Virtumonde Infection Help Please
- Thread starter zu921
- Start date
Hello again! Here is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:34 PM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
E:\WINDOWS\system32\igfxtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alifeinbloom.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [WatchDog] E:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YSearchProtection] "E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WinPatrol] E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegCom32] E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - E:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
--
End of file - 8651 bytes
==========================================================
And it's there. Every now and then, Scotty prompts me about this and when I click NO, it automatically opens THIS file. Is it normal?
file:///E:/Program%20Files/BillP%20Studios/WinPatrol/helpme.html
Moreover, I tried removing it thru HJT to no avail. Scotty can't kill it too even if I opted for killing it upon reboot.
Help please.
Thanks, peku006!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:34 PM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
E:\WINDOWS\system32\igfxtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alifeinbloom.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [WatchDog] E:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YSearchProtection] "E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WinPatrol] E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegCom32] E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - E:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
--
End of file - 8651 bytes
==========================================================
And it's there. Every now and then, Scotty prompts me about this and when I click NO, it automatically opens THIS file. Is it normal?
file:///E:/Program%20Files/BillP%20Studios/WinPatrol/helpme.html
Moreover, I tried removing it thru HJT to no avail. Scotty can't kill it too even if I opted for killing it upon reboot.
Help please.
Thanks, peku006!Hi
OTViewIt
OTViewIt
- Please download OTViewIt by OldTimer and save it to your Desktop.
- Close all applications and windows.
- Double-click on the OTViewIt.exeto start OTViewIt.
- Place a checkmark in the blue-colored "Scan All Users" checkbox.
- Click the blue Run Scan button.
- OTViewIt will now start its scan.
- When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.
Hello again! Sorry if I am consuming much of your time.
Here is my OTViewIt.Txt log. (File Age is 30 only)
OTViewIt logfile created on: 10/22/2008 11:11:25 PM - Run 3
OTViewIt by OldTimer - Version 1.0.17.0 Folder = E:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.42 Mb Total Physical Memory | 586.16 Mb Available Physical Memory | 57.78% Memory free
2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.30% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 5.37 Gb Total Space | 3.15 Gb Free Space | 58.63% Space Free | Partition Type: FAT32
Drive D: | 700.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 31.87 Gb Total Space | 13.74 Gb Free Space | 43.13% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SUZANNE
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2008/10/18 22:58:40 | 00,611,664 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2007/11/30 09:19:28 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgamsvr.exe
[2007/07/27 20:27:09 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgupsvc.exe
[2008/01/07 21:06:25 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgemc.exe
[2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
[2005/01/23 09:36:10 | 00,155,648 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\igfxtray.exe
[2005/01/23 09:31:34 | 00,126,976 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\hkcmd.exe
[2004/12/04 05:24:20 | 00,290,816 | ---- | M] (Hewlett-Packard ) -- E:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2004/11/05 09:40:08 | 00,098,394 | ---- | M] (Synaptics, Inc.) -- E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2004/11/05 09:38:54 | 00,688,218 | ---- | M] (Synaptics, Inc.) -- E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2005/01/29 04:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\wdfmgr.exe
[2008/10/17 09:56:33 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgcc.exe
[2008/10/07 23:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc) -- E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2003/05/15 17:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[2008/10/09 23:52:54 | 00,333,120 | ---- | M] (BillP Studios) -- E:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
[2008/10/22 23:03:43 | 00,421,888 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\User\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2008/10/18 22:58:40 | 00,611,664 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/05/01 20:56:13 | 00,072,704 | ---- | M] (Adobe Systems) -- E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/11/30 09:19:28 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
[2007/07/27 20:27:09 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
[2008/01/07 21:06:25 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgemc.exe -- (AVGEMS [Auto | Running])
[2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
[2004/11/18 16:32:56 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- E:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi [On_Demand | Stopped])
[2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2003/07/29 04:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/01/29 04:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
========== Driver Services ==========
[2007/11/30 09:18:19 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- E:\WINDOWS\system32\drivers\avg7core.sys -- (Avg7Core [System | Running])
[2007/07/27 20:27:22 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- E:\WINDOWS\system32\drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
[2007/07/27 20:27:25 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- E:\WINDOWS\system32\drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
[2008/01/07 21:06:33 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- E:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean [System | Running])
[2007/07/27 20:27:26 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) -- E:\WINDOWS\system32\drivers\avgtdi.sys -- (AvgTdi [Auto | Running])
[2005/12/18 08:25:12 | 00,424,320 | ---- | M] (Broadcom Corporation) -- E:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2007/05/18 16:04:16 | 00,015,872 | ---- | M] () -- E:\WINDOWS\system32\drivers\bfturboh.sys -- (bfturboh [On_Demand | Stopped])
[2005/02/17 22:41:18 | 00,038,016 | ---- | M] (Conexant Systems Inc.) -- E:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD [On_Demand | Running])
[2005/02/17 22:42:02 | 00,349,696 | ---- | M] (Conexant Systems Inc.) -- E:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA [On_Demand | Running])
[2004/04/14 23:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) -- E:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr [System | Running])
[2003/06/07 03:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) -- E:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb [On_Demand | Stopped])
[2004/12/15 14:18:34 | 00,207,232 | ---- | M] (Conexant Systems, Inc.) -- E:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
[2004/12/15 14:18:26 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- E:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2005/01/23 10:05:06 | 00,804,317 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/03/17 10:04:14 | 00,013,059 | ---- | M] (Conexant) -- E:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2008/03/27 21:47:58 | 00,010,368 | ---- | M] (Padus, Inc.) -- E:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/04 09:07:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- E:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/02/06 16:31:36 | 00,020,640 | ---- | M] (Sonic Solutions) -- E:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/04 06:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- E:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
[2008/04/14 02:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2006/11/10 18:23:42 | 00,061,600 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\SE2Ebus.sys -- (SE2Ebus [On_Demand | Stopped])
[2006/11/10 18:23:48 | 00,009,360 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\SE2Emdfl.sys -- (SE2Emdfl [On_Demand | Stopped])
[2006/11/10 18:23:50 | 00,097,184 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\SE2Emdm.sys -- (SE2Emdm [On_Demand | Stopped])
[2006/11/10 18:23:54 | 00,088,688 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\SE2Emgmt.sys -- (SE2Emgmt [On_Demand | Stopped])
[2006/11/10 18:23:56 | 00,018,704 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se2End5.sys -- (se2End5 [On_Demand | Stopped])
[2006/11/10 18:23:58 | 00,086,560 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\SE2Eobex.sys -- (SE2Eobex [On_Demand | Stopped])
[2006/11/10 18:24:06 | 00,090,800 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se2Eunic.sys -- (se2Eunic [On_Demand | Stopped])
[2007/11/13 18:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- E:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/11/05 09:26:42 | 00,186,016 | ---- | M] (Synaptics, Inc.) -- E:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2005/06/24 01:16:08 | 00,162,176 | ---- | M] (Texas Instruments) -- E:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
[2008/04/14 02:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/14 02:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Stopped])
[2004/12/15 14:18:28 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- E:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/14 02:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])
[2008/10/16 20:25:46 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.yahoo.com/
"Default_Search_URL"=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.yahoo.com/
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=E:\WINDOWS\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Start Page"=http://alifeinbloom.blogspot.com/
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\PE_E_..\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\PE_E_ADMINISTRATOR\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\PE_E_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\PE_E_ALL USERS\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\PE_E_GUEST\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=E:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_USERS\PE_E_GUEST\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\PE_E_GUEST\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=E:\WINDOWS\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Start Page"=http://alifeinbloom.blogspot.com/
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
========== (O1) Hosts File ==========
HOSTS File = (617912 bytes) - E:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 a9rhiwa.cn #[Google.Warning]
127.0.0.1 www.a9rhiwa.cn
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 t.abnad.net
127.0.0.1 z.abnad.net
127.0.0.1 banners.absolpublisher.com
127.0.0.1 tracking.absolstats.com
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 gtb5.acecounter.com
127.0.0.1 gtcc1.acecounter.com
16263 more lines...
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- E:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
[HKEY_USERS\PE_E_GUEST\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"=E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
"DiskeeperSystray"="E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" (Diskeeper Corporation)
"eabconfg.cpl"=E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
"HotKeysCmds"=E:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=E:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=E:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=E:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
"WatchDog"=E:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
"WinPatrol"=E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios)
"YSearchProtection"="E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegCom32"=E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP\svchost.exe File not found
"SpybotSD TeaTimer"=E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"YSearchProtection"=E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
[HKEY_USERS\PE_E_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
[HKEY_USERS\PE_E_GUEST\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegCom32"=E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP\svchost.exe File not found
"SpybotSD TeaTimer"=E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"YSearchProtection"=E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
========== (O4) RunOnce Keys ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)
========== (O4) Startup Folders ==========
[2003/05/15 17:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[2005/05/07 07:58:24 | 00,335,872 | ---- | M] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
[1999/11/05 07:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- E:\Documents and Settings\User\Start Menu\Programs\Startup\Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
[HKEY_USERS\PE_E_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\PE_E_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0
[HKEY_USERS\PE_E_GUEST\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all video with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all with BitComet: Reg Error: Value does not exist or could not be read. File not found
&Yahoo! Search: File not found
E&xport to Microsoft Excel: E:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 16:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all video with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all with BitComet: Reg Error: Value does not exist or could not be read. File not found
&Yahoo! Search: File not found
E&xport to Microsoft Excel: E:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 16:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 14:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/03/01 10:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 14:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\PE_E_GUEST\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/03/01 10:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 14:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/03/01 10:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 14:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
44 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
//@install.mar@: msni in My Computer
//@mail.mar@: msni in Local intranet
43 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\PE_E_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\PE_E_GUEST\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
//@install.mar@: msni in My Computer
//@mail.mar@: msni in Local intranet
43 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/downl...-4505-8fb8-d0d2d160e512/LegitCheckControl.cab -- Windows Genuine Advantage Validation Tool
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file://E:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.
========== (O17) DNS Name Servers ==========
{018E86D0-A337-4530-A807-00B99E35794A} (Servers: | Description: Broadcom 802.11b/g WLAN)
{A14FC9BB-8D33-4FE0-80FD-9C8397260BB9} (Servers: | Description: 1394 Net Adapter)
{B7AAA585-C055-4ECB-A29C-6BAD361EB6EC} (Servers: | Description: )
{C8163867-8ED5-47F8-9CE5-4907DFA79EBB} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{D41B1318-5AC5-41CF-A99A-D809ECC89090} (Servers: | Description: Sony Ericsson Device 046 USB Ethernet Emulation (NDIS 5))
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- E:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTO_FR.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=FR | xkeyb c:\fdos\bin\key\fr | ]
[2004/03/06 04:19:32 | 00,000,305 | ---- | M] () -- C:\AUTO_FR.BAT -- [ FAT32 ]
AUTO_US.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=EN | xkeyb c:\fdos\bin\key\us.key | ]
[2004/03/06 04:19:02 | 00,000,278 | ---- | M] () -- C:\AUTO_US.BAT -- [ FAT32 ]
AUTO_IT.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=IT | xkeyb c:\fdos\bin\key\it | ]
[2004/03/06 04:34:12 | 00,000,306 | ---- | M] () -- C:\AUTO_IT.BAT -- [ FAT32 ]
AUTO_GR.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=GR | xkeyb c:\fdos\bin\key\gr | ]
[2004/03/06 04:33:40 | 00,000,305 | ---- | M] () -- C:\AUTO_GR.BAT -- [ FAT32 ]
AUTO_SP.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=SP | xkeyb c:\fdos\bin\key\sp | ]
[2004/03/06 04:35:08 | 00,000,305 | ---- | M] () -- C:\AUTO_SP.BAT -- [ FAT32 ]
AUTO_LA.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=LA | xkeyb c:\fdos\bin\key\la | ]
[2004/03/06 04:36:34 | 00,000,305 | ---- | M] () -- C:\AUTO_LA.BAT -- [ FAT32 ]
Auto_bp.bat [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=BP | xkeyb c:\fdos\bin\key\br274.key | ]
[2004/03/06 05:53:32 | 00,000,281 | ---- | M] () -- C:\Auto_bp.bat -- [ FAT32 ]
AUTO_PT.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=PT | xkeyb c:\fdos\bin\key\po.key | ]
[2004/03/06 05:53:54 | 00,000,278 | ---- | M] () -- C:\AUTO_PT.BAT -- [ FAT32 ]
AUTO_IE.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=EN | xkeyb c:\fdos\bin\key\us.key | ]
[2004/03/06 04:19:02 | 00,000,278 | ---- | M] () -- C:\AUTO_IE.BAT -- [ FAT32 ]
AUTOEXEC.BAT []
[2006/01/21 16:07:24 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ]
========== Files/Folders - Created Within 30 Days ==========
[4 E:\WINDOWS\*.tmp files]
[2008/10/22 23:03:35 | 00,421,888 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\User\Desktop\OTViewIt.exe
[2008/10/22 22:40:20 | 00,000,000 | ---D | C] -- E:\_OTMoveIt
[2008/10/22 22:39:56 | 00,334,848 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\User\Desktop\OTMoveIt3.exe
[2008/10/22 22:18:44 | 00,617,912 | ---- | C] () -- E:\WINDOWS\System32\drivers\HOSTS
[2008/10/22 21:57:29 | 00,000,000 | ---D | C] -- E:\Documents and Settings\User\Application Data\WinPatrol
[2008/10/22 21:57:10 | 00,000,000 | ---D | C] -- E:\Program Files\BillP Studios
[2008/10/21 18:20:05 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2008/10/21 18:20:02 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/21 18:20:00 | 00,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2008/10/20 22:20:40 | 00,000,000 | -HSD | C] -- E:\RECYCLER
[2008/10/20 19:54:39 | 00,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2008/10/19 20:50:16 | 00,000,000 | ---D | C] -- E:\Program Files\Trend Micro
[2008/10/18 22:55:43 | 00,000,000 | ---D | C] -- E:\Program Files\Lavasoft
[2008/10/18 22:55:36 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/18 22:51:03 | 00,000,000 | ---D | C] -- E:\Program Files\Common Files\Wise Installation Wizard
[2008/10/18 21:51:19 | 00,000,000 | ---D | C] -- E:\Documents and Settings\User\Application Data\Malwarebytes
[2008/10/18 21:50:09 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/16 23:12:26 | 00,000,208 | ---- | C] () -- E:\WINDOWS\wininit.ini
[2008/10/16 21:44:11 | 00,076,257 | ---- | C] () -- E:\Documents and Settings\User\Desktop\IMG_4297.jpg
[2008/10/16 20:44:49 | 00,000,000 | ---D | C] -- E:\Documents and Settings\User\Application Data\ESET
[2008/10/16 20:12:02 | 00,262,144 | ---- | C] () -- E:\ntuser.dat
[2008/10/15 18:51:18 | 02,145,280 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 18:51:13 | 02,189,184 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 18:51:09 | 02,023,936 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 18:51:02 | 02,066,048 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/15 18:46:36 | 00,333,824 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 18:44:12 | 01,846,400 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/05 00:00:42 | 00,000,000 | ---D | C] -- E:\Program Files\Alwil Software
[2008/10/04 14:20:51 | 00,000,000 | ---D | C] -- E:\Program Files\Common Files\Windows Live
[2008/10/03 23:14:27 | 00,015,872 | ---- | C] () -- E:\WINDOWS\System32\drivers\bfturboh.sys
[2008/10/03 23:14:07 | 00,000,000 | ---D | C] -- E:\Program Files\BUFFALO
[2008/09/30 22:29:52 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Fugazo
[2008/09/30 22:28:36 | 00,000,000 | ---D | C] -- E:\Program Files\Fashion Fits
[2008/09/30 11:51:24 | 00,000,000 | ---D | C] -- E:\Program Files\Believe In Santa
[2008/09/30 11:37:26 | 00,000,000 | ---D | C] -- E:\Program Files\Dr Daisy Pet Vet
[2008/09/30 11:20:53 | 00,000,000 | ---D | C] -- E:\Program Files\Happy Hour
[2008/09/30 09:47:37 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Gogii
[2008/09/30 09:43:20 | 00,000,000 | ---D | C] -- E:\Program Files\Babysitting Mania
[2008/09/30 08:45:07 | 00,000,000 | ---D | C] -- E:\Program Files\Farm Frenzy
[2008/09/30 07:52:39 | 00,000,000 | ---D | C] -- E:\Program Files\Daycare Nightmare
[2008/09/30 07:27:36 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/09/30 07:26:48 | 00,000,000 | ---D | C] -- E:\Program Files\Cake Mania
[2008/09/29 21:21:47 | 00,004,096 | ---- | C] () -- E:\WINDOWS\d3dx.dat
[2008/09/29 21:17:19 | 00,000,000 | ---D | C] -- E:\Program Files\Sallys Salon
========== Files - Modified Within 30 Days ==========
[2 E:\WINDOWS\System32\*.tmp files]
[4 E:\WINDOWS\*.tmp files]
[2008/10/22 23:03:43 | 00,421,888 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\User\Desktop\OTViewIt.exe
[2008/10/22 22:40:09 | 00,334,848 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\User\Desktop\OTMoveIt3.exe
[2008/10/22 22:27:05 | 00,002,262 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2008/10/22 22:24:05 | 00,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2008/10/22 22:23:30 | 00,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2008/10/20 20:29:26 | 00,000,227 | ---- | M] () -- E:\WINDOWS\system.ini
[2008/10/19 16:55:36 | 00,000,208 | ---- | M] () -- E:\WINDOWS\wininit.ini
[2008/10/19 10:36:15 | 01,196,544 | -HS- | M] () -- E:\Documents and Settings\User\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> E:\Documents and Settings\User\Desktop\Thumbs.db:encryptable
[2008/10/16 23:22:08 | 03,711,778 | -H-- | M] () -- E:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2008/10/16 21:44:24 | 00,076,257 | ---- | M] () -- E:\Documents and Settings\User\Desktop\IMG_4297.jpg
[2008/10/16 20:25:46 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/16 20:25:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2008/10/16 20:12:02 | 00,262,144 | ---- | M] () -- E:\ntuser.dat
[2008/10/16 08:19:39 | 00,644,344 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 20:45:03 | 00,054,156 | -H-- | M] () -- E:\WINDOWS\QTFont.qfn
[2008/10/10 19:41:02 | 00,000,040 | ---- | M] () -- E:\WINDOWS\nero.INI
[2008/10/08 03:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\MRT.exe
[2008/10/05 07:09:07 | 00,002,577 | ---- | M] () -- E:\WINDOWS\System32\CONFIG.NT
[2008/10/04 01:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\ieframe.dll
[2008/10/04 01:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/29 21:21:47 | 00,004,096 | ---- | M] () -- E:\WINDOWS\d3dx.dat
[2008/09/28 13:36:08 | 00,000,035 | ---- | M] () -- E:\WINDOWS\Ulead32.INI
[2008/09/28 13:33:38 | 00,000,808 | ---- | M] () -- E:\WINDOWS\win.ini
[2008/09/23 11:43:08 | 00,617,912 | ---- | M] () -- E:\WINDOWS\System32\drivers\HOSTS
[2008/09/23 11:43:08 | 00,617,912 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\HOSTS.MVP
[2008/09/23 11:43:08 | 00,617,912 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\HOSTS
< End of report >
Here is my OTViewIt.Txt log. (File Age is 30 only)
OTViewIt logfile created on: 10/22/2008 11:11:25 PM - Run 3
OTViewIt by OldTimer - Version 1.0.17.0 Folder = E:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.42 Mb Total Physical Memory | 586.16 Mb Available Physical Memory | 57.78% Memory free
2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.30% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 5.37 Gb Total Space | 3.15 Gb Free Space | 58.63% Space Free | Partition Type: FAT32
Drive D: | 700.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 31.87 Gb Total Space | 13.74 Gb Free Space | 43.13% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SUZANNE
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2008/10/18 22:58:40 | 00,611,664 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2007/11/30 09:19:28 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgamsvr.exe
[2007/07/27 20:27:09 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgupsvc.exe
[2008/01/07 21:06:25 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgemc.exe
[2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
[2005/01/23 09:36:10 | 00,155,648 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\igfxtray.exe
[2005/01/23 09:31:34 | 00,126,976 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\hkcmd.exe
[2004/12/04 05:24:20 | 00,290,816 | ---- | M] (Hewlett-Packard ) -- E:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2004/11/05 09:40:08 | 00,098,394 | ---- | M] (Synaptics, Inc.) -- E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2004/11/05 09:38:54 | 00,688,218 | ---- | M] (Synaptics, Inc.) -- E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2005/01/29 04:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\wdfmgr.exe
[2008/10/17 09:56:33 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgcc.exe
[2008/10/07 23:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc) -- E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2003/05/15 17:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[2008/10/09 23:52:54 | 00,333,120 | ---- | M] (BillP Studios) -- E:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
[2008/10/22 23:03:43 | 00,421,888 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\User\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2008/10/18 22:58:40 | 00,611,664 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/05/01 20:56:13 | 00,072,704 | ---- | M] (Adobe Systems) -- E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/11/30 09:19:28 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
[2007/07/27 20:27:09 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
[2008/01/07 21:06:25 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgemc.exe -- (AVGEMS [Auto | Running])
[2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
[2004/11/18 16:32:56 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- E:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi [On_Demand | Stopped])
[2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2003/07/29 04:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/01/29 04:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
========== Driver Services ==========
[2007/11/30 09:18:19 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- E:\WINDOWS\system32\drivers\avg7core.sys -- (Avg7Core [System | Running])
[2007/07/27 20:27:22 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- E:\WINDOWS\system32\drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
[2007/07/27 20:27:25 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- E:\WINDOWS\system32\drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
[2008/01/07 21:06:33 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- E:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean [System | Running])
[2007/07/27 20:27:26 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) -- E:\WINDOWS\system32\drivers\avgtdi.sys -- (AvgTdi [Auto | Running])
[2005/12/18 08:25:12 | 00,424,320 | ---- | M] (Broadcom Corporation) -- E:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2007/05/18 16:04:16 | 00,015,872 | ---- | M] () -- E:\WINDOWS\system32\drivers\bfturboh.sys -- (bfturboh [On_Demand | Stopped])
[2005/02/17 22:41:18 | 00,038,016 | ---- | M] (Conexant Systems Inc.) -- E:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD [On_Demand | Running])
[2005/02/17 22:42:02 | 00,349,696 | ---- | M] (Conexant Systems Inc.) -- E:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA [On_Demand | Running])
[2004/04/14 23:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) -- E:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr [System | Running])
[2003/06/07 03:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) -- E:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb [On_Demand | Stopped])
[2004/12/15 14:18:34 | 00,207,232 | ---- | M] (Conexant Systems, Inc.) -- E:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
[2004/12/15 14:18:26 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- E:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2005/01/23 10:05:06 | 00,804,317 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/03/17 10:04:14 | 00,013,059 | ---- | M] (Conexant) -- E:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2008/03/27 21:47:58 | 00,010,368 | ---- | M] (Padus, Inc.) -- E:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/04 09:07:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- E:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/02/06 16:31:36 | 00,020,640 | ---- | M] (Sonic Solutions) -- E:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/04 06:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- E:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
[2008/04/14 02:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2006/11/10 18:23:42 | 00,061,600 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\SE2Ebus.sys -- (SE2Ebus [On_Demand | Stopped])
[2006/11/10 18:23:48 | 00,009,360 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\SE2Emdfl.sys -- (SE2Emdfl [On_Demand | Stopped])
[2006/11/10 18:23:50 | 00,097,184 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\SE2Emdm.sys -- (SE2Emdm [On_Demand | Stopped])
[2006/11/10 18:23:54 | 00,088,688 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\SE2Emgmt.sys -- (SE2Emgmt [On_Demand | Stopped])
[2006/11/10 18:23:56 | 00,018,704 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se2End5.sys -- (se2End5 [On_Demand | Stopped])
[2006/11/10 18:23:58 | 00,086,560 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\SE2Eobex.sys -- (SE2Eobex [On_Demand | Stopped])
[2006/11/10 18:24:06 | 00,090,800 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se2Eunic.sys -- (se2Eunic [On_Demand | Stopped])
[2007/11/13 18:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- E:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/11/05 09:26:42 | 00,186,016 | ---- | M] (Synaptics, Inc.) -- E:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2005/06/24 01:16:08 | 00,162,176 | ---- | M] (Texas Instruments) -- E:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
[2008/04/14 02:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/14 02:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Stopped])
[2004/12/15 14:18:28 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- E:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/14 02:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])
[2008/10/16 20:25:46 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.yahoo.com/
"Default_Search_URL"=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.yahoo.com/
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=E:\WINDOWS\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Start Page"=http://alifeinbloom.blogspot.com/
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\PE_E_..\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\PE_E_ADMINISTRATOR\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\PE_E_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\PE_E_ALL USERS\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\PE_E_GUEST\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=E:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_USERS\PE_E_GUEST\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\PE_E_GUEST\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=E:\WINDOWS\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Start Page"=http://alifeinbloom.blogspot.com/
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
========== (O1) Hosts File ==========
HOSTS File = (617912 bytes) - E:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 a9rhiwa.cn #[Google.Warning]
127.0.0.1 www.a9rhiwa.cn
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 t.abnad.net
127.0.0.1 z.abnad.net
127.0.0.1 banners.absolpublisher.com
127.0.0.1 tracking.absolstats.com
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 gtb5.acecounter.com
127.0.0.1 gtcc1.acecounter.com
16263 more lines...
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- E:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
[HKEY_USERS\PE_E_GUEST\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"=E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
"DiskeeperSystray"="E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" (Diskeeper Corporation)
"eabconfg.cpl"=E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
"HotKeysCmds"=E:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=E:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=E:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=E:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
"WatchDog"=E:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
"WinPatrol"=E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios)
"YSearchProtection"="E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegCom32"=E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP\svchost.exe File not found
"SpybotSD TeaTimer"=E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"YSearchProtection"=E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
[HKEY_USERS\PE_E_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
[HKEY_USERS\PE_E_GUEST\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegCom32"=E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP\svchost.exe File not found
"SpybotSD TeaTimer"=E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"YSearchProtection"=E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
========== (O4) RunOnce Keys ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)
========== (O4) Startup Folders ==========
[2003/05/15 17:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[2005/05/07 07:58:24 | 00,335,872 | ---- | M] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
[1999/11/05 07:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- E:\Documents and Settings\User\Start Menu\Programs\Startup\Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
[HKEY_USERS\PE_E_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\PE_E_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0
[HKEY_USERS\PE_E_GUEST\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all video with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all with BitComet: Reg Error: Value does not exist or could not be read. File not found
&Yahoo! Search: File not found
E&xport to Microsoft Excel: E:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 16:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all video with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all with BitComet: Reg Error: Value does not exist or could not be read. File not found
&Yahoo! Search: File not found
E&xport to Microsoft Excel: E:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 16:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 14:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/03/01 10:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 14:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\PE_E_GUEST\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/03/01 10:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 14:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/03/01 10:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 14:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
44 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
//@install.mar@: msni in My Computer
//@mail.mar@: msni in Local intranet
43 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\PE_E_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\PE_E_GUEST\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
//@install.mar@: msni in My Computer
//@mail.mar@: msni in Local intranet
43 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/downl...-4505-8fb8-d0d2d160e512/LegitCheckControl.cab -- Windows Genuine Advantage Validation Tool
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file://E:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.
========== (O17) DNS Name Servers ==========
{018E86D0-A337-4530-A807-00B99E35794A} (Servers: | Description: Broadcom 802.11b/g WLAN)
{A14FC9BB-8D33-4FE0-80FD-9C8397260BB9} (Servers: | Description: 1394 Net Adapter)
{B7AAA585-C055-4ECB-A29C-6BAD361EB6EC} (Servers: | Description: )
{C8163867-8ED5-47F8-9CE5-4907DFA79EBB} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{D41B1318-5AC5-41CF-A99A-D809ECC89090} (Servers: | Description: Sony Ericsson Device 046 USB Ethernet Emulation (NDIS 5))
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- E:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTO_FR.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=FR | xkeyb c:\fdos\bin\key\fr | ]
[2004/03/06 04:19:32 | 00,000,305 | ---- | M] () -- C:\AUTO_FR.BAT -- [ FAT32 ]
AUTO_US.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=EN | xkeyb c:\fdos\bin\key\us.key | ]
[2004/03/06 04:19:02 | 00,000,278 | ---- | M] () -- C:\AUTO_US.BAT -- [ FAT32 ]
AUTO_IT.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=IT | xkeyb c:\fdos\bin\key\it | ]
[2004/03/06 04:34:12 | 00,000,306 | ---- | M] () -- C:\AUTO_IT.BAT -- [ FAT32 ]
AUTO_GR.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=GR | xkeyb c:\fdos\bin\key\gr | ]
[2004/03/06 04:33:40 | 00,000,305 | ---- | M] () -- C:\AUTO_GR.BAT -- [ FAT32 ]
AUTO_SP.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=SP | xkeyb c:\fdos\bin\key\sp | ]
[2004/03/06 04:35:08 | 00,000,305 | ---- | M] () -- C:\AUTO_SP.BAT -- [ FAT32 ]
AUTO_LA.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=LA | xkeyb c:\fdos\bin\key\la | ]
[2004/03/06 04:36:34 | 00,000,305 | ---- | M] () -- C:\AUTO_LA.BAT -- [ FAT32 ]
Auto_bp.bat [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=BP | xkeyb c:\fdos\bin\key\br274.key | ]
[2004/03/06 05:53:32 | 00,000,281 | ---- | M] () -- C:\Auto_bp.bat -- [ FAT32 ]
AUTO_PT.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=PT | xkeyb c:\fdos\bin\key\po.key | ]
[2004/03/06 05:53:54 | 00,000,278 | ---- | M] () -- C:\AUTO_PT.BAT -- [ FAT32 ]
AUTO_IE.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=EN | xkeyb c:\fdos\bin\key\us.key | ]
[2004/03/06 04:19:02 | 00,000,278 | ---- | M] () -- C:\AUTO_IE.BAT -- [ FAT32 ]
AUTOEXEC.BAT []
[2006/01/21 16:07:24 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ]
========== Files/Folders - Created Within 30 Days ==========
[4 E:\WINDOWS\*.tmp files]
[2008/10/22 23:03:35 | 00,421,888 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\User\Desktop\OTViewIt.exe
[2008/10/22 22:40:20 | 00,000,000 | ---D | C] -- E:\_OTMoveIt
[2008/10/22 22:39:56 | 00,334,848 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\User\Desktop\OTMoveIt3.exe
[2008/10/22 22:18:44 | 00,617,912 | ---- | C] () -- E:\WINDOWS\System32\drivers\HOSTS
[2008/10/22 21:57:29 | 00,000,000 | ---D | C] -- E:\Documents and Settings\User\Application Data\WinPatrol
[2008/10/22 21:57:10 | 00,000,000 | ---D | C] -- E:\Program Files\BillP Studios
[2008/10/21 18:20:05 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2008/10/21 18:20:02 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/21 18:20:00 | 00,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2008/10/20 22:20:40 | 00,000,000 | -HSD | C] -- E:\RECYCLER
[2008/10/20 19:54:39 | 00,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2008/10/19 20:50:16 | 00,000,000 | ---D | C] -- E:\Program Files\Trend Micro
[2008/10/18 22:55:43 | 00,000,000 | ---D | C] -- E:\Program Files\Lavasoft
[2008/10/18 22:55:36 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/18 22:51:03 | 00,000,000 | ---D | C] -- E:\Program Files\Common Files\Wise Installation Wizard
[2008/10/18 21:51:19 | 00,000,000 | ---D | C] -- E:\Documents and Settings\User\Application Data\Malwarebytes
[2008/10/18 21:50:09 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/16 23:12:26 | 00,000,208 | ---- | C] () -- E:\WINDOWS\wininit.ini
[2008/10/16 21:44:11 | 00,076,257 | ---- | C] () -- E:\Documents and Settings\User\Desktop\IMG_4297.jpg
[2008/10/16 20:44:49 | 00,000,000 | ---D | C] -- E:\Documents and Settings\User\Application Data\ESET
[2008/10/16 20:12:02 | 00,262,144 | ---- | C] () -- E:\ntuser.dat
[2008/10/15 18:51:18 | 02,145,280 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 18:51:13 | 02,189,184 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 18:51:09 | 02,023,936 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 18:51:02 | 02,066,048 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/15 18:46:36 | 00,333,824 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 18:44:12 | 01,846,400 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/05 00:00:42 | 00,000,000 | ---D | C] -- E:\Program Files\Alwil Software
[2008/10/04 14:20:51 | 00,000,000 | ---D | C] -- E:\Program Files\Common Files\Windows Live
[2008/10/03 23:14:27 | 00,015,872 | ---- | C] () -- E:\WINDOWS\System32\drivers\bfturboh.sys
[2008/10/03 23:14:07 | 00,000,000 | ---D | C] -- E:\Program Files\BUFFALO
[2008/09/30 22:29:52 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Fugazo
[2008/09/30 22:28:36 | 00,000,000 | ---D | C] -- E:\Program Files\Fashion Fits
[2008/09/30 11:51:24 | 00,000,000 | ---D | C] -- E:\Program Files\Believe In Santa
[2008/09/30 11:37:26 | 00,000,000 | ---D | C] -- E:\Program Files\Dr Daisy Pet Vet
[2008/09/30 11:20:53 | 00,000,000 | ---D | C] -- E:\Program Files\Happy Hour
[2008/09/30 09:47:37 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Gogii
[2008/09/30 09:43:20 | 00,000,000 | ---D | C] -- E:\Program Files\Babysitting Mania
[2008/09/30 08:45:07 | 00,000,000 | ---D | C] -- E:\Program Files\Farm Frenzy
[2008/09/30 07:52:39 | 00,000,000 | ---D | C] -- E:\Program Files\Daycare Nightmare
[2008/09/30 07:27:36 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/09/30 07:26:48 | 00,000,000 | ---D | C] -- E:\Program Files\Cake Mania
[2008/09/29 21:21:47 | 00,004,096 | ---- | C] () -- E:\WINDOWS\d3dx.dat
[2008/09/29 21:17:19 | 00,000,000 | ---D | C] -- E:\Program Files\Sallys Salon
========== Files - Modified Within 30 Days ==========
[2 E:\WINDOWS\System32\*.tmp files]
[4 E:\WINDOWS\*.tmp files]
[2008/10/22 23:03:43 | 00,421,888 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\User\Desktop\OTViewIt.exe
[2008/10/22 22:40:09 | 00,334,848 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\User\Desktop\OTMoveIt3.exe
[2008/10/22 22:27:05 | 00,002,262 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2008/10/22 22:24:05 | 00,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2008/10/22 22:23:30 | 00,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2008/10/20 20:29:26 | 00,000,227 | ---- | M] () -- E:\WINDOWS\system.ini
[2008/10/19 16:55:36 | 00,000,208 | ---- | M] () -- E:\WINDOWS\wininit.ini
[2008/10/19 10:36:15 | 01,196,544 | -HS- | M] () -- E:\Documents and Settings\User\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> E:\Documents and Settings\User\Desktop\Thumbs.db:encryptable
[2008/10/16 23:22:08 | 03,711,778 | -H-- | M] () -- E:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2008/10/16 21:44:24 | 00,076,257 | ---- | M] () -- E:\Documents and Settings\User\Desktop\IMG_4297.jpg
[2008/10/16 20:25:46 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/16 20:25:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2008/10/16 20:12:02 | 00,262,144 | ---- | M] () -- E:\ntuser.dat
[2008/10/16 08:19:39 | 00,644,344 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 20:45:03 | 00,054,156 | -H-- | M] () -- E:\WINDOWS\QTFont.qfn
[2008/10/10 19:41:02 | 00,000,040 | ---- | M] () -- E:\WINDOWS\nero.INI
[2008/10/08 03:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\MRT.exe
[2008/10/05 07:09:07 | 00,002,577 | ---- | M] () -- E:\WINDOWS\System32\CONFIG.NT
[2008/10/04 01:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\ieframe.dll
[2008/10/04 01:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/29 21:21:47 | 00,004,096 | ---- | M] () -- E:\WINDOWS\d3dx.dat
[2008/09/28 13:36:08 | 00,000,035 | ---- | M] () -- E:\WINDOWS\Ulead32.INI
[2008/09/28 13:33:38 | 00,000,808 | ---- | M] () -- E:\WINDOWS\win.ini
[2008/09/23 11:43:08 | 00,617,912 | ---- | M] () -- E:\WINDOWS\System32\drivers\HOSTS
[2008/09/23 11:43:08 | 00,617,912 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\HOSTS.MVP
[2008/09/23 11:43:08 | 00,617,912 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\HOSTS
< End of report >
And here is my Extras.Txt log:
OTViewIt Extras logfile created on: 10/22/2008 11:11:25 PM - Run 3
OTViewIt by OldTimer - Version 1.0.17.0 Folder = E:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.42 Mb Total Physical Memory | 586.16 Mb Available Physical Memory | 57.78% Memory free
2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.30% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 5.37 Gb Total Space | 3.15 Gb Free Space | 58.63% Space Free | Partition Type: FAT32
Drive D: | 700.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 31.87 Gb Total Space | 13.74 Gb Free Space | 43.13% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SUZANNE
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019
[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
[2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- E:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
[2008/10/17 09:56:35 | 00,514,560 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
[2007/11/30 09:19:28 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
[2008/10/17 09:56:33 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
[2008/01/07 21:06:25 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/09/08 08:05:49 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- E:\Program Files\DNA\btdna.exe:*:Enabled
NA
File not found -- E:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\PE_E_..\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\PE_E_ALL USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 18:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 18:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 18:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/06/03 15:36:20 | 07,252,672 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/04/26 04:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 14:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0176AC71-9EDE-48A0-AC3B-94FEB38B1FFE}"=Noiseware Professional Plug-in
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{1EBFA30C-6206-4FD8-8B82-3A29F0D01B28}"=ACDSee 8 Media Support Package
"{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}"=Diskeeper Professional Premier Edition
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}"=ABBYY FineReader OCR Engine for Microtek
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{374F962E-9322-4118-9A64-4B6997E2A8B5}"=QuickFix
"{44AAA5AD-A24B-11D7-B1FE-002018398620}"=greenstreet National Geographic Photo Browser
"{5D97A4A7-C274-4B63-86D9-07A33435F505}"=InterVideo DVD Check
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{687E87C0-E4C2-414A-B8A2-E2B9B83670AA}"=RealGrain Plug-in
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel(R) Graphics Media Accelerator Driver for Mobile
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD
"{929408E6-D265-4174-805F-81D1D914E2A4}"=QuickTime
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}"=CorelDRAW 10
"{AC76BA86-1033-0000-7760-000000000001}"=Adobe Acrobat 6.0 Professional
"{AE80641A-0C8D-4670-A518-B4EC154B1027}"=ACDSee 8
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}"=ScanWizard 5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CBCDEDF3-A2E5-4402-8E9E-E2C23DBE1DA8}"=Adobe Photoshop Lightroom
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}"=Quick Launch Buttons 5.10 B5
"{D301EE05-D1E1-4A58-B89C-A0EFDAB491E2}"=Portraiture Plug-in
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}"=Adobe Stock Photos 1.0
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}"=TIxx21
"Adobe Atmosphere Player"=Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"AdobeESD"=Adobe Download Manager 2.0 (Remove Only)
"AVG7Uninstall"=AVG 7.5
"Broadcom 802.11b Network Adapter"=Broadcom 802.11 Wireless LAN Adapter
"CCleaner"=CCleaner (remove only)
"CNXT_AUDIO"=Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C"=Soft Data Fax Modem with SmartCP
"Conexant PCI Audio"=Conexant AC-Link Audio
"CorelDRAW 10"=CorelDRAW 10
"EPSON Printer and Utilities"=EPSON Printer Software
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}"=QuickTime
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}"=Texas Instruments PCIxx21/x515 drivers.
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSN Music Assistant"=MSN Music Assistant
"MSNINST"=MSN
"Nero - Burning Rom!UninstallKey"=Ahead Nero Burning ROM
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"RoboEnhancer Trial"=RoboEnhancer Trial
"Shockwave"=Shockwave
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"The Font Thing"=The Font Thing
"TimeToPhoto_is1"=TimeToPhoto 2.3.4345
"UN080325"=BUFFALO TurboUSB for FLASH/HDD
"UnzipThemAll_is1"=UnzipThemAll 1.3
"WebPost"=Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinPatrol"=WinPatrol 2008
"WinRAR archiver"=WinRAR archiver
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Customizations"=Yahoo! extras
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Search Defender"=Yahoo! Search Protection
"Yahoo! Toolbar"=Yahoo! Toolbar
"YInstHelper"=Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA"=DNA
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA"=DNA
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/19/2008 9:26:59 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:26:59,656 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(1396) call failed with WIN32 error 87, returning session id
is 0
Error - 10/19/2008 9:27:18 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:27:18,296 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(1756) call failed with WIN32 error 87, returning session id
is 0
Error - 10/19/2008 9:27:22 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:27:22,734 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(1952) call failed with WIN32 error 87, returning session id
is 0
Error - 10/19/2008 9:27:36 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:27:36,875 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(2208) call failed with WIN32 error 87, returning session id
is 0
Error - 10/19/2008 9:28:36 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:28:36,968 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(3004) call failed with WIN32 error 87, returning session id
is 0
Error - 10/20/2008 1:10:32 AM | Computer Name = SUZANNE | Source = Spybot - Search & Destroy | ID = 0
Description =
Error - 10/22/2008 11:05:28 AM | Computer Name = SUZANNE | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.29.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/22/2008 11:06:27 AM | Computer Name = SUZANNE | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.0.30, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/22/2008 11:08:31 AM | Computer Name = SUZANNE | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.17.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/22/2008 11:11:09 AM | Computer Name = SUZANNE | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.17.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 10/19/2008 6:01:17 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for E:\Program Files\DNA\DNAcpl.cpl.
Reference
error message: The operation completed successfully. .
Error - 10/19/2008 9:28:54 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 10/19/2008 9:28:54 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 10/19/2008 9:28:54 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for E:\Program Files\DNA\DNAcpl.cpl.
Reference
error message: The operation completed successfully. .
Error - 10/19/2008 11:36:58 AM | Computer Name = SUZANNE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.
Error - 10/19/2008 11:39:36 AM | Computer Name = SUZANNE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde
Error - 10/19/2008 11:40:20 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 10/19/2008 11:40:20 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 10/19/2008 11:40:20 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for E:\Program Files\DNA\DNAcpl.cpl.
Reference
error message: The operation completed successfully. .
Error - 10/22/2008 5:49:18 AM | Computer Name = SUZANNE | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C8163867-8ED5-47F8-9CE5-4907DFA79EBB}
because another computer on the network has the same name. The server could not
start.
< End of report >
OTViewIt Extras logfile created on: 10/22/2008 11:11:25 PM - Run 3
OTViewIt by OldTimer - Version 1.0.17.0 Folder = E:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.42 Mb Total Physical Memory | 586.16 Mb Available Physical Memory | 57.78% Memory free
2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.30% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 5.37 Gb Total Space | 3.15 Gb Free Space | 58.63% Space Free | Partition Type: FAT32
Drive D: | 700.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 31.87 Gb Total Space | 13.74 Gb Free Space | 43.13% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SUZANNE
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019[2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- E:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000[2008/10/17 09:56:35 | 00,514,560 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
[2007/11/30 09:19:28 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
[2008/10/17 09:56:33 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
[2008/01/07 21:06:25 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/09/08 08:05:49 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- E:\Program Files\DNA\btdna.exe:*:Enabled
NAFile not found -- E:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\PE_E_..\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\PE_E_ALL USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 18:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 18:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 18:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/06/03 15:36:20 | 07,252,672 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/04/26 04:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 14:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0176AC71-9EDE-48A0-AC3B-94FEB38B1FFE}"=Noiseware Professional Plug-in
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{1EBFA30C-6206-4FD8-8B82-3A29F0D01B28}"=ACDSee 8 Media Support Package
"{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}"=Diskeeper Professional Premier Edition
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}"=ABBYY FineReader OCR Engine for Microtek
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{374F962E-9322-4118-9A64-4B6997E2A8B5}"=QuickFix
"{44AAA5AD-A24B-11D7-B1FE-002018398620}"=greenstreet National Geographic Photo Browser
"{5D97A4A7-C274-4B63-86D9-07A33435F505}"=InterVideo DVD Check
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{687E87C0-E4C2-414A-B8A2-E2B9B83670AA}"=RealGrain Plug-in
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel(R) Graphics Media Accelerator Driver for Mobile
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD
"{929408E6-D265-4174-805F-81D1D914E2A4}"=QuickTime
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}"=CorelDRAW 10
"{AC76BA86-1033-0000-7760-000000000001}"=Adobe Acrobat 6.0 Professional
"{AE80641A-0C8D-4670-A518-B4EC154B1027}"=ACDSee 8
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}"=ScanWizard 5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CBCDEDF3-A2E5-4402-8E9E-E2C23DBE1DA8}"=Adobe Photoshop Lightroom
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}"=Quick Launch Buttons 5.10 B5
"{D301EE05-D1E1-4A58-B89C-A0EFDAB491E2}"=Portraiture Plug-in
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}"=Adobe Stock Photos 1.0
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}"=TIxx21
"Adobe Atmosphere Player"=Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"AdobeESD"=Adobe Download Manager 2.0 (Remove Only)
"AVG7Uninstall"=AVG 7.5
"Broadcom 802.11b Network Adapter"=Broadcom 802.11 Wireless LAN Adapter
"CCleaner"=CCleaner (remove only)
"CNXT_AUDIO"=Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C"=Soft Data Fax Modem with SmartCP
"Conexant PCI Audio"=Conexant AC-Link Audio
"CorelDRAW 10"=CorelDRAW 10
"EPSON Printer and Utilities"=EPSON Printer Software
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}"=QuickTime
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}"=Texas Instruments PCIxx21/x515 drivers.
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSN Music Assistant"=MSN Music Assistant
"MSNINST"=MSN
"Nero - Burning Rom!UninstallKey"=Ahead Nero Burning ROM
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"RoboEnhancer Trial"=RoboEnhancer Trial
"Shockwave"=Shockwave
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"The Font Thing"=The Font Thing
"TimeToPhoto_is1"=TimeToPhoto 2.3.4345
"UN080325"=BUFFALO TurboUSB for FLASH/HDD
"UnzipThemAll_is1"=UnzipThemAll 1.3
"WebPost"=Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinPatrol"=WinPatrol 2008
"WinRAR archiver"=WinRAR archiver
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Customizations"=Yahoo! extras
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Search Defender"=Yahoo! Search Protection
"Yahoo! Toolbar"=Yahoo! Toolbar
"YInstHelper"=Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA"=DNA
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA"=DNA
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/19/2008 9:26:59 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:26:59,656 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(1396) call failed with WIN32 error 87, returning session id
is 0
Error - 10/19/2008 9:27:18 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:27:18,296 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(1756) call failed with WIN32 error 87, returning session id
is 0
Error - 10/19/2008 9:27:22 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:27:22,734 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(1952) call failed with WIN32 error 87, returning session id
is 0
Error - 10/19/2008 9:27:36 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:27:36,875 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(2208) call failed with WIN32 error 87, returning session id
is 0
Error - 10/19/2008 9:28:36 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:28:36,968 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(3004) call failed with WIN32 error 87, returning session id
is 0
Error - 10/20/2008 1:10:32 AM | Computer Name = SUZANNE | Source = Spybot - Search & Destroy | ID = 0
Description =
Error - 10/22/2008 11:05:28 AM | Computer Name = SUZANNE | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.29.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/22/2008 11:06:27 AM | Computer Name = SUZANNE | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.0.30, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/22/2008 11:08:31 AM | Computer Name = SUZANNE | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.17.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/22/2008 11:11:09 AM | Computer Name = SUZANNE | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.17.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 10/19/2008 6:01:17 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for E:\Program Files\DNA\DNAcpl.cpl.
Reference
error message: The operation completed successfully. .
Error - 10/19/2008 9:28:54 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 10/19/2008 9:28:54 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 10/19/2008 9:28:54 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for E:\Program Files\DNA\DNAcpl.cpl.
Reference
error message: The operation completed successfully. .
Error - 10/19/2008 11:36:58 AM | Computer Name = SUZANNE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.
Error - 10/19/2008 11:39:36 AM | Computer Name = SUZANNE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde
Error - 10/19/2008 11:40:20 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 10/19/2008 11:40:20 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 10/19/2008 11:40:20 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for E:\Program Files\DNA\DNAcpl.cpl.
Reference
error message: The operation completed successfully. .
Error - 10/22/2008 5:49:18 AM | Computer Name = SUZANNE | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C8163867-8ED5-47F8-9CE5-4907DFA79EBB}
because another computer on the network has the same name. The server could not
start.
< End of report >
And here is my Extras.Txt log:
OTViewIt Extras logfile created on: 10/22/2008 11:11:25 PM - Run 3
OTViewIt by OldTimer - Version 1.0.17.0 Folder = E:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.42 Mb Total Physical Memory | 586.16 Mb Available Physical Memory | 57.78% Memory free
2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.30% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 5.37 Gb Total Space | 3.15 Gb Free Space | 58.63% Space Free | Partition Type: FAT32
Drive D: | 700.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 31.87 Gb Total Space | 13.74 Gb Free Space | 43.13% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SUZANNE
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
[2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- E:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
[2008/10/17 09:56:35 | 00,514,560 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
[2007/11/30 09:19:28 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
[2008/10/17 09:56:33 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
[2008/01/07 21:06:25 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/09/08 08:05:49 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- E:\Program Files\DNA\btdna.exe:*:EnabledNA
File not found -- E:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\PE_E_..\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\PE_E_ALL USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 18:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 18:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 18:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/06/03 15:36:20 | 07,252,672 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/04/26 04:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 14:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0176AC71-9EDE-48A0-AC3B-94FEB38B1FFE}"=Noiseware Professional Plug-in
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{1EBFA30C-6206-4FD8-8B82-3A29F0D01B28}"=ACDSee 8 Media Support Package
"{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}"=Diskeeper Professional Premier Edition
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}"=ABBYY FineReader OCR Engine for Microtek
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{374F962E-9322-4118-9A64-4B6997E2A8B5}"=QuickFix
"{44AAA5AD-A24B-11D7-B1FE-002018398620}"=greenstreet National Geographic Photo Browser
"{5D97A4A7-C274-4B63-86D9-07A33435F505}"=InterVideo DVD Check
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{687E87C0-E4C2-414A-B8A2-E2B9B83670AA}"=RealGrain Plug-in
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel(R) Graphics Media Accelerator Driver for Mobile
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD
"{929408E6-D265-4174-805F-81D1D914E2A4}"=QuickTime
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}"=CorelDRAW 10
"{AC76BA86-1033-0000-7760-000000000001}"=Adobe Acrobat 6.0 Professional
"{AE80641A-0C8D-4670-A518-B4EC154B1027}"=ACDSee 8
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}"=ScanWizard 5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CBCDEDF3-A2E5-4402-8E9E-E2C23DBE1DA8}"=Adobe Photoshop Lightroom
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}"=Quick Launch Buttons 5.10 B5
"{D301EE05-D1E1-4A58-B89C-A0EFDAB491E2}"=Portraiture Plug-in
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}"=Adobe Stock Photos 1.0
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}"=TIxx21
"Adobe Atmosphere Player"=Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"AdobeESD"=Adobe Download Manager 2.0 (Remove Only)
"AVG7Uninstall"=AVG 7.5
"Broadcom 802.11b Network Adapter"=Broadcom 802.11 Wireless LAN Adapter
"CCleaner"=CCleaner (remove only)
"CNXT_AUDIO"=Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C"=Soft Data Fax Modem with SmartCP
"Conexant PCI Audio"=Conexant AC-Link Audio
"CorelDRAW 10"=CorelDRAW 10
"EPSON Printer and Utilities"=EPSON Printer Software
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}"=QuickTime
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}"=Texas Instruments PCIxx21/x515 drivers.
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSN Music Assistant"=MSN Music Assistant
"MSNINST"=MSN
"Nero - Burning Rom!UninstallKey"=Ahead Nero Burning ROM
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"RoboEnhancer Trial"=RoboEnhancer Trial
"Shockwave"=Shockwave
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"The Font Thing"=The Font Thing
"TimeToPhoto_is1"=TimeToPhoto 2.3.4345
"UN080325"=BUFFALO TurboUSB for FLASH/HDD
"UnzipThemAll_is1"=UnzipThemAll 1.3
"WebPost"=Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinPatrol"=WinPatrol 2008
"WinRAR archiver"=WinRAR archiver
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Customizations"=Yahoo! extras
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Search Defender"=Yahoo! Search Protection
"Yahoo! Toolbar"=Yahoo! Toolbar
"YInstHelper"=Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA"=DNA
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA"=DNA
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/19/2008 9:26:59 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:26:59,656 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(1396) call failed with WIN32 error 87, returning session id
is 0
Error - 10/19/2008 9:27:18 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:27:18,296 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(1756) call failed with WIN32 error 87, returning session id
is 0
Error - 10/19/2008 9:27:22 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:27:22,734 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(1952) call failed with WIN32 error 87, returning session id
is 0
Error - 10/19/2008 9:27:36 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:27:36,875 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(2208) call failed with WIN32 error 87, returning session id
is 0
Error - 10/19/2008 9:28:36 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:28:36,968 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(3004) call failed with WIN32 error 87, returning session id
is 0
Error - 10/20/2008 1:10:32 AM | Computer Name = SUZANNE | Source = Spybot - Search & Destroy | ID = 0
Description =
Error - 10/22/2008 11:05:28 AM | Computer Name = SUZANNE | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.29.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/22/2008 11:06:27 AM | Computer Name = SUZANNE | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.0.30, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/22/2008 11:08:31 AM | Computer Name = SUZANNE | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.17.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/22/2008 11:11:09 AM | Computer Name = SUZANNE | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.17.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 10/19/2008 6:01:17 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for E:\Program Files\DNA\DNAcpl.cpl.
Reference
error message: The operation completed successfully. .
Error - 10/19/2008 9:28:54 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 10/19/2008 9:28:54 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 10/19/2008 9:28:54 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for E:\Program Files\DNA\DNAcpl.cpl.
Reference
error message: The operation completed successfully. .
Error - 10/19/2008 11:36:58 AM | Computer Name = SUZANNE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.
Error - 10/19/2008 11:39:36 AM | Computer Name = SUZANNE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde
Error - 10/19/2008 11:40:20 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 10/19/2008 11:40:20 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 10/19/2008 11:40:20 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for E:\Program Files\DNA\DNAcpl.cpl.
Reference
error message: The operation completed successfully. .
Error - 10/22/2008 5:49:18 AM | Computer Name = SUZANNE | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C8163867-8ED5-47F8-9CE5-4907DFA79EBB}
because another computer on the network has the same name. The server could not
start.
< End of report >
OTViewIt Extras logfile created on: 10/22/2008 11:11:25 PM - Run 3
OTViewIt by OldTimer - Version 1.0.17.0 Folder = E:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.42 Mb Total Physical Memory | 586.16 Mb Available Physical Memory | 57.78% Memory free
2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.30% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 5.37 Gb Total Space | 3.15 Gb Free Space | 58.63% Space Free | Partition Type: FAT32
Drive D: | 700.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 31.87 Gb Total Space | 13.74 Gb Free Space | 43.13% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SUZANNE
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019[2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- E:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000[2008/10/17 09:56:35 | 00,514,560 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
[2007/11/30 09:19:28 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
[2008/10/17 09:56:33 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
[2008/01/07 21:06:25 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/09/08 08:05:49 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- E:\Program Files\DNA\btdna.exe:*:Enabled
NAFile not found -- E:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\PE_E_..\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\PE_E_ALL USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 18:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 18:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 18:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/06/03 15:36:20 | 07,252,672 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/04/26 04:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 14:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) E:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0176AC71-9EDE-48A0-AC3B-94FEB38B1FFE}"=Noiseware Professional Plug-in
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{1EBFA30C-6206-4FD8-8B82-3A29F0D01B28}"=ACDSee 8 Media Support Package
"{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}"=Diskeeper Professional Premier Edition
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}"=ABBYY FineReader OCR Engine for Microtek
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{374F962E-9322-4118-9A64-4B6997E2A8B5}"=QuickFix
"{44AAA5AD-A24B-11D7-B1FE-002018398620}"=greenstreet National Geographic Photo Browser
"{5D97A4A7-C274-4B63-86D9-07A33435F505}"=InterVideo DVD Check
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{687E87C0-E4C2-414A-B8A2-E2B9B83670AA}"=RealGrain Plug-in
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel(R) Graphics Media Accelerator Driver for Mobile
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD
"{929408E6-D265-4174-805F-81D1D914E2A4}"=QuickTime
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}"=CorelDRAW 10
"{AC76BA86-1033-0000-7760-000000000001}"=Adobe Acrobat 6.0 Professional
"{AE80641A-0C8D-4670-A518-B4EC154B1027}"=ACDSee 8
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}"=ScanWizard 5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CBCDEDF3-A2E5-4402-8E9E-E2C23DBE1DA8}"=Adobe Photoshop Lightroom
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}"=Quick Launch Buttons 5.10 B5
"{D301EE05-D1E1-4A58-B89C-A0EFDAB491E2}"=Portraiture Plug-in
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}"=Adobe Stock Photos 1.0
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}"=TIxx21
"Adobe Atmosphere Player"=Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"AdobeESD"=Adobe Download Manager 2.0 (Remove Only)
"AVG7Uninstall"=AVG 7.5
"Broadcom 802.11b Network Adapter"=Broadcom 802.11 Wireless LAN Adapter
"CCleaner"=CCleaner (remove only)
"CNXT_AUDIO"=Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C"=Soft Data Fax Modem with SmartCP
"Conexant PCI Audio"=Conexant AC-Link Audio
"CorelDRAW 10"=CorelDRAW 10
"EPSON Printer and Utilities"=EPSON Printer Software
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}"=QuickTime
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}"=Texas Instruments PCIxx21/x515 drivers.
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSN Music Assistant"=MSN Music Assistant
"MSNINST"=MSN
"Nero - Burning Rom!UninstallKey"=Ahead Nero Burning ROM
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"RoboEnhancer Trial"=RoboEnhancer Trial
"Shockwave"=Shockwave
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"The Font Thing"=The Font Thing
"TimeToPhoto_is1"=TimeToPhoto 2.3.4345
"UN080325"=BUFFALO TurboUSB for FLASH/HDD
"UnzipThemAll_is1"=UnzipThemAll 1.3
"WebPost"=Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinPatrol"=WinPatrol 2008
"WinRAR archiver"=WinRAR archiver
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Customizations"=Yahoo! extras
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Search Defender"=Yahoo! Search Protection
"Yahoo! Toolbar"=Yahoo! Toolbar
"YInstHelper"=Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA"=DNA
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA"=DNA
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/19/2008 9:26:59 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:26:59,656 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(1396) call failed with WIN32 error 87, returning session id
is 0
Error - 10/19/2008 9:27:18 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:27:18,296 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(1756) call failed with WIN32 error 87, returning session id
is 0
Error - 10/19/2008 9:27:22 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:27:22,734 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(1952) call failed with WIN32 error 87, returning session id
is 0
Error - 10/19/2008 9:27:36 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:27:36,875 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(2208) call failed with WIN32 error 87, returning session id
is 0
Error - 10/19/2008 9:28:36 AM | Computer Name = SUZANNE | Source = AVG7 | ID = 100
Description = 2008-10-19 13:28:36,968 SUZANNE [001344:001408] ERROR 000 AVG7.WTS.CAvgAmWts
ProcessIdToSessionId(3004) call failed with WIN32 error 87, returning session id
is 0
Error - 10/20/2008 1:10:32 AM | Computer Name = SUZANNE | Source = Spybot - Search & Destroy | ID = 0
Description =
Error - 10/22/2008 11:05:28 AM | Computer Name = SUZANNE | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.29.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/22/2008 11:06:27 AM | Computer Name = SUZANNE | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.0.30, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/22/2008 11:08:31 AM | Computer Name = SUZANNE | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.17.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/22/2008 11:11:09 AM | Computer Name = SUZANNE | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.17.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 10/19/2008 6:01:17 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for E:\Program Files\DNA\DNAcpl.cpl.
Reference
error message: The operation completed successfully. .
Error - 10/19/2008 9:28:54 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 10/19/2008 9:28:54 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 10/19/2008 9:28:54 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for E:\Program Files\DNA\DNAcpl.cpl.
Reference
error message: The operation completed successfully. .
Error - 10/19/2008 11:36:58 AM | Computer Name = SUZANNE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.
Error - 10/19/2008 11:39:36 AM | Computer Name = SUZANNE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde
Error - 10/19/2008 11:40:20 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 10/19/2008 11:40:20 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 10/19/2008 11:40:20 AM | Computer Name = SUZANNE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for E:\Program Files\DNA\DNAcpl.cpl.
Reference
error message: The operation completed successfully. .
Error - 10/22/2008 5:49:18 AM | Computer Name = SUZANNE | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C8163867-8ED5-47F8-9CE5-4907DFA79EBB}
because another computer on the network has the same name. The server could not
start.
< End of report >
Hi
1 - teatimer
Please disable Teatimer as it may interfere with the fix.
First:
2 - Remove bad HijackThis entries
3 - Download and run OTMoveIt3
4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
Please reply with
1. the OTMoveIt3 log
2 a fresh HijackThis log
Thanks peku006
1 - teatimer
Please disable Teatimer as it may interfere with the fix.
First:
- Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
- Choose Exit Spybot S&D Resident
- Open Spybot S&D
- Click Mode, check Advanced Mode
- Go To Left Panel, Click Tools, then also in left panel, click Resident
- If your firewall raises a question, say OK
- Uncheck the box labeled Resident Tea-Timer and OK any prompts.
- Use File, Exit to terminate Spybot
- Reboot your machine for the changes to take effect.
2 - Remove bad HijackThis entries
- Run HijackThis
- Click on the Scan button
- Put a check beside all of the items listed below (if present):
O4 - HKCU\..\Run: [RegCom32] E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP\svchost.exe
- Close all open windows and browsers/email, etc...
- Click on the "Fix Checked" button
- When completed, close the application.
3 - Download and run OTMoveIt3
- Download OTMoveIt3 by OldTimer from here and save it to your desktop
- Launch OTMoveIt3.exe and copy the text from the codebox below into the lefthand box below "Paste Instructions for Items to be Moved"
Code::files E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP - Double-check that the input matches the code box above and then click the MoveIt! button to start the script. If you're prompted about rebooting allow the request.
- Once OTMoveIt finishes, a log will be located at C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss. (mmddyyyy_hhmmss is a timestamp from when the log was created)
- Include this log in your next reply
4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
Please reply with
1. the OTMoveIt3 log
2 a fresh HijackThis log
Thanks peku006
Hello again!
Here is my OTMoveIt log:
========== FILES ==========
File/Folder E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP not found.
OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10222008_234747
and my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:08 PM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
E:\WINDOWS\system32\igfxtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alifeinbloom.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [WatchDog] E:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YSearchProtection] "E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WinPatrol] E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - E:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
--
End of file - 8461 bytes
Here is my OTMoveIt log:
========== FILES ==========
File/Folder E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP not found.
OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10222008_234747
and my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:08 PM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
E:\WINDOWS\system32\igfxtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alifeinbloom.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [WatchDog] E:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YSearchProtection] "E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WinPatrol] E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - E:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
--
End of file - 8461 bytes
And it reappeared after a minute or so, as warned by Scotty. Is it because I turned my Teatimer again? Here is the another fresh HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:19 PM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
E:\WINDOWS\system32\igfxtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alifeinbloom.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [WatchDog] E:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YSearchProtection] "E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WinPatrol] E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegCom32] E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - E:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
--
End of file - 8664 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:19 PM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
E:\WINDOWS\system32\igfxtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alifeinbloom.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [WatchDog] E:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YSearchProtection] "E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WinPatrol] E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegCom32] E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - E:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
--
End of file - 8664 bytes
When then, should the teatimer be turned on again? Once you declare that my laptop is clean?
I just want to clarify since I am confused. And it seems that nasty file appears in logs along with teatimer. Just an observation, though.
Please let me know as I might be doing the wrong thing.
Thanks again!
I just want to clarify since I am confused. And it seems that nasty file appears in logs along with teatimer. Just an observation, though.
Please let me know as I might be doing the wrong thing.
Thanks again!
Hi
GMER
- Launch OTMoveIt3.exe and copy the text from the codebox below into the lefthand box below "Paste Instructions for Items to be Moved"
Code::Reg [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RegCom32"=- - Double-check that the input matches the code box above and then click the MoveIt! button to start the script. If you're prompted about rebooting allow the request.
- Once OTMoveIt finishes, a log will be located at C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss. (mmddyyyy_hhmmss is a timestamp from when the log was created)
- Include this log in your next reply
GMER
- Download GMER by GMER from here
- Unzip it to a folder on your desktop
- Double click on gmer.exe to launch GMER
- If asked, allow the gmer.sys driver load
- If it warns you about rootkit activity and asks if you want to run scan, click OK
- If you don't get a warning then
- Click the rootkit tab
- Click Scan
- Once the scan has finished, click copy
- Paste the log into notepad using Ctrl+V
- Save it to your desktop as gmerrk.txt
- Click on the >>> tab
- This will open up the rest of the tabs for you
- Click on the Autostart tab
- Click on Scan
- Once the scan has finished, click copy
- Paste the log into notepad using Ctrl+V
- Save it to your desktop as gmerautos.txt
- Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic
Last edited:
Hello again! I'm sorry, I had a bad headache last night, thus, I was not able to go online.
Anyways, here is my gmerautos log:
GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2008-10-24 08:48:33
Windows 5.1.2600 Service Pack 3
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitE:\WINDOWS\system32\userinit.exe, = E:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
igfxcui@DLLName = igfxsrvc.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
WgaLogon@DLLName = WgaLogon.dll
wlballoon@DLLName = wlnotify.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aawservice@ = "E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
AudioSrv@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Avg7Alrt@ = E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Avg7UpdSvc@ = E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
AVGEMS@ = E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
Browser@ = %SystemRoot%\system32\svchost.exe -k netsvcs
CryptSvc@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Diskeeper@ = "E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"
dmserver@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ERSvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog@ = %SystemRoot%\system32\services.exe
helpsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts@ = %SystemRoot%\system32\svchost.exe -k LocalService
PlugPlay@ = %SystemRoot%\system32\services.exe
PolicyAgent@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage@ = %SystemRoot%\system32\lsass.exe
RpcSs@ = %SystemRoot%\system32\svchost -k rpcss
SamSs@ = %SystemRoot%\system32\lsass.exe
Schedule@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler@ = %SystemRoot%\system32\spoolsv.exe
srservice@ = %SystemRoot%\system32\svchost.exe -k netsvcs
stisvc@ = %SystemRoot%\system32\svchost.exe -k imgsvc
Themes@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks@ = %SystemRoot%\system32\svchost.exe -k netsvcs
UMWdf@ = E:\WINDOWS\system32\wdfmgr.exe
W32Time@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient@ = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC@ = %SystemRoot%\System32\svchost.exe -k netsvcs
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@IgfxTrayE:\WINDOWS\system32\igfxtray.exe = E:\WINDOWS\system32\igfxtray.exe
@HotKeysCmdsE:\WINDOWS\system32\hkcmd.exe = E:\WINDOWS\system32\hkcmd.exe
@eabconfg.cplE:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start /*file not found*/ = E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start /*file not found*/
@WatchDogE:\Program Files\InterVideo\DVD Check\DVDCheck.exe = E:\Program Files\InterVideo\DVD Check\DVDCheck.exe
@QuickTime Task"E:\Program Files\QuickTime\qttask.exe" -atboottime = "E:\Program Files\QuickTime\qttask.exe" -atboottime
@SunJavaUpdateSched"E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" = "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
@SynTPLprE:\Program Files\Synaptics\SynTP\SynTPLpr.exe = E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhE:\Program Files\Synaptics\SynTP\SynTPEnh.exe = E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
@AVG7_CCE:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP = E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
@YSearchProtection"E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" = "E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
@DiskeeperSystray"E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" = "E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
@WinPatrolE:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot /*file not found*/ = E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot /*file not found*/
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeE:\WINDOWS\system32\ctfmon.exe = E:\WINDOWS\system32\ctfmon.exe
@YSearchProtectionE:\Program Files\Yahoo!\Search Protection\SearchProtection.exe = E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
@SpybotSD TeaTimerE:\Program Files\Spybot - Search & Destroy\TeaTimer.exe = E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
@RegCom32E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP\svchost.exe /*file not found*/ = E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP\svchost.exe /*file not found*/
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheckE:\WINDOWS\system32\webcheck.dll = E:\WINDOWS\system32\webcheck.dll
@SysTray%systemroot%\system32\stobject.dll = %systemroot%\system32\stobject.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L
HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = E:\WINDOWS\system32\mshta.exe "%1" %*
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Multimedia File Property Sheet*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*NTFS Security Page*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*OLE Docfile Property Page*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Display Adapter CPL Extension*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Display Monitor CPL Extension*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/(null) =
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*DS Security Page*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Page*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Shell Scrap DataHandler*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Disk Copy Extension*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Shell extensions for Microsoft Windows Network objects*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Shell extensions for file compression*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Web Printer Shell Extension*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Encryption Context Menu*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Briefcase*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*HyperTerminal Icon Ext*/E:\WINDOWS\system32\hticons.dll = E:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Fonts*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Printers Security Page*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Crypto PKO Extension*/E:\WINDOWS\system32\cryptext.dll = E:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Crypto Sign Extension*/E:\WINDOWS\system32\cryptext.dll = E:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Network Connections*/E:\WINDOWS\system32\NETSHELL.dll = E:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Network Connections*/E:\WINDOWS\system32\NETSHELL.dll = E:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/E:\WINDOWS\system32\remotepg.dll = E:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Shell extensions for Windows Script Host*/E:\WINDOWS\system32\wshext.dll = E:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/E:\Program Files\Common Files\System\Ole DB\oledb32.dll = E:\Program Files\Common Files\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/E:\WINDOWS\system32\mstask.dll = E:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/E:\WINDOWS\system32\mstask.dll = E:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Scheduled Tasks*/E:\WINDOWS\system32\mstask.dll = E:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/E:\WINDOWS\system32\wuaucpl.cpl = E:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Taskbar and Start Menu*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Search*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Run...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*E-mail*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Fonts*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Administrative Tools*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/E:\WINDOWS\system32\twext.dll = E:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/E:\WINDOWS\system32\twext.dll = E:\WINDOWS\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Microsoft Internet Toolbar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Download Status*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Augmented Shell Folder*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Augmented Shell Folder 2*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*In-pane search*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Web Search*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Registry Tree Options Utility*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Address*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Microsoft AutoComplete*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*MRU AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Custom MRU AutoCompleted List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessible*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Track Popup Bar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Microsoft History AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Microsoft Shell Folder AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Microsoft Multiple AutoComplete List Container*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*User Assist*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Global Folder Settings*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*IE4 Suite Splash Screen*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/E:\WINDOWS\system32\sendmail.dll = E:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/E:\WINDOWS\system32\sendmail.dll = E:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/E:\WINDOWS\system32\occache.dll = E:\WINDOWS\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/E:\WINDOWS\system32\webcheck.dll = E:\WINDOWS\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/E:\WINDOWS\system32\webcheck.dll = E:\WINDOWS\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/E:\WINDOWS\system32\webcheck.dll = E:\WINDOWS\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/E:\WINDOWS\system32\webcheck.dll = E:\WINDOWS\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/E:\WINDOWS\system32\webcheck.dll = E:\WINDOWS\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/E:\WINDOWS\system32\webcheck.dll = E:\WINDOWS\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Shell Application Manager*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Installed Apps Enumerator*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI+ file thumbnail extractor*/E:\WINDOWS\system32\shimgvw.dll = E:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/E:\WINDOWS\system32\shimgvw.dll = E:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*HTML Thumbnail Extractor*/E:\WINDOWS\system32\shimgvw.dll = E:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Get a Passport Wizard*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*User Accounts*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Compressed (zipped) Folder*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/E:\WINDOWS\system32\extmgr.dll = E:\WINDOWS\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/E:\WINDOWS\system32\msieftp.dll = E:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/E:\WINDOWS\system32\docprop2.dll = E:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/E:\WINDOWS\system32\docprop2.dll = E:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/E:\WINDOWS\system32\docprop2.dll = E:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/E:\WINDOWS\system32\docprop2.dll = E:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/E:\WINDOWS\system32\docprop2.dll = E:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/E:\WINDOWS\system32\docprop2.dll = E:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Offline Files Folder*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/E:\WINDOWS\msagent\agentpsh.dll = E:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/E:\WINDOWS\system32\dfsshlex.dll = E:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*For &People...*/E:\Program Files\Outlook Express\wabfind.dll = E:\Program Files\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/E:\WINDOWS\system32\wmpshell.dll = E:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/E:\WINDOWS\system32\wmpshell.dll = E:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/E:\WINDOWS\system32\wmpshell.dll = E:\WINDOWS\system32\wmpshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/E:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = E:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/E:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = E:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/E:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = E:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/E:\Program Files\Microsoft Office\OFFICE11\msohev.dll = E:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} /*CorelDRAW Shell Extension Component*/(null) =
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/E:\PROGRA~1\Yahoo!\Common\ymmapi.dll = E:\PROGRA~1\Yahoo!\Common\ymmapi.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{cc86590a-b60a-48e6-996b-41d25ed39a1e} /*Portable Media Devices Menu*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/E:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll = E:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/E:\Program Files\Synaptics\SynTP\SynTPCpl.dll = E:\Program Files\Synaptics\SynTP\SynTPCpl.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/E:\WINDOWS\system32\mscoree.dll = E:\WINDOWS\system32\mscoree.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/E:\Program Files\Grisoft\AVG7\avgse.dll = E:\Program Files\Grisoft\AVG7\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/E:\Program Files\Grisoft\AVG7\avgse.dll = E:\Program Files\Grisoft\AVG7\avgse.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/E:\Program Files\WinRAR\rarext.dll = E:\Program Files\WinRAR\rarext.dll
@{738D66C6-0149-4D40-84E4-A7BB2D0CE949} /*File Manager*/(null) =
@{97C1D2CE-3AB4-4459-9142-D50D9338CB9A} /*ScriptDropShellExt*/E:\Program Files\ACD Systems\RoboEnhancer\ScriptDropShellExt.dll = E:\Program Files\ACD Systems\RoboEnhancer\ScriptDropShellExt.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = E:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = E:\Program Files\Grisoft\AVG7\avgse.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Program Files\WinRAR\rarext.dll
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = E:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = E:\Program Files\Grisoft\AVG7\avgse.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = E:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Program Files\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{02478D38-C3F9-4efb-9B51-7695ECA05670}E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll = E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll = E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}E:\PROGRA~1\SPYBOT~1\SDHelper.dll = E:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}E:\Program Files\Yahoo!\Common\yiesrvc.dll = E:\Program Files\Yahoo!\Common\yiesrvc.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll = E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
@{AE7CD045-E861-484f-8273-0445EE161910}E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll = E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = E:\WINDOWS\system32\logon.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.yahoo.com/ = http://www.yahoo.com/
@Start Pagehttp://www.yahoo.com/ = http://www.yahoo.com/
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://alifeinbloom.blogspot.com/ = http://alifeinbloom.blogspot.com/
@Local PageE:\WINDOWS\system32\blank.htm = E:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = E:\WINDOWS\system32\mscoree.dll
application/x-complus@CLSID = E:\WINDOWS\system32\mscoree.dll
application/x-msdownload@CLSID = E:\WINDOWS\system32\mscoree.dll
Class Install Handler@CLSID = E:\WINDOWS\system32\urlmon.dll
deflate@CLSID = E:\WINDOWS\system32\urlmon.dll
gzip@CLSID = E:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = E:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = E:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = E:\WINDOWS\system32\mshtml.dll
cdl@CLSID = E:\WINDOWS\system32\urlmon.dll
dvd@CLSID = E:\WINDOWS\system32\msvidctl.dll
file@CLSID = E:\WINDOWS\system32\urlmon.dll
ftp@CLSID = E:\WINDOWS\system32\urlmon.dll
gopher@CLSID = E:\WINDOWS\system32\urlmon.dll
http@CLSID = E:\WINDOWS\system32\urlmon.dll
https@CLSID = E:\WINDOWS\system32\urlmon.dll
its@CLSID = E:\WINDOWS\system32\itss.dll
javascript@CLSID = E:\WINDOWS\system32\mshtml.dll
local@CLSID = E:\WINDOWS\system32\urlmon.dll
mailto@CLSID = E:\WINDOWS\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = E:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = E:\WINDOWS\system32\itss.dll
mso-offdap@CLSID = E:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = E:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res@CLSID = E:\WINDOWS\system32\mshtml.dll
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
tv@CLSID = E:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = E:\WINDOWS\system32\mshtml.dll
wia@CLSID = E:\WINDOWS\system32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000022@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
E:\Documents and Settings\User\Start Menu\Programs\Startup = Adobe Gamma.lnk
E:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
Acrobat Assistant.lnk = Acrobat Assistant.lnk
Microtek Scanner Finder.lnk = Microtek Scanner Finder.lnk
---- EOF - GMER 1.0.14 ----
Anyways, here is my gmerautos log:
GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2008-10-24 08:48:33
Windows 5.1.2600 Service Pack 3
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitE:\WINDOWS\system32\userinit.exe, = E:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
igfxcui@DLLName = igfxsrvc.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
WgaLogon@DLLName = WgaLogon.dll
wlballoon@DLLName = wlnotify.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aawservice@ = "E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
AudioSrv@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Avg7Alrt@ = E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Avg7UpdSvc@ = E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
AVGEMS@ = E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
Browser@ = %SystemRoot%\system32\svchost.exe -k netsvcs
CryptSvc@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Diskeeper@ = "E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"
dmserver@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ERSvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog@ = %SystemRoot%\system32\services.exe
helpsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts@ = %SystemRoot%\system32\svchost.exe -k LocalService
PlugPlay@ = %SystemRoot%\system32\services.exe
PolicyAgent@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage@ = %SystemRoot%\system32\lsass.exe
RpcSs@ = %SystemRoot%\system32\svchost -k rpcss
SamSs@ = %SystemRoot%\system32\lsass.exe
Schedule@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler@ = %SystemRoot%\system32\spoolsv.exe
srservice@ = %SystemRoot%\system32\svchost.exe -k netsvcs
stisvc@ = %SystemRoot%\system32\svchost.exe -k imgsvc
Themes@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks@ = %SystemRoot%\system32\svchost.exe -k netsvcs
UMWdf@ = E:\WINDOWS\system32\wdfmgr.exe
W32Time@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient@ = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC@ = %SystemRoot%\System32\svchost.exe -k netsvcs
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@IgfxTrayE:\WINDOWS\system32\igfxtray.exe = E:\WINDOWS\system32\igfxtray.exe
@HotKeysCmdsE:\WINDOWS\system32\hkcmd.exe = E:\WINDOWS\system32\hkcmd.exe
@eabconfg.cplE:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start /*file not found*/ = E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start /*file not found*/
@WatchDogE:\Program Files\InterVideo\DVD Check\DVDCheck.exe = E:\Program Files\InterVideo\DVD Check\DVDCheck.exe
@QuickTime Task"E:\Program Files\QuickTime\qttask.exe" -atboottime = "E:\Program Files\QuickTime\qttask.exe" -atboottime
@SunJavaUpdateSched"E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" = "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
@SynTPLprE:\Program Files\Synaptics\SynTP\SynTPLpr.exe = E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhE:\Program Files\Synaptics\SynTP\SynTPEnh.exe = E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
@AVG7_CCE:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP = E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
@YSearchProtection"E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" = "E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
@DiskeeperSystray"E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" = "E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
@WinPatrolE:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot /*file not found*/ = E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot /*file not found*/
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeE:\WINDOWS\system32\ctfmon.exe = E:\WINDOWS\system32\ctfmon.exe
@YSearchProtectionE:\Program Files\Yahoo!\Search Protection\SearchProtection.exe = E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
@SpybotSD TeaTimerE:\Program Files\Spybot - Search & Destroy\TeaTimer.exe = E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
@RegCom32E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP\svchost.exe /*file not found*/ = E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP\svchost.exe /*file not found*/
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheckE:\WINDOWS\system32\webcheck.dll = E:\WINDOWS\system32\webcheck.dll
@SysTray%systemroot%\system32\stobject.dll = %systemroot%\system32\stobject.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L
HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = E:\WINDOWS\system32\mshta.exe "%1" %*
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Multimedia File Property Sheet*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*NTFS Security Page*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*OLE Docfile Property Page*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Display Adapter CPL Extension*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Display Monitor CPL Extension*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/(null) =
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*DS Security Page*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Page*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Shell Scrap DataHandler*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Disk Copy Extension*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Shell extensions for Microsoft Windows Network objects*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Shell extensions for file compression*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Web Printer Shell Extension*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Encryption Context Menu*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Briefcase*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*HyperTerminal Icon Ext*/E:\WINDOWS\system32\hticons.dll = E:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Fonts*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Printers Security Page*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Crypto PKO Extension*/E:\WINDOWS\system32\cryptext.dll = E:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Crypto Sign Extension*/E:\WINDOWS\system32\cryptext.dll = E:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Network Connections*/E:\WINDOWS\system32\NETSHELL.dll = E:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Network Connections*/E:\WINDOWS\system32\NETSHELL.dll = E:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/E:\WINDOWS\system32\remotepg.dll = E:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Shell extensions for Windows Script Host*/E:\WINDOWS\system32\wshext.dll = E:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/E:\Program Files\Common Files\System\Ole DB\oledb32.dll = E:\Program Files\Common Files\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/E:\WINDOWS\system32\mstask.dll = E:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/E:\WINDOWS\system32\mstask.dll = E:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Scheduled Tasks*/E:\WINDOWS\system32\mstask.dll = E:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/E:\WINDOWS\system32\wuaucpl.cpl = E:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Taskbar and Start Menu*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Search*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Run...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*E-mail*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Fonts*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Administrative Tools*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/E:\WINDOWS\system32\twext.dll = E:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/E:\WINDOWS\system32\twext.dll = E:\WINDOWS\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Microsoft Internet Toolbar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Download Status*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Augmented Shell Folder*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Augmented Shell Folder 2*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*In-pane search*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Web Search*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Registry Tree Options Utility*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Address*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Microsoft AutoComplete*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*MRU AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Custom MRU AutoCompleted List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessible*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Track Popup Bar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Microsoft History AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Microsoft Shell Folder AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Microsoft Multiple AutoComplete List Container*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*User Assist*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Global Folder Settings*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*IE4 Suite Splash Screen*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/E:\WINDOWS\system32\sendmail.dll = E:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/E:\WINDOWS\system32\sendmail.dll = E:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/E:\WINDOWS\system32\occache.dll = E:\WINDOWS\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/E:\WINDOWS\system32\webcheck.dll = E:\WINDOWS\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/E:\WINDOWS\system32\webcheck.dll = E:\WINDOWS\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/E:\WINDOWS\system32\webcheck.dll = E:\WINDOWS\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/E:\WINDOWS\system32\webcheck.dll = E:\WINDOWS\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/E:\WINDOWS\system32\webcheck.dll = E:\WINDOWS\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/E:\WINDOWS\system32\webcheck.dll = E:\WINDOWS\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Shell Application Manager*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Installed Apps Enumerator*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI+ file thumbnail extractor*/E:\WINDOWS\system32\shimgvw.dll = E:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/E:\WINDOWS\system32\shimgvw.dll = E:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*HTML Thumbnail Extractor*/E:\WINDOWS\system32\shimgvw.dll = E:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Get a Passport Wizard*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*User Accounts*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Compressed (zipped) Folder*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/E:\WINDOWS\system32\extmgr.dll = E:\WINDOWS\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/E:\WINDOWS\system32\msieftp.dll = E:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/E:\WINDOWS\system32\docprop2.dll = E:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/E:\WINDOWS\system32\docprop2.dll = E:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/E:\WINDOWS\system32\docprop2.dll = E:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/E:\WINDOWS\system32\docprop2.dll = E:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/E:\WINDOWS\system32\docprop2.dll = E:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/E:\WINDOWS\system32\docprop2.dll = E:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Offline Files Folder*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/E:\WINDOWS\msagent\agentpsh.dll = E:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/E:\WINDOWS\system32\dfsshlex.dll = E:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*For &People...*/E:\Program Files\Outlook Express\wabfind.dll = E:\Program Files\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/E:\WINDOWS\system32\wmpshell.dll = E:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/E:\WINDOWS\system32\wmpshell.dll = E:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/E:\WINDOWS\system32\wmpshell.dll = E:\WINDOWS\system32\wmpshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/E:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = E:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/E:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = E:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/E:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = E:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/E:\Program Files\Microsoft Office\OFFICE11\msohev.dll = E:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} /*CorelDRAW Shell Extension Component*/(null) =
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/E:\PROGRA~1\Yahoo!\Common\ymmapi.dll = E:\PROGRA~1\Yahoo!\Common\ymmapi.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{cc86590a-b60a-48e6-996b-41d25ed39a1e} /*Portable Media Devices Menu*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/E:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll = E:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/E:\Program Files\Synaptics\SynTP\SynTPCpl.dll = E:\Program Files\Synaptics\SynTP\SynTPCpl.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/E:\WINDOWS\system32\ieframe.dll = E:\WINDOWS\system32\ieframe.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/E:\WINDOWS\system32\mscoree.dll = E:\WINDOWS\system32\mscoree.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/E:\Program Files\Grisoft\AVG7\avgse.dll = E:\Program Files\Grisoft\AVG7\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/E:\Program Files\Grisoft\AVG7\avgse.dll = E:\Program Files\Grisoft\AVG7\avgse.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/E:\Program Files\WinRAR\rarext.dll = E:\Program Files\WinRAR\rarext.dll
@{738D66C6-0149-4D40-84E4-A7BB2D0CE949} /*File Manager*/(null) =
@{97C1D2CE-3AB4-4459-9142-D50D9338CB9A} /*ScriptDropShellExt*/E:\Program Files\ACD Systems\RoboEnhancer\ScriptDropShellExt.dll = E:\Program Files\ACD Systems\RoboEnhancer\ScriptDropShellExt.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = E:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = E:\Program Files\Grisoft\AVG7\avgse.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Program Files\WinRAR\rarext.dll
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = E:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = E:\Program Files\Grisoft\AVG7\avgse.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = E:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Program Files\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{02478D38-C3F9-4efb-9B51-7695ECA05670}E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll = E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll = E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}E:\PROGRA~1\SPYBOT~1\SDHelper.dll = E:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}E:\Program Files\Yahoo!\Common\yiesrvc.dll = E:\Program Files\Yahoo!\Common\yiesrvc.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll = E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
@{AE7CD045-E861-484f-8273-0445EE161910}E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll = E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = E:\WINDOWS\system32\logon.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.yahoo.com/ = http://www.yahoo.com/
@Start Pagehttp://www.yahoo.com/ = http://www.yahoo.com/
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://alifeinbloom.blogspot.com/ = http://alifeinbloom.blogspot.com/
@Local PageE:\WINDOWS\system32\blank.htm = E:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = E:\WINDOWS\system32\mscoree.dll
application/x-complus@CLSID = E:\WINDOWS\system32\mscoree.dll
application/x-msdownload@CLSID = E:\WINDOWS\system32\mscoree.dll
Class Install Handler@CLSID = E:\WINDOWS\system32\urlmon.dll
deflate@CLSID = E:\WINDOWS\system32\urlmon.dll
gzip@CLSID = E:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = E:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = E:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = E:\WINDOWS\system32\mshtml.dll
cdl@CLSID = E:\WINDOWS\system32\urlmon.dll
dvd@CLSID = E:\WINDOWS\system32\msvidctl.dll
file@CLSID = E:\WINDOWS\system32\urlmon.dll
ftp@CLSID = E:\WINDOWS\system32\urlmon.dll
gopher@CLSID = E:\WINDOWS\system32\urlmon.dll
http@CLSID = E:\WINDOWS\system32\urlmon.dll
https@CLSID = E:\WINDOWS\system32\urlmon.dll
its@CLSID = E:\WINDOWS\system32\itss.dll
javascript@CLSID = E:\WINDOWS\system32\mshtml.dll
local@CLSID = E:\WINDOWS\system32\urlmon.dll
mailto@CLSID = E:\WINDOWS\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = E:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = E:\WINDOWS\system32\itss.dll
mso-offdap@CLSID = E:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = E:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res@CLSID = E:\WINDOWS\system32\mshtml.dll
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
tv@CLSID = E:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = E:\WINDOWS\system32\mshtml.dll
wia@CLSID = E:\WINDOWS\system32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000022@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
E:\Documents and Settings\User\Start Menu\Programs\Startup = Adobe Gamma.lnk
E:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
Acrobat Assistant.lnk = Acrobat Assistant.lnk
Microtek Scanner Finder.lnk = Microtek Scanner Finder.lnk
---- EOF - GMER 1.0.14 ----