thanks for returning your information...
1 - use windows search function
Please enable the Show Hidden Folders option
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Next,
Please open the window explorer.
Right click at start button. Click explore
Search the file or directory as below (if exist):
wvUonLCS.dll
Delete the file in red color if still exist.
2 - Clean temp files
Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
3 - Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
5 - Status Check
Please reply with
1. the Kaspersky online scanner report
2. a fresh HijackThis log
How's the computer running now?
Thanks peku006
dinosaur58
2009-01-21, 05:43
Peku, Again Kaspersky crashed my browser [before finishing database download]. it worked when I tried again. Interestingly Kaspersky identifies the Keyfinder file [mentioned previously but not identified by MBAM, and not picked up on previous Kaspersky scans], but not the Keygen file [identified by MBAM].
All scans run in Normal Mode.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, January 20, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, January 20, 2009 15:58:15
Records in database: 1654946
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan statistics:
Files scanned: 173151
Threat name: 4
Infected objects: 71
Suspicious objects: 0
Duration of the scan: 04:37:11
File name / Threat name / Threats count
C:\Doca-Mozilla\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Sunfraud.ax 3
C:\Doca-Mozilla\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Bankfraud.cw 3
C:\Doca-Mozilla\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Bankfraud.cm 2
C:\Documents and Settings\montyl\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Sunfraud.ax 3
C:\Documents and Settings\montyl\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Bankfraud.cw 3
C:\Documents and Settings\montyl\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Bankfraud.cm 2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Sunfraud.ax 3
C:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Bankfraud.cw 3
C:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Bankfraud.cm 2
C:\Documents and Settings\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Sunfraud.ax 3
C:\Documents and Settings\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Bankfraud.cw 3
C:\Documents and Settings\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Bankfraud.cm 2
C:\Documents and Settings\Administrator.COMPUTER\My Documents\ReActivate\WinXP_Activate\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 2
C:\Documents and Settings\Administrator.COMPUTER\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Sunfraud.ax 3
C:\Documents and Settings\Administrator.COMPUTER\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Bankfraud.cw 3
C:\Documents and Settings\Administrator.COMPUTER\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Bankfraud.cm 2
C:\Documents and Settings\Administrator.COMPUTER\Application Data\Thunderbird\Profiles\bqze3qas.default\Mail\localhost\Trash Infected: Trojan-Clicker.HTML.IFrame.abn 5
D:\C_Backup\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Sunfraud.ax 3
D:\C_Backup\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Bankfraud.cw 3
D:\C_Backup\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Bankfraud.cm 2
D:\C_Backup\Documents and Settings\montyl\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Sunfraud.ax 3
D:\C_Backup\Documents and Settings\montyl\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Bankfraud.cw 3
D:\C_Backup\Documents and Settings\montyl\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Bankfraud.cm 2
D:\C_Backup\Documents and Settings\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Sunfraud.ax 3
D:\C_Backup\Documents and Settings\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Bankfraud.cw 3
D:\C_Backup\Documents and Settings\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\INBOX Infected: Trojan-Spy.HTML.Bankfraud.cm 2
The selected area was scanned.
=====================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:P, on 1/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator.COMPUTER\My Documents\Anti-Smitfraud\HiJackThis.new.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O8 - Extra context menu item: Save Flash - res://C:\Program Files\SWF-Get\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\SWF-Get\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206762645578
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 4527 bytes
======================================================
Thanks, D58
Hi D58
Empty this folder
C:\Documents and Settings\Administrator.COMPUTER\Application Data\Thunderbird\Profiles\bqze3qas.default\Mail\localhost\Trash
Download and Run OTMoveIt3
Download OTMoveIt3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) by Old Timer and save it to your Desktop.
Double-click OTMoveIt3.exe.
Copy the lines in the codebox below.
:files
C:\Doca-Mozilla\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net
C:\Documents and Settings\montyl\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net
C:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net
C:\Documents and Settings\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net
C:\Documents and Settings\Administrator.COMPUTER\My Documents\ReActivate\WinXP_Activate\keyfinder.exe
C:\Documents and Settings\Administrator.COMPUTER\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net
D:\C_Backup\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net
D:\C_Backup\Documents and Settings\montyl\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net
D:\C_Backup\Documents and Settings\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net
Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
Please reply with
the OTMoveIt3.log
Thanks peku006
dinosaur58
2009-01-21, 11:06
Peku, Folder - C:\Documents and Settings\Administrator.COMPUTER\Application Data\Thunderbird\Profiles\bqze3qas.default\Mail\localhost\Trash
does not exist. Found - C:\Documents and Settings\Administrator.COMPUTER\Application Data\Thunderbird\Profiles\bqze3qas.default\Mail\Local Folders\Trash.sbd
EMPTY. Emptied Trash IN Thunderbird. Also found other instances of C:\~\bqze3qas.default\Mail\Local Folders\Trash.sbd - EMPTY.
Note that ALL instances of Mail Folders in question are backups from OLD mail account @BWN.NET that no longer exists [closed over 1 1/2 yrs ago].
Probably could delete ALL without a problem.
========== FILES ==========
C:\Doca-Mozilla\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\Archive.sbd\OLD.sbd moved successfully.
C:\Doca-Mozilla\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\Archive.sbd moved successfully.
C:\Doca-Mozilla\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net moved successfully.
C:\Documents and Settings\montyl\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\Archive.sbd\OLD.sbd moved successfully.
C:\Documents and Settings\montyl\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\Archive.sbd moved successfully.
C:\Documents and Settings\montyl\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\Archive.sbd\OLD.sbd moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\Archive.sbd moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net moved successfully.
C:\Documents and Settings\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\Archive.sbd\OLD.sbd moved successfully.
C:\Documents and Settings\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\Archive.sbd moved successfully.
C:\Documents and Settings\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net moved successfully.
C:\Documents and Settings\Administrator.COMPUTER\My Documents\ReActivate\WinXP_Activate\keyfinder.exe moved successfully.
C:\Documents and Settings\Administrator.COMPUTER\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\Archive.sbd\OLD.sbd moved successfully.
C:\Documents and Settings\Administrator.COMPUTER\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\Archive.sbd moved successfully.
C:\Documents and Settings\Administrator.COMPUTER\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net moved successfully.
D:\C_Backup\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\Archive.sbd\OLD.sbd moved successfully.
D:\C_Backup\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\Archive.sbd moved successfully.
D:\C_Backup\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net moved successfully.
D:\C_Backup\Documents and Settings\montyl\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\Archive.sbd\OLD.sbd moved successfully.
D:\C_Backup\Documents and Settings\montyl\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\Archive.sbd moved successfully.
D:\C_Backup\Documents and Settings\montyl\Application Data\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net moved successfully.
D:\C_Backup\Documents and Settings\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\Archive.sbd\OLD.sbd moved successfully.
D:\C_Backup\Documents and Settings\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net\Archive.sbd moved successfully.
D:\C_Backup\Documents and Settings\Mozilla\Users50\monty\l0je4a4r.slt\News\mail.bwn.net moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01212009_030407
Hi D58
Yes , delete all the old folders
Logs look good. How's the computer running now?
dinosaur58
2009-01-21, 12:21
Peku, All files deleted [except current T-Bird trash folder, it would probably be recreated, but didn't want to take the chance] no adverse effects on Thunderbird. Strange, the listed files ~\INBOX were all 0 KB. PC running ok except Photoshop Plug-in 'Vividia' [which ran fine before this problem] now generates a memory access error, and locks up Photoshop. I tried reinstalling it [Vividia, not PhP yet], but no good. I know some settings/tweaks are changed by ComboFix. Could this be the cause? Should any scans be run in safe mode for detection of files hidden/protected by malware?
Thanks again, D58
Hi D58
now generates a memory access error, and locks up Photoshop
what kind of notification you get......"Out of Memory" Error Message or someone else
I know some settings/tweaks are changed by ComboFix. Could this be the cause?
it is not possible....
Should any scans be run in safe mode for detection of files hidden/protected by malware
does not need........
dinosaur58
2009-01-21, 16:04
Peku, Exact message "Memory Access Violation". Cropped screen cap of error message box attatched. As you can see - multiple instances of the message open. Photoshop can only be shut down using Task Master/End Process.
D58
dinosaur58
2009-01-21, 16:17
Forgot to attach:
Hi D58
Please read this:
I get a Memory Access Violation when I run the Photoshop plugin. (http://www.namesuppressed.com/support/plugins-memory-access-violation.shtml)
dinosaur58
2009-01-21, 17:39
Peku, DEP exclusion worked. Otherwise system seems ok, no crashes, freezes, or other software problems. Before I forget, Re additional firewalling beyond Windows Firewall [frequent advice in summation phase of problems] I am connected to DSL through a full function, encrypted router.
Thanks, D58
Hi Hi D58
Great that your machine is running better now, the scans are fine and it looks like your machine is clean :yahoo:
Here are some firewalls which are free for personal use and most used:
1) Comodo (http://www.personalfirewall.comodo.com/download_firewall.html) (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) PC Tools (http://www.pctools.com/firewall/download/)
4) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Next we remove all used tools:
Delete RSIT from your desktop, also delete this folder C:\rsit.
uninstall ComboFix:
Click START then RUN
Now type Combofix /u in the runbox and click OK
Double-click OTMoveIt3.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Here are some free programs I recommend that could help you improve your computer's security.
Spybot Search and Destroy 1.6
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)
Install SpyWare Blaster 4.0
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Install WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)
Install FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)
Install MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)
Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.
Happy safe surfing! :bigthumb:
dinosaur58
2009-01-21, 20:17
Peku,
Will do, and thanks. Much of advice already in place.
D58
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.