Slow computer and freeze
-
Re: Slow computer and freeze
I have another question, can I delete the "FOUND.000" and the System Volume Information because it use 5Gb for these folder!!!.
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"IDMan" = "D:\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]
"PeerGuardian" = "C:\Program Files\PeerGuardian2\pg2.exe" ["Methlabs"]
"Yahoo! Pager" = ""C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet" ["Yahoo! Inc."]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go ogleToolbarNotifier.exe" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"CnxDslTaskBar" = ""C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"" ["Conexant Systems, Inc."]
"PowerS" = "C:\WINDOWS\PowerS.exe" ["prolink"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"avast!" = "D:\Avast4\ashDisp.exe" [null data]
"Zone Labs Client" = ""D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx\ {++}
"Register Homesite+.exe" = ""C:\Program Files\Macromedia\HomeSite+\Homesite+.exe" /REGSERVER" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"
-> {HKLM...CLSID} = "IDMIEHlprObj Class"
\InProcServer32\(Default) = "D:\Internet Download Manager\IDMIECC.dll" ["Tonec Inc."]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."]
{0A87E45F-537A-40B4-B812-E2544C21A09F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SpywareBlock Class"
\InProcServer32\(Default) = "D:\YAS GAME\GhostSurf 2005\SCActiveBlock.dll" ["Tenebril Inc."]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "gFlash Class"
\InProcServer32\(Default) = "D:\YASPRO~1\FLASHGET\getflash.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\YASPRO~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\YASPRO~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\YASPRO~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\YASPRO~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{765489FF-C32C-211A-DFEE-00FD217F8C87}" = "ABView"
-> {HKLM...CLSID} = "ABView"
\InProcServer32\(Default) = "C:\Program Files\ABView\ABViewShell.dll" ["SYCORY.COM"]
"{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001}" = "Macromedia FTP & RDS"
-> {HKLM...CLSID} = "Macromedia FTP & RDS"
\InProcServer32\(Default) = "C:\WINDOWS\System32\CfShellFtpRds.dll" ["Macromedia, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "D:\yas program\New Folder\rpshell.dll" ["RealNetworks, Inc."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll" ["Yahoo! Inc."]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""D:\yas program\tuneup\sdshelex.dll"" ["TuneUp Software GmbH"]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "D:\yas program\Trillian\ICQLite\ICQLiteShell.dll" [empty string]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{30975AB1-C38B-4D43-BC6D-39F106F4B685}" = "MediaOverlayExtExt Extension"
-> {HKLM...CLSID} = "MediaOverlayExt Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\mssvide.dll" [file not found]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "D:\yas program\iPod Video Converter\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {HKLM...CLSID} = "Universal Plug and Play Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "D:\yas program\nokia pc suite\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Avast4\ashShell.dll" ["ALWIL Software"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "D:\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandler s\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
ABView\(Default) = "{765489FF-C32C-211A-DFEE-00FD217F8C87}"
-> {HKLM...CLSID} = "ABView"
\InProcServer32\(Default) = "C:\Program Files\ABView\ABViewShell.dll" ["SYCORY.COM"]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Avast4\ashShell.dll" ["ALWIL Software"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "D:\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
DAP_Menu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
\InProcServer32\(Default) = "D:\yas program\DAP\Privacy Package\DAPCtxMenuShell.dll" ["Speedbit Ltd."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "D:\yas program\Trillian\ICQLite\ICQLiteShell.dll" [empty string]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""D:\yas program\tuneup\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\YASPRO~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll" ["Yahoo! Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "D:\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "D:\yas program\Trillian\ICQLite\ICQLiteShell.dll" [empty string]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""D:\yas program\tuneup\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\YASPRO~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Avast4\ashShell.dll" ["ALWIL Software"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\YASPRO~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\AllFilesystemObjects\shellex \ContextMenuHandlers\
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Loca l Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\yyyy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\FEEDIN~1.SCR" (FeedingFrenzy.scr) ["Sprout Games, LLC"]
Enabled Scheduled Tasks:
------------------------
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 31
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."]
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"
-> {HKLM...CLSID} = "FlashGet Bar"
\InProcServer32\(Default) = "D:\YASPRO~1\FLASHGET\fgiebar.dll" ["Amaze Soft"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Research"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\
"ButtonText" = "Yahoo! Services"
"CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."]
{605E5D27-BFA0-471F-87ED-98A2623D633C}\
"ButtonText" = "CADE"
"Script" = "C:\Program Files\CADE\Web\new.htm" [null data]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "D:\yas program\Trillian\ICQLite\ICQLite.exe" ["ICQ Ltd."]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "D:\YASPRO~1\FLASHGET\flashget.exe" ["FlashGet.com"]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\
"ButtonText" = "Yahoo! Messenger"
"MenuText" = "Yahoo! Messenger"
"Exec" = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" ["Yahoo! Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*Z" (unwritable string)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""D:\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "D:\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
IPv6 Helper Service, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZONELABS\vsmon.exe -service" ["Zone Labs, LLC"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monito rs\
BitWare Language Monitor\Driver = "bwprnmon.dll" [MS]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 165 seconds, including 18 seconds for message boxes)
-
Hi,
silent runners is clean.
Don't know a thing about found.OOO, try googleing and see what comesup.
Stuff under system restore can be gotten rid of by creating a new restore point. Let's do one more scan before you do that cause usually system restore is the very last thing you do to clean your computer.
Try running this:
Download http://www.bleepingcomputer.com/files/winpfind.php
Extract WinPFind.zip to your c:\ folder.
Please print these instructions as you will be going into safe mode.
Reboot your computer into Safe Mode by following the following steps:
Reboot.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt
-
Ok...
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 10/25/2006 1:39:26 PM
WinPFind v1.5.0 Folder = C:\Documents and Settings\yyyy\Desktop\web\folderr\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 11/20/2005 8:23:30 PM 47104 C:\WINDOWS\AKDeInstall.exe ()
Checking %System% folder...
aspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
WSUD 8/4/2004 11
54 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
WSUD 6/21/2006 5:40:36 AM 18796544 C:\WINDOWS\SYSTEM32\alsndmgr.cpl (Realtek Semiconductor Corp.)
PEC2 9/20/2002 5:47:22 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
UpackByDwing 10/1/2005 9:01:48 AM 13068 C:\WINDOWS\SYSTEM32\Messenger.exe ()
aspack 8/4/2004 1136 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
winsync 9/20/2002 5:49:08 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 5/23/2006 4:00:12 PM 513024 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
Umonitor 8/4/2004 1144 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
WSUD 4/20/2006 4:25:52 PM 7706112 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)
PECompact2 10/5/2006 12:03:46 AM 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 10/5/2006 12:03:46 AM 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
UPX! 6/11/1997 6:51:30 PM 1294336 C:\WINDOWS\SYSTEM32\Cgrm_en.dll (Centigram Communications Corp.)
UPX! 5/18/2006 1:43:02 PM 395891 C:\WINDOWS\SYSTEM32\Windows Genuine Advantage Validation.exe (Macrovision Corporation)
WSUD 8/4/2004 1158 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
UPX! 9/25/2006 7:45:08 PM 666240 C:\WINDOWS\SYSTEM32\aswBoot.exe ()
Checking %System%\Drivers folder and sub-folders...
PEC2 3/25/2005 5:18:48 PM 82148 C:\WINDOWS\SYSTEM32\drivers\VcommMgr.sys (IVT Corporation)
PTech 11/4/2003 5:11:18 PM 1299976 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys ( )
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/13/2006 5:49:38 PM S 4 C:\WINDOWS\us123sw.log ()
10/25/2006 1:38:18 PM S 2048 C:\WINDOWS\bootstat.dat ()
8/28/2006 1:17:28 PM H 0 C:\WINDOWS\SwSys1.bmp ()
8/28/2006 1:17:28 PM H 0 C:\WINDOWS\SwSys2.bmp ()
10/23/2006 8:51:18 PM H 54156 C:\WINDOWS\QTFont.qfn ()
10/12/2006 9:31:30 PM H 4212 C:\WINDOWS\system32\zllictbl.dat ()
10/25/2006 11:00:08 AM H 48877 C:\WINDOWS\system32\vsconfig.xml ()
10/25/2006 1:37:42 PM H 1024 C:\WINDOWS\system32\config\system.LOG ()
10/25/2006 1:37:42 PM H 57344 C:\WINDOWS\system32\config\software.LOG ()
10/25/2006 1:37:42 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
10/25/2006 1:38:36 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
10/25/2006 1:38:18 PM H 20480 C:\WINDOWS\system32\config\SECURITY.LOG ()
10/12/2006 10:44:46 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.da t.LOG ()
8/17/2093 3:32:16 AM S 216 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F471 4092295550497DD56F57004 ()
9/18/2006 10:58:44 PM S 136 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\MetaData\904590238 400AD963F77FAAAADC9BAB5 ()
9/18/2006 10:58:48 PM S 126 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\MetaData\303572DF5 38EDD8B1D606185F1D559B8 ()
9/18/2006 10:58:48 PM S 98 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF 00FBA86D33CC5A47696F165 ()
10/13/2006 12:08:36 PM S 94 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\MetaData\60E31627F DA0A46932B0E5948949F2A5 ()
10/24/2006 12:02:36 PM S 124 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189 DB7D25FBA7CAC806625FD30 ()
10/30/2092 6:00:16 PM S 18 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714 092295550497DD56F57004 ()
9/18/2006 10:58:44 PM S 574 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\Content\9045902384 00AD963F77FAAAADC9BAB5 ()
9/18/2006 10:58:48 PM S 341 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\Content\303572DF53 8EDD8B1D606185F1D559B8 ()
9/18/2006 10:58:48 PM S 413 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\Content\79841F8EF0 0FBA86D33CC5A47696F165 ()
10/13/2006 12:08:36 PM S 688 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\Content\60E31627FD A0A46932B0E5948949F2A5 ()
10/24/2006 12:02:36 PM S 39500 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\Content\A8FABA189D B7D25FBA7CAC806625FD30 ()
9/18/2006 6:40:26 PM S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486.cat ()
9/4/2006 10:38:52 AM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924496.cat ()
9/13/2006 9:23:54 AM S 9435 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924191.cat ()
1/7/2070 3:27:40 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\048c56d4-f709-4518-a25d-e47ab731258f ()
9/23/2070 5:27:40 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\71710555-1c6e-4cbc-9a45-76c899d86f84 ()
9/1/2092 7:03:16 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\e4228c1c-eec7-4d4d-81bf-05fa90a0e3c3 ()
10/4/2006 5:46:22 PM H 8628 C:\WINDOWS\Help\netcfg.GID ()
10/13/2006 9:54:16 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ind ex22.dat ()
10/13/2006 9:54:26 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ind ex23.dat ()
10/25/2006 1:37:34 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()
10/19/2006 7:44:58 PM H 54807786 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\98507375be28254113c73a28f1048339\BIT3.tmp ()
10/19/2006 7:58:10 PM H 95315977 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\da2f0608e733122385625f65db46b421\BIT4.tmp ()
Checking for CPL files...
6/21/2006 5:40:36 AM 18796544 C:\WINDOWS\SYSTEM32\alsndmgr.cpl (Realtek Semiconductor Corp.)
10/29/2003 12:30:18 PM 434176 C:\WINDOWS\SYSTEM32\slcpappl.cpl ()
8/4/2004 1158 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
9/20/2002 5:48:02 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 1158 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
9/20/2002 5:48:24 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
9/20/2002 5:48:32 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
9/20/2002 5:49:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 1158 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/4/2004 1158 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 1158 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/4/2004 1158 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/4/2004 1158 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/4/2004 1158 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
1/14/2004 6:57:18 PM 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl (Ahead Software AG)
8/4/2004 1158 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/4/2004 1158 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 1158 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/4/2004 1158 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
8/4/2004 1158 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 1158 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
8/4/2004 1158 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 1158 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/4/2004 1158 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 1158 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2003 2:05:14 PM 73728 C:\WINDOWS\SYSTEM32\drivers\SCBaud.cpl (Socket Communications Inc.)
9/20/2002 5:48:32 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
9/20/2002 5:48:24 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
9/20/2002 5:48:02 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
9/20/2002 5:49:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
8/15/2003 11:37:10 AM R 10435072 C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFi les\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
Checking for Downloaded Program Files...
{0000000A-0000-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/downlo...367/wmavax.CAB
{01FE8D0A-51AD-459B-B62B-85E135128B32} - DD_v4.DDv4 - CodeBase = http://www.drivershq.com/DD_v4.CAB
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/s...irector/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - InstallerBehaviorFactory Class - CodeBase = https://signup.msn.com/pages/MsnInstC.cab
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} - LSSupCtl Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
{2B323CD9-50E3-11D3-9466-00A0C9700498} - Yahoo! Audio Conferencing - CodeBase = http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
{31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - Cult3D ActiveX Player - CodeBase = http://www.cult3d.com/download/cult.cab
{33564D57-0000-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/downlo...22/wmv9VCM.CAB
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeup...tent/opuc3.cab
{47CEF84E-92D8-4C4A-86D7-CB982889DCC0} - Oberon Media Network Optimizer - CodeBase = http://mp1.mplay.oberon-media.com/client/flashnet.cab
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/reso...an8/oscan8.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} - Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/S.../bin/cabsa.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsof...?1129009845078
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} - WScanCtl Class - CodeBase = http://www3.ca.com/securityadvisor/v...fo/webscan.cab
{7D1E9C49-BD6A-11D3-87A8-009027A35D73} - Yahoo! Audio UI1 - CodeBase = http://chat.yahoo.com/cab/yacsui.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{A90A5822-F108-45AD-8482-9BC8B12DD539} - Crucial cpcScan - CodeBase = http://www.crucial.com/controls/cpcScanner.cab
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/Ms...Downloader.cab
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - ASquaredScanForm Element - CodeBase = http://www.windowsecurity.com/trojanscan/axscan.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - ActiveDataInfo Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/s...sh/swflash.cab
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - MSN Chat Control 4.5 - CodeBase = http://chat.msn.com/controls/msnchat45.cab
DirectAnimation Java Classes - - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
4/21/2004 3:58:40 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
Checking files in %ALLUSERSPROFILE%\Application Data folder...
4/21/2004 7:49:08 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
Checking files in %USERPROFILE%\Startup folder...
4/21/2004 3:58:40 PM HS 84 C:\Documents and Settings\yyyy\Start Menu\Programs\Startup\desktop.ini ()
Checking files in %USERPROFILE%\Application Data folder...
5/17/2006 7:50:42 PM 79024 C:\Documents and Settings\yyyy\Application Data\GDIPFONTCACHEV1.DAT ()
9/8/2005 8:59:10 AM 4194441 C:\Documents and Settings\yyyy\Application Data\sdi.db ()
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
>>> Internet Explorer Settings <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer]
\\SearchURL - http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer]
\\SearchURL -
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
\\Search Bar - http://www.google.com
\\Search Page - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
\\Default_Search_URL - http://www.google.com/ie
\\Local Page - C:\WINDOWS\SYSTEM32\blank.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://servihoo.com/
\\Search Bar - http://www.google.com/ie
\\Search Page - http://www.google.com
\\Default_Page_URL - http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Local Page - C:\WINDOWS\SYSTEM32\blank.htm
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://www.google.com/ie
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/en-us/srchasst/srchcust.htm
\\SearchAssistant - http://www.google.com/ie
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
\{0055C089-8582-441B-A0BF-17B458C2A3A8} - IDMIEHlprObj Class = D:\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
\{00A6FAF1-072E-44cf-8957-5838F569A31D} - = ()
\{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
\{0A87E45F-537A-40B4-B812-E2544C21A09F} - SpywareBlock Class = D:\YAS GAME\GhostSurf 2005\SCActiveBlock.dll (Tenebril Inc.)
\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - = ()
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{9030D464-4C02-4ABF-8ECC-5164760863C6} - Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar2.dll (Google Inc.)
\{F156768E-81EF-470C-9057-481BA8380DBA} - gFlash Class = D:\YASPRO~1\FLASHGET\getflash.dll ()
>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{21569614-B795-46B1-85F4-E737A8DC09AD} - Shell Search Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{FF059E31-CC5A-4E2E-BF3B-96E929D65503} - &Research = C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
\\{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar = D:\YASPRO~1\FLASHGET\fgiebar.dll (Amaze Soft)
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\ShellBrowser\\{014DA6C9-189F-421A-88CD-07CFE51CFF10} - = ()
\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc.)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - = ()
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Console
\\NEXTID - 8202
\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - 8193 =
\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8194 =
\\{605E5D27-BFA0-471F-87ED-98A2623D633C} - 8195 =
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8196 =
\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} - 8197 = ICQ Lite
\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - 8198 = &FlashGet
\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8199 = Yahoo! Messenger
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8200 = Windows Messenger
\\{85d1f590-48f4-11d9-9669-0800200c9a66} - 8201 = Uninstall BitDefender Online Scanner v8
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - ButtonText: Yahoo! Services =
\{605E5D27-BFA0-471F-87ED-98A2623D633C} - ButtonText: CADE = C:\Program Files\CADE\Web\new.htm
\{85d1f590-48f4-11d9-9669-0800200c9a66} - MenuText: Uninstall BitDefender Online Scanner v8 = ()
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
\{B863453A-26C3-4e1f-A54D-A2CD196348E9} - ButtonText: ICQ Lite = D:\yas program\Trillian\ICQLite\ICQLite.exe (ICQ Ltd.)
\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - ButtonText: FlashGet = D:\YASPRO~1\FLASHGET\flashget.exe (FlashGet.com)
\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - ButtonText: Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = D:\YASPRO~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = D:\YASPRO~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = D:\YASPRO~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = D:\YASPRO~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{765489FF-C32C-211A-DFEE-00FD217F8C87} - ABView = C:\Program Files\ABView\ABViewShell.dll (SYCORY.COM)
\\ - CorelDRAW Shell Extension Component = ()
\\{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001} - Macromedia FTP & RDS = C:\WINDOWS\System32\CfShellFtpRds.dll (Macromedia, Inc.)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = D:\yas program\New Folder\rpshell.dll (RealNetworks, Inc.)
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll (Yahoo! Inc.)
\\{32020A01-506E-484D-A2A8-BE3CF17601C3} - AlcoholShellEx = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{73B24247-042E-4EF5-ADC2-42F62E6FD654} - ICQ Lite Shell Extension = D:\yas program\Trillian\ICQLite\ICQLiteShell.dll ()
\\{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - UnlockerShellExtension = C:\Program Files\Unlocker\UnlockerCOM.dll ()
\\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} - PowerISO = ()
\\{D9872D13-7651-4471-9EEE-F0A00218BEBB} - Multiscan = ()
\\{30975AB1-C38B-4D43-BC6D-39F106F4B685} - MediaOverlayExtExt Extension = ()
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = D:\yas program\iPod Video Converter\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} - TrojanHunter Menu Shell Extension = ()
\\{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} - PhoneBrowser = D:\yas program\nokia pc suite\Nokia PC Suite 6\PhoneBrowser.dll (Nokia)
\\{472083B0-C522-11CF-8763-00608CC02F24} - avast = D:\Avast4\ashShell.dll (ALWIL Software)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Shell Extensions\Approved]
>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\Cont extMenuHandlers]
\ABView - {765489FF-C32C-211A-DFEE-00FD217F8C87} = C:\Program Files\ABView\ABViewShell.dll (SYCORY.COM)
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = D:\Avast4\ashShell.dll (ALWIL Software)
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = D:\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\DAP_Menu - {BED4C38B-F765-45AC-8C56-613F76BBF43E} = D:\yas program\DAP\Privacy Package\DAPCtxMenuShell.dll (Speedbit Ltd.)
\ICQLiteMenu - {73B24247-042E-4EF5-ADC2-42F62E6FD654} = D:\yas program\Trillian\ICQLite\ICQLiteShell.dll ()
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = D:\YASPRO~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll (Yahoo! Inc.)
\{B33DE746-DEFE-4D7A-87DB-900864B1D3A8} - = D:\Program Files\Ashampoo\Ashampoo WinOptimizer Platinum 3\ContextHandler.dll ()
\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = D:\yas program\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)
[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemO bjects\shellex\ContextMenuHandlers]
\UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll ()
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shel lex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = D:\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\ICQLiteMenu - {73B24247-042E-4EF5-ADC2-42F62E6FD654} = D:\yas program\Trillian\ICQLite\ICQLiteShell.dll ()
\PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = ()
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = D:\YASPRO~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\Back Ground\shellex\ContextMenuHandlers]
\InCDMenu - {950FF917-7A57-46BC-8017-59D9BF474000} = ()
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex \ContextMenuHandlers]
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = D:\Avast4\ashShell.dll (ALWIL Software)
\PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = ()
\UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll ()
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = D:\YASPRO~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\{B33DE746-DEFE-4D7A-87DB-900864B1D3A8} - = D:\Program Files\Ashampoo\Ashampoo WinOptimizer Platinum 3\ContextHandler.dll ()
\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = D:\yas program\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)
>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers]
\{7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalExt.NeroDigitalColumnHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)
>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
CnxDslTaskBar - C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe (Conexant Systems, Inc.)
PowerS - C:\WINDOWS\PowerS.exe (prolink)
SoundMan - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
avast! - D:\Avast4\ashDisp.exe ()
Zone Labs Client - D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
KernelFaultCheck - ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx]
Register Homesite+.exe - C:\Program Files\Macromedia\HomeSite+\Homesite+.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
IDMan - D:\Internet Download Manager\IDMan.exe (Tonec Inc.)
PeerGuardian - C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go ogleToolbarNotifier.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\yyyy\Start Menu\Programs\Startup\desktop.ini ()
>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
svcWRSSSDK 2
BlueSoleil Hid Service 2
TUWinStylerThemeSvc 3
TNBRLDS 2
nod32krn 2
IDriverT 3
CameraServer 2
Adobe LM Service 3
ServiceLayer 3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk
backup C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma Loader.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk
backup C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
location Common Startup
command D:\YASPRO~1\BLUESO~1.EXE
item BlueSoleil
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GhostSurf proxy.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GhostSurf proxy.lnk
backup C:\WINDOWS\pss\GhostSurf proxy.lnkCommon Startup
location Common Startup
command D:\YASGAM~1\GHOSTS~1\Proxy.exe
item GhostSurf proxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gwum.lnk
backup C:\WINDOWS\pss\gwum.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Gigabyte\GIGABY~1\gwum.exe
item gwum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^yyyy^Start Menu^Programs^Startup^Scheduler.lnk
path C:\Documents and Settings\yyyy\Start Menu\Programs\Startup\Scheduler.lnk
backup C:\WINDOWS\pss\Scheduler.lnkStartup
location Startup
command D:\YASGAM~1\GHOSTS~1\SCHEDU~1.EXE
item Scheduler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^yyyy^Start Menu^Programs^Startup^Webshots.lnk
backup C:\WINDOWS\pss\Webshots.lnkStartup
location Startup
item Webshots
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NMBgMonitor
hkey HKCU
command "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccApp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ccApp
hkey HKLM
command "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccRegVfy
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ccRegVfy
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Check Trial ModemMAX
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CheckTrial
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CloneCDTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CloneCDTray
hkey HKLM
command "D:\CloneCD\CloneCDTray.exe" /s
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\System32\ctfmon.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GhostSurfDelSatellite
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DeleteSatellite
hkey HKLM
command "D:\YAS GAME\GhostSurf 2005\DeleteSatellite.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ Lite
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQLite
hkey HKLM
command "D:\yas program\Trillian\ICQLite\ICQLite.exe" -minimize
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IDMan
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IDMan
hkey HKCU
command D:\Internet Download Manager\IDMan.exe /onboot
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IST Service
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "D:\yas program\iPod Video Converter\iTunesHelper.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCAgentExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item McAgent
hkey HKLM
command c:\PROGRA~1\mcafee.com\agent\McAgent.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCUpdateExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcupdate
hkey HKLM
command C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\New.net Startup
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NEWDOT~2
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSuiteTrayApplication
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LAUNCH~1
hkey HKLM
command D:\YASPRO~1\NOKIAP~1\NOKIAP~1\LAUNCH~1.EXE -startup
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ProxyWay
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item proxyway
hkey HKCU
command C:\Program Files\ProxyWay\proxyway.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PSwitch
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ProxySwitcher
hkey HKCU
command D:\yas program\Proxy Switcher Standard\ProxySwitcher.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SiS Windows KeyHook
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item keyhook
hkey HKLM
command C:\WINDOWS\System32\keyhook.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SSC_UserPrompt
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UsrPrmpt
hkey HKLM
command C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SurfAccuracy
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SAcc
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command C:\PROGRA~1\SYMNET~1\SNDMon.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TotalRecorderScheduler
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TotRecSched
hkey HKLM
command "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item YahooMessenger
hkey HKCU
command "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 2
startup 2
[All Users Startup Folder Disabled Items]
[Current User Startup Folder Disabled Items]
>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
\\iebar -
\\acc=dreese -
\\SV1 -
>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d
>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
\\WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
\\UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = D:\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)
>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe,
\\Shell = Explorer.exe
\\System =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corp.)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
>>> DNS Name Servers <<<
{4E90649C-086E-4D3E-993C-6E2231F1B2CA} - (Realtek RTL8139/810x Family Fast Ethernet NIC)
{A586775D-97B4-45F1-B4A7-09091DDB8ABC} - ()
{EF985B10-7F9C-49EC-ACE6-B813FFCA58A9} - ()
>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WinSock2\Parameters\NameSpace_Catalog5\Catalog_ Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000004\\LibraryPath - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
\000000000005\\LibraryPath - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WinSock2\Parameters\Protocol_Catalog9\Catalog_E ntries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000023\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000024\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000025\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000026\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000027\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000028\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000029\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000030\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000031\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler]
\ipp - ()
\msdaipp - ()
>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filt er]
>>> Selected AddOn's <<<
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
-
Hi,
Download, install and scan with the 15-day free trial of Sunbelt CounterSpy.
CounterSpy User Guide.
1. When Counterspy completes its scan, the "Scan Results" box will appear.
2. Click on "View Results".
3.Under (Recommended Action), using the drop down menu arrows at the side of each entry found, set EVERYTHING to "Remove".
4. Click on "Take Action".
5. Once everything has been removed, click on "View Details".
6. Copy and Paste the details into a text document and save it to your desktop.
7. Exit Counterspy and post the results in your next reply.
-
The link that you have tell me is not working but I have download it at http://www.download.com/3001-8022_4-10566366.html.
Here is the result
Spyware Scan Details
Start Date: 10/26/2006 12:02:21 PM
End Date: 10/26/2006 2:17:39 PM
Total Time: 2 hrs 15 mins 18 secs
Detected spyware
Grokster P2P more information...
Details: Free version installs adware and spyware including GAIN, CyDoor, My Search, WebRebates, and Relivant Knowledge.
Status: Deleted
MyWebSearch Toolbar Potentially Unwanted Software more information...
Details: WebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs {63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches ypager.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches msnmsgr.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches icqlite.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches icq.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches aim.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches waol.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches outlook.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches msn.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches msimn.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches incmail.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 AppName MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Outlo ok MyWebSearch.OutlookAddin {07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar pl 9
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar SettingsDir C:\Program Files\MyWebSearch\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar PluginPath C:\Program Files\MyWebSearch\bar\1.bin\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar Dir C:\Program Files\MyWebSearch\bar\
HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs {63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches incmail.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches msimn.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches msn.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches outlook.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches waol.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches aim.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches icq.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches icqlite.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches msmsgs.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches msnmsgr.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\S witches ypager.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 Toolbar *Uninstalled*
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 AppName MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Outlo ok MyWebSearch.OutlookAddin {07B18EA9-A523-4961-B6BB-170DE4475CCA}
SearchMiracle.EliteBar Browser Plug-in more information...
Details: Adds a search hijacker toolbar to Internet Explorer called Elite Bar.
Status: Deleted
Infected files detected
c:\windows\etb\xml\adult.tbr
c:\windows\etb\xml\default.tbr
c:\windows\etb\xml\search.mnu
c:\windows\etb\xml\images\findemails.bmp
c:\windows\etb\xml\images\ringtones.bmp
c:\windows\etb\xml\images\searchpeople.bmp
c:\windows\etb\xml\images\dating.bmp
c:\windows\etb\xml\images\50kwincash2.bmp
c:\windows\etb\xml\images\casino.bmp
c:\windows\etb\xml\images\virus.bmp
c:\windows\etb\etb.ini
c:\windows\etb\etl
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform iebar
DNSCatcher Adware more information...
Status: Deleted
Infected files detected
c:\program files\common files\download\mc-110-12-0000088.exe
c:\program files\common files\inetget\mc-110-12-0000088.exe
Paltalk Low Risk Adware more information...
Details: Paltalk is an advertising-supported instant messaging client.
Status: Deleted
Infected files detected
C:\palsound.txt
c:\windows\paltalk messenger setup log.txt
Infected registry entries detected
HKEY_CLASSES_ROOT\.PalTalk
HKEY_CLASSES_ROOT\.PalTalk PalTalkFile
HKEY_CLASSES_ROOT\.PalTalk Content Type text/PalTalk
Download Accelerator Plus Low Risk Adware more information...
Details: Download Accelerator Plus (DAP) is an advertising-supported download manager program from SpeedBit.com.
Status: Deleted
Infected files detected
D:\yas program\DAP\Skins\dap\DAP.uis
D:\Program Files\DAP.exe
d:\yas program\dap\dapie.dll
d:\yas program\dap\dapns.dll
Infected registry entries detected
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\&download with &dap
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\&download with &dap contexts 34
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\&download with &dap D:\yas program\DAP\dapextie.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download &all with DAP
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download &all with DAP D:\yas program\DAP\dapextie2.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download &all with DAP contexts 243
HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers application/x-speedbit-daf
HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers application/x-speedbit-dal
HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers application/x-speedbit-das
HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers application/x-speedbit-skin
HKEY_LOCAL_MACHINE\software\classes\anigifctrl.ani gif\insertable
HKEY_LOCAL_MACHINE\software\classes\anigifctrl.ani gif\insertable
HKEY_LOCAL_MACHINE\software\classes\clsid\{5bfa1da f-5edc-11d2-959e-00c00c02da5e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{5bfa1da f-5edc-11d2-959e-00c00c02da5e}\InprocServer32 D:\yas program\DAP\DAPIE.DLL
HKEY_LOCAL_MACHINE\software\classes\clsid\{5bfa1da f-5edc-11d2-959e-00c00c02da5e}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\software\classes\clsid\{5bfa1da f-5edc-11d2-959e-00c00c02da5e}\ProgID DAPIE.DownloadAcceleratorIE.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{5bfa1da f-5edc-11d2-959e-00c00c02da5e}\TypeLib {5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}
HKEY_LOCAL_MACHINE\software\classes\clsid\{5bfa1da f-5edc-11d2-959e-00c00c02da5e}\VersionIndependentProgID DAPIE.DownloadAcceleratorIE
HKEY_LOCAL_MACHINE\software\classes\clsid\{5bfa1da f-5edc-11d2-959e-00c00c02da5e} DownloadAcceleratorIE Class
HKEY_LOCAL_MACHINE\software\classes\clsid\{8110aea 1-ad5b-4b90-883f-04a9a33b106e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{8110aea 1-ad5b-4b90-883f-04a9a33b106e}\InprocServer32 D:\yas program\DAP\DAPIE.DLL
HKEY_LOCAL_MACHINE\software\classes\clsid\{8110aea 1-ad5b-4b90-883f-04a9a33b106e}\InprocServer32 ThreadingModel both
HKEY_LOCAL_MACHINE\software\classes\clsid\{8110aea 1-ad5b-4b90-883f-04a9a33b106e}\ProgID Dapie.Catcher.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{8110aea 1-ad5b-4b90-883f-04a9a33b106e}\VersionIndependentProgID Dapie.Catcher
HKEY_LOCAL_MACHINE\software\classes\clsid\{8110aea 1-ad5b-4b90-883f-04a9a33b106e} Catcher Class
HKEY_LOCAL_MACHINE\software\classes\clsid\{9738b9e 6-8afa-11d2-959e-444553540002}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9738b9e 6-8afa-11d2-959e-444553540002}\InProcServer32 D:\yas program\DAP\DAPNS.DLL
HKEY_LOCAL_MACHINE\software\classes\clsid\{9738b9e 6-8afa-11d2-959e-444553540002}\ProgID DAPNS.Protocol.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{9738b9e 6-8afa-11d2-959e-444553540002} DAPNS.Protocol.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\daffile\Defaul tIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\daffile\Defaul tIcon D:\yas program\DAP\DAP.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\daffile\shell\ open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\daffile\shell\ open\command D:\yas program\DAP\DAP.EXE DAF:"%l"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\daffile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\daffile\Defaul tIcon D:\yas program\DAP\DAP.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\daffile\shell\ open\command D:\yas program\DAP\DAP.EXE DAF:"%l"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\daffile Download Accelerator file
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\daffile EditFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dalfile\Defaul tIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dalfile\Defaul tIcon D:\yas program\DAP\DAP.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dalfile\shell\ open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dalfile\shell\ open\command D:\yas program\DAP\DAP.EXE DAL:"%l"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dalfile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dalfile\Defaul tIcon D:\yas program\DAP\DAP.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dalfile\shell\ open\command D:\yas program\DAP\DAP.EXE DAL:"%l"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dalfile Download Accelerator file list
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dalfile EditFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DAPBHO.DAPHelp er
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DAPBHO.DAPHelp er\CurVer DAPBHO.DAPHelper.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DAPBHO.DAPHelp er DAPHelper Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DAPIE.Download AcceleratorIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DAPIE.Download AcceleratorIE.1\CLSID {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DAPIE.Download AcceleratorIE.1 DownloadAcceleratorIE Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DAPNS.Protocol .1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DAPNS.Protocol .1\CLSID {9738B9E6-8AFA-11D2-959E-444553540002}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DAPNS.Protocol .1 DAPNS.Protocol.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dasfile\Defaul tIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dasfile\Defaul tIcon D:\yas program\DAP\DAP.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dasfile\shell\ open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dasfile\shell\ open\command D:\yas program\DAP\DAP.EXE DAS:"%l"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dasfile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dasfile\Defaul tIcon D:\yas program\DAP\DAP.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dasfile\shell\ open\command D:\yas program\DAP\DAP.EXE DAS:"%l"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dasfile Download Accelerator file
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dasfile EditFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzsfile\Defaul tIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzsfile\Defaul tIcon D:\yas program\DAP\DAP.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzsfile\shell\ open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzsfile\shell\ open\command D:\yas program\DAP\DAP.EXE DZS:"%l"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzsfile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzsfile\Defaul tIcon D:\yas program\DAP\DAP.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzsfile\shell\ open\command D:\yas program\DAP\DAP.EXE DZS:"%l"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzsfile Download Accelerator Skin file
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzsfile EditFlags
HKEY_LOCAL_MACHINE\software\classes\interface\{03d 365cb-878a-4495-9350-7c67743335d9}
HKEY_LOCAL_MACHINE\software\classes\interface\{03d 365cb-878a-4495-9350-7c67743335d9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{03d 365cb-878a-4495-9350-7c67743335d9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{03d 365cb-878a-4495-9350-7c67743335d9} IDAPHelper
HKEY_LOCAL_MACHINE\software\classes\interface\{5b9 85d95-d4ee-44e5-ae57-b88659b9dee4}
HKEY_LOCAL_MACHINE\software\classes\interface\{5b9 85d95-d4ee-44e5-ae57-b88659b9dee4}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{5b9 85d95-d4ee-44e5-ae57-b88659b9dee4}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{5b9 85d95-d4ee-44e5-ae57-b88659b9dee4} IMIMEFilter
HKEY_LOCAL_MACHINE\software\classes\interface\{5bf a1dae-5edc-11d2-959e-00c00c02da5e}
HKEY_LOCAL_MACHINE\software\classes\interface\{5bf a1dae-5edc-11d2-959e-00c00c02da5e}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{5bf a1dae-5edc-11d2-959e-00c00c02da5e}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{5bf a1dae-5edc-11d2-959e-00c00c02da5e}\TypeLib {5FE38345-35A8-11D3-BD27-000021C9A4D9}
HKEY_LOCAL_MACHINE\software\classes\interface\{5bf a1dae-5edc-11d2-959e-00c00c02da5e}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{5bf a1dae-5edc-11d2-959e-00c00c02da5e} IDownloadAcceleratorIE
HKEY_LOCAL_MACHINE\software\classes\interface\{823 51440-9094-11d1-a24b-00a0c932c7df}
HKEY_LOCAL_MACHINE\software\classes\interface\{823 51440-9094-11d1-a24b-00a0c932c7df}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{823 51440-9094-11d1-a24b-00a0c932c7df}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{823 51440-9094-11d1-a24b-00a0c932c7df}\TypeLib {82351433-9094-11D1-A24B-00A0C932C7DF}
HKEY_LOCAL_MACHINE\software\classes\interface\{823 51440-9094-11d1-a24b-00a0c932c7df}\TypeLib Version 1.5
HKEY_LOCAL_MACHINE\software\classes\interface\{823 51440-9094-11d1-a24b-00a0c932c7df} IAniGIF
HKEY_LOCAL_MACHINE\software\classes\typelib\{5bfa1 da1-5edc-11d2-959e-00c00c02da5e}
HKEY_LOCAL_MACHINE\software\classes\typelib\{5bfa1 da1-5edc-11d2-959e-00c00c02da5e}\1.0\0\win32 D:\yas program\DAP\DAPIE.DLL
HKEY_LOCAL_MACHINE\software\classes\typelib\{5bfa1 da1-5edc-11d2-959e-00c00c02da5e}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{5bfa1 da1-5edc-11d2-959e-00c00c02da5e}\1.0\HELPDIR D:\yas program\DAP
HKEY_LOCAL_MACHINE\software\classes\typelib\{5bfa1 da1-5edc-11d2-959e-00c00c02da5e}\1.0 DAPIE 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\typelib\{5fe38 345-35a8-11d3-bd27-000021c9a4d9}
HKEY_LOCAL_MACHINE\software\classes\typelib\{5fe38 345-35a8-11d3-bd27-000021c9a4d9}\1.0\0\win32 D:\yas program\DAP\DAPIE.DLL
HKEY_LOCAL_MACHINE\software\classes\typelib\{5fe38 345-35a8-11d3-bd27-000021c9a4d9}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{5fe38 345-35a8-11d3-bd27-000021c9a4d9}\1.0\HELPDIR D:\yas program\DAP\
HKEY_LOCAL_MACHINE\software\classes\typelib\{5fe38 345-35a8-11d3-bd27-000021c9a4d9}\1.0 dapie 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\interface\{525 2ac41-94bb-11d1-b2e7-444553540000}
HKEY_LOCAL_MACHINE\software\classes\interface\{525 2ac41-94bb-11d1-b2e7-444553540000}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{525 2ac41-94bb-11d1-b2e7-444553540000}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{525 2ac41-94bb-11d1-b2e7-444553540000}\TypeLib {82351433-9094-11D1-A24B-00A0C932C7DF}
HKEY_LOCAL_MACHINE\software\classes\interface\{525 2ac41-94bb-11d1-b2e7-444553540000}\TypeLib Version 1.5
HKEY_LOCAL_MACHINE\software\classes\interface\{525 2ac41-94bb-11d1-b2e7-444553540000} IAniGIFEvents
HKEY_LOCAL_MACHINE\software\classes\interface\{f32 c7705-1dad-4b09-b60a-40f1d9b3dbc9}
HKEY_LOCAL_MACHINE\software\classes\interface\{f32 c7705-1dad-4b09-b60a-40f1d9b3dbc9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{f32 c7705-1dad-4b09-b60a-40f1d9b3dbc9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{f32 c7705-1dad-4b09-b60a-40f1d9b3dbc9}\TypeLib {5FE38345-35A8-11D3-BD27-000021C9A4D9}
HKEY_LOCAL_MACHINE\software\classes\interface\{f32 c7705-1dad-4b09-b60a-40f1d9b3dbc9}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{f32 c7705-1dad-4b09-b60a-40f1d9b3dbc9} ICatcher
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Improv_DB\DataArray Count 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator LogPos 695
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator DIEVer 8
FunWebProducts Adware Bundler more information...
Details: Fun Web Products bundles adware software in its products.
Status: Deleted
Infected registry entries detected
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \Yahoo SessionCount 65
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products JpegConversionLib C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\ScreenSaver ImagesDir C:\Program Files\FunWebProducts\ScreenSaver\Images\
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\ScreenSaver ImagesDir C:\Program Files\FunWebProducts\ScreenSaver\Images\
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextNone.numActive 1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextNone.0 Your buddy has a new Buddy Icon. @LTEXT0@Take a look!@LTEXT1@ @LINK0@http://buddies.funbuddyicons.com/@LINK1@
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyFreqNone -1|1|0|0|0|0|0|0|0|0|1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextUninstalled.numActive 1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextUninstalled.0 Your buddy has a new Buddy Icon. @LTEXT0@Take a look!@LTEXT1@ @LINK0@http://buddies.funbuddyicons.com/@LINK1@
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyFreqUninstalled -1|1|0|0|0|0|0|0|0|0|1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products JpegConversionLib C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
My Way Speedbar Browser Plug-in more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A976 E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A976 E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB824 8-617F-460d-9366-D71CDEDA3179}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB824 8-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB824 8-617F-460d-9366-D71CDEDA3179}
IST.PowerScan Adware more information...
Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest
Warez P2P Adware Bundler more information...
Details: Warez P2P is a file sharing program that bundles adware/spyware including HyperBar, StartNow, and New.Net.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez.DocHostU IHandler\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez.DocHostU IHandler\Clsid {3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezq
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezq URL:Warez_Query protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezq URL Protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezp URL:Warez Of2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezp URL Protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez\shell\op en\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez\shell\op en\command D:\yasMy Downloads\Warez\WarezPRO.exe '%L'
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezo URL:Warez Of1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezo URL Protocol
HKEY_CURRENT_USER\Software\Warez P2P Client
HKEY_CURRENT_USER\Software\Warez P2P Client Start Menu Folder Warez P2P Client
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez\shell\op en\command D:\yasMy Downloads\Warez\WarezPRO.exe '%L'
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez URL:Warez protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez URL Protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez.DocHostU IHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez.DocHostU IHandler\Clsid {3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez.DocHostU IHandler Implements DocHostUIHandler
HKEY_CURRENT_USER\Software\Warez
HKEY_CURRENT_USER\Software\Warez\BTLib Refresh Timeout 1000
HKEY_CURRENT_USER\Software\Warez\BTLib Upload Ratio
HKEY_CURRENT_USER\Software\Warez\BTLib Download Ratio
HKEY_CURRENT_USER\Software\Warez\BTLib Use Proxy 0
HKEY_CURRENT_USER\Software\Warez\BTLib Proxy Type 0
HKEY_CURRENT_USER\Software\Warez\BTLib Proxy User
HKEY_CURRENT_USER\Software\Warez\BTLib Proxy Password
HKEY_CURRENT_USER\Software\Warez\BTLib Proxy IP
HKEY_CURRENT_USER\Software\Warez\BTLib Proxy Port 0
HKEY_CURRENT_USER\Software\Warez\BTLib Max Connections 500
HKEY_CURRENT_USER\Software\Warez\BTLib Max Download Rate 13631488
HKEY_CURRENT_USER\Software\Warez\BTLib Max Upload Rate 1024
HKEY_CURRENT_USER\Software\Warez\BTLib Major Version 3
HKEY_CURRENT_USER\Software\Warez\BTLib Minor Version 0
HKEY_CURRENT_USER\Software\Warez\BTLib Download Queue 10
HKEY_CURRENT_USER\Software\Warez\BTLib Upload Queue 10
HKEY_CURRENT_USER\Software\Warez Info PRO
Hotbar Adware more information...
Details: Hotbar is promoted as an application that adds graphical skins to Internet Explorer toolbars and outlook/ Outlook Express, and also adds its own toolbar. It monitors all URLs you visit to add link buttons to its toolbar dependent on the site you are
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HbInstIE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HbInstIE.dll .Owner {8C875948-9C60-4381-9248-0DF180542D53}
iSearch.DesktopSearch Spyware more information...
Details: Removes the users access to use Windows Search and replaces it with C:\WINDOWS\isrvs\desktop.exe.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ext\CLSID {17492023-C23A-453E-A040-C7C580BBF700} 1
My Search Bar Potentially Unwanted Software more information...
Status: Deleted
Infected registry entries detected
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1\CLSID {0002DF01-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1 Internet Exp1orer (Ver 1.39660)
HKEY_CLASSES_ROOT\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}
HKEY_CLASSES_ROOT\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10} _IMySearchSettingsEvents
Adw.BestOffersNetworks.RecordNRip Adware more information...
Details: Adw.BestOffersNetworks.RecordNRip is a crippled version of software which purports to allow a user to record music from their PC. This application alone does not present a threat, but is installed with several adware threats.
Status: Deleted
Infected files detected
d:\okoker easy recorder\nctaudiocdgrabber2.dll
Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\InprocServer32 D:\Okoker Easy Recorder\NCTAudioCDGrabber2.dll
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\ProgID NCTAudioCDGrabber2.AudioCDGrabber2.1
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\TypeLib {81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\VersionIndependentProgID NCTAudioCDGrabber2.AudioCDGrabber2
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4} AudioCDGrabber2 Class
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4} AppID {AD71F65D-CD13-4837-A2DC-E4D90020E7D4}
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\InprocServer32 D:\Okoker Easy Recorder\NCTAudioCDGrabber2.dll
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\ProgID NCTAudioCDGrabber2.FreeDBInformation2.1
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\TypeLib {81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\VersionIndependentProgID NCTAudioCDGrabber2.FreeDBInformation2
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} FreeDBInformation2 Class
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} AppID {AD71F65D-CD13-4837-A2DC-E4D90020E7D4}
Adw.BestOffersNetworks.IDTheftRadar Adware more information...
Details: Adw.BestOffersNetworks.IDTheftRadar purports to help guard against identity theft. This application alone does not present a threat, but is installed with several adware threats.
Status: Deleted
Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32 blank
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID warez.DocHostUIHandler
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF} Implements DocHostUIHandler
Weatherbug Low Risk Adware more information...
Details: Minibug is an adware that displays ads on to your computer.
Status: Deleted
Infected registry entries detected
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1\CLSID {0002DF01-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1 Internet Exp1orer (Ver 1.39660)
TribalFusion.com Cookie more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\yyyy\cookies\yyyy@tribalfusion[1].txt
DoubleClick Cookie more information...
Details: DoubleClick is a popular ad serving network that uses spyware cookies, to target advertising.
Status: Deleted
Infected cookies detected
c:\documents and settings\yyyy\cookies\yyyy@doubleclick[1].txt
ATDMT.com Cookie more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\yyyy\cookies\yyyy@atdmt[2].txt
Advertising.com Cookie more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\yyyy\cookies\yyyy@advertising[2].txt
-
How is your computer behaving now?
-
It's still freeze when I connect to internet and I think that it is a hardware issue that freeze my computer. Thank anyway
-
Why don't you try the XPHelp section of this forum, that freezeing could be a number of things causeing that.
-
