YPMajor

Hello! Thanks again for your help Maurice. Please keep in mind that my frustration has never been directed toward you. In fact, I'm very grateful for your help and I trust you completely. My computer was running older versions of Java and I'm glad I got rid of them. I was getting frustrated with the java installer though! Following your instructions, I was able to get HijackThis to fix the "02-BHO..." files but not the "023-Service..." file. So I decided to open the Registry Editor and look for anything "java". I ended deleting the "JavaSoft" folder within HKEY_Local_Machine/Software. I restarted the computer and tried installing JRE once more. Eureka! It finally worked! I restarted the computer, went to the java site to check which version I'm running, and it reports that I have the latest jre. Great! I hope it was OK to proceed this way? Can you please confirm? To be on the safe side, I'm including below the latest HijackThis scan of my computer. Can you please take one last look at it and let me know if you see anything suspicious? The computer seems to be running fine but I would like your opinion just in case. Thanks again for all your help... I'm doing a new full backup as soon as you confirm everything is fine! (((((((((((((((((((( HijackThis Scan )))))))))))))))))))) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:55:24 AM, on 01/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\ASUS\AASP\1.00.61\aaCenter.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\WINDOWS\System32\ups.exe C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Webroot\WebrootSecurity\SSU.EXE C:\DOCUME~1\Y-PMAJ~1\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe c:\program files\internet explorer\iexplore.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sideWinderTrayV4] "C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe" O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe" O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe" O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe" O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE" O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" O4 - HKCU\..\Run: [update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background O4 - HKCU\..\Run: [sansaDispatch] C:\Documents and Settings\Y-P Major\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219824127875 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 15239 bytes

Hello, Still not able to make this work! I scanned my computer with HijackThis and when I look for line "O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe", I notice that it says "(file missing)" at the end. I click "Fix Checked" anyway but it doesn't seem to fix anything since I get the same 023 line after a reboot and a new scan with HJT. I've pasted a copy of HJT scan below. Then I follow instructions for OTMoveIt3.exe. Here is a copy of what shows under Results once I'm done: ========== FILES ========== File/Folder C:\Program Files\Java\jre6 not found. OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11302008_205219 I restarted the computer. Then I checked Add or Remove Programs control panel. There are no "java" files of any kind to be found in there. I try installing Java but run into the same messages as I sent you about 2 posts ago. This is so weird... and frustrating! Any other idea? Thanks for your patience! (((((((((((((((((((( HijackThis Log )))))))))))))))))))) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:57:28 PM, on 30/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ASUS\AASP\1.00.61\aaCenter.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\WINDOWS\System32\ups.exe C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sideWinderTrayV4] "C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe" O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe" O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe" O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe" O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE" O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" O4 - HKCU\..\Run: [update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background O4 - HKCU\..\Run: [sansaDispatch] C:\Documents and Settings\Y-P Major\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219824127875 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 15103 bytes

Hello Maurice, I went to the website specified: http://www.java.com/en/download/installed.jsp and I clicked on "Verify Java Version". The little green dot keeps running in circle and after about a minute, I'm brought to the following page: http://www.java.com/en/download/help/testvm.xml So no luck there as well Is there a way I can kill the loading of Java at startup to be able to finish removing it totally or re-install over whatever is there?

Hello Maurice, I downloaded JavaRa and followed your instructions very carefully but it still doesn't work. I restarted the computer and tried once more without success. When I run "jre-6u10-windows-i586-p.exe", here is what happens, step by step: 1-Get the message "This software has already been installed on your computer. Would you like to reinstall it?" 2-Click Yes 3-Get the message "This action is only valid for products that are currently installed" 4-Click OK 5-Message #1 re-appears 6-Click Yes again 7-Message #3 re-appears again 8-Click OK again 9-Installer quits This is so weird. Any idea? Thanks again! Yvon-Pierre

Hello Maurice, I've been trying to implement what you suggest in the last two hours with mix success, unfortunately. Can you help again? Here are the problems so far: 1-I've removed Java and downloaded the latest version. So far so good. But every time I try to run the installer, a window pops up reporting that Java is already installed on my computer and tells me to remove it using Add/Remove Programs control panel. There is nothing called "Java" or "JRE" or "Sun Java or JRE" to remove in my Add/Remove control panel!!! And the installer stops there. 2-You ask me to de-install Adobe Reader using Add/Remove Programs but Adobe Reader is not listed in there. I've got Adobe Acrobat 8 Professional installed as part of my Adobe suite of software but not Adobe Reader, unless it's hidden somewhere. I'm waiting for your feedback. Thanks again! Yvon-Pierre P.S. DeepFreeze is a utility to protect a PC from any modifications made by humans or malware. I turn it on when the kids are using the computer. If they mess-up the settings or download virus by accident, I simply have to restart the computer to bring it back to the state it was in when I turned on DeepFreeze. Great utility... I should have left it on two weeks ago before my troubles started!!

Bingo! "My Computer" folder doesn't open automatically anymore! Thank you so much! Below are the logs that you requested. Can you please confirm if everything looks normal now? Also, I've installed quite a few security and safety utilities since my problems started. Which ones do you think I should keep? I was thinking of removing WinPatrol since this is the free version and leave installed only those utilities that I've paid for: Eset NOD32, Webroot SpySweeper and Window Washer, and Malwarebyte Anti-Malware. What do you suggest? (((((((((( OTMoveIt3 Results window )))))))))) ========== FILES ========== C:\AUTOEXEC.BAT moved successfully. I:\AutoRun.inf moved successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Applications\OpenOffice.org 3.0\Desktop.ini moved successfully. OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11292008_174439 (((((((((( HijackThis New Scan )))))))))) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:51:23 PM, on 29/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\ASUS\AASP\1.00.61\aaCenter.exe C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe C:\WINDOWS\System32\ups.exe C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Webroot\WebrootSecurity\SSU.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...rue&rm=fals e&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k9 6igf4806cy&ltmpl=default&ltmplcache=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [sideWinderTrayV4] "C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe" O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe" O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe" O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE" O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe" O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" -expressboot O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" O4 - HKCU\..\Run: [update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe" O4 - HKCU\..\Run: [sansaDispatch] C:\Documents and Settings\Y-P Major\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...QuickTime/qtact ivex/qtplugin.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...n/x86/client/mu web_site.cab?1219824127875 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 15952 bytes

Here it the new log: "Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Window Washer" = ""C:\Program Files\Webroot\Washer\wwDisp.exe"" ["Webroot Software, Inc."] "Update Manager" = ""C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background" ["Rogers Cable Communications Inc. "] "swg" = ""C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"" ["Google Inc."] "SHS" = ""C:\Program Files\Rogers\SelfHealing\SHS.exe" /background" ["Rogers Cable Communications"] "CTFMON.EXE" = ""C:\WINDOWS\system32\ctfmon.exe"" [MS] "SansaDispatch" = "C:\Documents and Settings\Y-P Major\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "TrueImageMonitor.exe" = ""C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"" ["Acronis"] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."] "SideWinderTrayV4" = ""C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe"" [MS] "RTHDCPL" = ""C:\WINDOWS\RTHDCPL.EXE"" ["Realtek Semiconductor Corp."] "RoxWatchTray" = ""C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"" ["Sonic Solutions"] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."] "POINTER" = "point32.exe" [MS] "OpwareSE2" = ""C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"" ["ScanSoft, Inc."] "nwiz" = ""C:\WINDOWS\system32\nwiz.exe" /install" ["NVIDIA Corporation"] "NvMediaCenter" = ""C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"] "CPU Power Monitor" = ""C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"" [empty string] "Cpu Level Up help" = ""C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"" [empty string] "ASUS Energy Saving" = ""C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe"" [empty string] "Alcmtr" = ""C:\WINDOWS\ALCMTR.EXE"" ["Realtek Semiconductor Corp."] "Ai Nap" = ""C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"" [null data] "Adobe_ID0EYTHM" = ""C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE"" ["Adobe Systems Incorporated"] "AcronisTimounterMonitor" = ""C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"" ["Acronis"] "Acronis Scheduler2 Service" = ""C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"" ["Acronis"] "Acrobat Assistant 8.0" = ""C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"" ["Adobe Systems Inc."] "NvCplDaemon" = ""C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "CPMonitor" = ""C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"" [null data] "WinPatrol" = ""C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" -expressboot" ["BillP Studios"] "Malwarebytes' Anti-Malware" = ""C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray" ["Malwarebytes Corporation"] "SpySweeper" = ""C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray" ["Webroot Software, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {074C1DC5-9320-4A9A-947D-C042949C6216}\(Default) = (no title provided) -> {HKLM...CLSID} = "ContributeBHO Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."] {3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided) -> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {68F9551E-0411-48E4-9AAF-4BC42A6A46BE}\(Default) = "Canon Easy Web Print Helper" -> {HKLM...CLSID} = "EWPBrowseObject Class" \InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll" [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java Plug-In SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Notifier BHO" \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll" ["Google Inc."] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."] {E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl" -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{C539A15A-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Context Menu Extension" -> {HKLM...CLSID} = "Acronis True Image Shell Context Menu Extension" \InProcServer32\(Default) = "C:\Program Files\Acronis\TrueImageHome\tishell.dll" ["Acronis"] "{C539A15B-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Extension" -> {HKLM...CLSID} = "Acronis True Image Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Acronis\TrueImageHome\tishell.dll" ["Acronis"] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{6EE51AA0-77A0-11D7-B4E1-000347126E46}" = "Window Washer Shredding Utility" -> {HKLM...CLSID} = "Window Washer Shredding Utility" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\WEBROO~1\SSCtxMnu.dll" ["Webroot Software, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <<!>> "Authentication Packages" = "msv1_0"|"relog_ap" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> DfLogon\DLLName = "LogonDll.dll" [null data] <<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"] OnlineProtectMenu\(Default) = "{48865F7A-E34C-483f-AA6F-4AA38E2C3FC4}" -> {HKLM...CLSID} = "OnlineProtectMenu Class" \InProcServer32\(Default) = "C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll" ["SOS Online Backup"] RXDCExtSvr\(Default) = "{70D0238E-E029-4a94-B68D-182018B6C4FF}" -> {HKLM...CLSID} = "RXDCExtShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Roxio Creator 2009\Virtual Drive 11\DC_ShellExt.dll" ["Sonic Solutions"] Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}" -> {HKLM...CLSID} = "Window Washer Shredding Utility" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"] Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}" -> {HKLM...CLSID} = "Window Washer Shredding Utility" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] OnlineProtectMenu\(Default) = "{48865F7A-E34C-483f-AA6F-4AA38E2C3FC4}" -> {HKLM...CLSID} = "OnlineProtectMenu Class" \InProcServer32\(Default) = "C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll" ["SOS Online Backup"] RXDCExtSvr\(Default) = "{70D0238E-E029-4a94-B68D-182018B6C4FF}" -> {HKLM...CLSID} = "RXDCExtShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Roxio Creator 2009\Virtual Drive 11\DC_ShellExt.dll" ["Sonic Solutions"] SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\WEBROO~1\SSCtxMnu.dll" ["Webroot Software, Inc."] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\WEBROO~1\SSCtxMnu.dll" ["Webroot Software, Inc."] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AdobePremiereProCS3CameraArrival\ "Provider" = "Adobe Premiere Pro" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\Adobe\Adobe Premiere Pro CS3\Adobe Premiere Pro.exe"" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] BridgeCS3ImportMediaOnArrival\ "Provider" = "Adobe Bridge CS3" "InvokeProgID" = "Adobe.adobebridge" "InvokeVerb" = "launch" HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."] CanonCW50PicturesOnArrival\ "Provider" = "Canon CameraWindow" "InvokeProgID" = "Cw50.AutoplayHandler" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Cw50.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\CameraWindow\CameraWindowMC\CameraLauncher.exe" ["Canon Inc."] CanonMPN22PictureOnArrival\ "Provider" = "MP Navigator Ver2.2" "InvokeProgID" = "MPNavigator22.AutoplayHandler" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\MPNavigator22.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\MP Navigator 2.2\mpn22.exe /AUTOPLAY %1" ["CANON INC."] CanonZB4PicturesOnArrival\ "Provider" = "ZoomBrowser EX" "InvokeProgID" = "Zb.AutoplayHandler" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe /AUTOPLAY "%1"" [empty string] CinePlayerDVD\ "Provider" = "Roxio CinePlayer" "InvokeProgID" = "CinePlayer.PLAYDVD" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\CinePlayer.PLAYDVD\shell\Play\Command\(Default) = "C:\Program Files\Roxio Creator 2009\5.0\CinePlayer.exe %l" ["Sonic Solutions"] DVDClonerBackupDVDMovieOnArrival\ "Provider" = "DVD Cloner" "InvokeProgID" = "DvdClonerV" "InvokeVerb" = "Backup using DVD-Cloner V" HKLM\SOFTWARE\Classes\DvdClonerV\shell\Backup using DVD-Cloner V\command\(Default) = "C:\Program Files\Dvd-cloner\dvd-cloner5.exe" ["DVD COLONER INC."] InterActualPlayerPlayDVDVideoArrival\ "Provider" = "InterActual Player" "InvokeProgID" = "InterActualPlayer.PlayDVD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\InterActualPlayer.PlayDVD\shell\play\command\(Default) = "C:\Program Files\InterActual\InterActual Player\iPlayer.exe -startup=autorun" ["Sonic Solutions"] MediaCapture11Photos\ "Provider" = "Media Import" "InvokeProgID" = "RoxioMediaCapture11" "InvokeVerb" = "Photo" HKLM\SOFTWARE\Classes\RoxioMediaCapture11\shell\Photo\command\(Default) = "C:\Program Files\Roxio Creator 2009\Media Import 11\MediaCapture11.exe -photo %L" ["Sonic Solutions"] MediaCapture11VideoCamera\ "Provider" = "Media Import" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Program Files\Roxio Creator 2009\Media Import 11\MediaCapture11.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] MediaCapture11Videos\ "Provider" = "Media Import" "InvokeProgID" = "RoxioMediaCapture11" "InvokeVerb" = "Video" HKLM\SOFTWARE\Classes\RoxioMediaCapture11\shell\Video\command\(Default) = "C:\Program Files\Roxio Creator 2009\Media Import 11\MediaCapture11.exe -video %L" ["Sonic Solutions"] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] RoxioCreator10PlayCDAudioOnArrival\ "Provider" = "Roxio Creator Classic" "InvokeProgID" = "Creator11" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Creator11\shell\open\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Creator Classic 11\Creator11.exe" ["Sonic Solutions"] RoxioSCAudioCDTask45\ "Provider" = "Roxio Central Audio" "InvokeProgID" = "Roxio.RoxioCentral45" "InvokeVerb" = "AudioCDTask" HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\AudioCDTask\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 10253C4C-229D-4c87-8D1D-169EFDFED869" [null data] RoxioSCCopyCD45\ "Provider" = "Roxio Central Copy" "InvokeProgID" = "Roxio.RoxioCentral45" "InvokeVerb" = "ExactCopyJob" HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\ExactCopyJob\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 20C35DAF-3B5B-4c2d-9DCD-5C866838F5CC" [null data] RoxioSCCopyDisc45\ "Provider" = "Roxio Central Copy" "InvokeProgID" = "Roxio.RoxioCentral45" "InvokeVerb" = "ExactCopyJob" HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\ExactCopyJob\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 20C35DAF-3B5B-4c2d-9DCD-5C866838F5CC" [null data] RoxioSCDataProject45\ "Provider" = "Roxio Central Data" "InvokeProgID" = "Roxio.RoxioCentral45" "InvokeVerb" = "DataGuide" HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\DataGuide\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 1FA905E4-5763-4ba8-999A-5E104D3CDE8C" [null data] RoxioSCDataTask45\ "Provider" = "Roxio Central Data" "InvokeProgID" = "Roxio.RoxioCentral45" "InvokeVerb" = "DataTask" HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\DataTask\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 9CA0EEEE-5BC5-41e9-8242-BEE21643FFF0" [null data] RPCDBurningOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.CDBurn.6" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."] RPDeviceOnArrival\ "Provider" = "RealPlayer" "ProgID" = "RealPlayer.HWEventHandler" HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}" -> {HKLM...CLSID} = "RealNetworks Scheduler" \LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."] RPPlayCDAudioOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AudioCD.6" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."] RPPlayDVDMovieOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.DVD.6" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."] RPPlayMediaOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AutoPlay.6" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."] Startup items in "Y-P Major" & "All Users" startup folders: ----------------------------------------------------------- C:\Documents and Settings\Y-P Major\Start Menu\Programs\Startup "OpenOffice.org 3.0" -> shortcut to: "" [file not found] C:\Documents and Settings\All Users\Start Menu\Programs\Startup "APC UPS Status" -> shortcut to: "C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe" ["American Power Conversion Corporation"] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE" [MS] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] "Malwarebytes' Scheduled Scan for Y-P Major" -> launches: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /quickscanterminate" ["Malwarebytes Corporation"] "Malwarebytes' Scheduled Update for Y-P Major" -> launches: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runupdate" ["Malwarebytes Corporation"] "UPS System Shutdown Program" -> WARNING -- The file "UPS System Shutdown Program.job" is corrupt! (no executable) "wrSpySweeper_L6F0734F7AB7E49AF87136D3A2A6BE246" -> launches: "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /ScheduleSweep=wrSpySweeper_L6F0734F7AB7E49AF87136D3A2A6BE246" ["Webroot Software, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."] 000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS] 000000000006\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" = (no title provided) -> {HKLM...CLSID} = "Contribute Toolbar" \InProcServer32\(Default) = "C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."] "{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint" -> {HKLM...CLSID} = "Easy-WebPrint" \InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ "MenuText" = "Spybot - Search & Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."] Acronis Scheduler2 Service, AcrSch2Svc, ""C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"" ["Acronis"] Acronis Try And Decide Service, TryAndDecideService, ""C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe"" [null data] APC UPS Service, APC UPS Service, "C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe" ["American Power Conversion Corporation"] Canon Camera Access Library 8, CCALib8, "C:\Program Files\Canon\CAL\CALMAIN.exe" ["Canon Inc."] DF5Serv, DF5Serv, "C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe" ["Faronics Corporation"] Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"] FLEXnet Licensing Service, FLEXnet Licensing Service, ""C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"" ["Macrovision Europe Ltd."] Google Updater Service, gusvc, ""C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"] IPv6 Helper Service, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]} Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."] MBAMService, MBAMService, ""C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"" ["Malwarebytes Corporation"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Simple TCP/IP Services, SimpTcp, "C:\WINDOWS\system32\tcpsvcs.exe" [MS] Webroot Client Service, WRConsumerService, ""C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe"" ["Webroot Software, Inc. "] Webroot Spy Sweeper Engine, WebrootSpySweeperService, ""C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe"" ["Webroot Software, Inc. (www.webroot.com)"] Window Washer Engine, wwEngineSvc, "C:\Program Files\Webroot\Washer\WasherSvc.exe" ["Webroot Software, Inc."] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Keyboard Driver Filters: ------------------------ HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ "UpperFilters" = <<!>> "DeepFrz" ["Faronics Corporation"] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."] Brother QL-550 Monitor\Driver = "PTQL5L.DLL" ["Brother Industries, Ltd."] Canon BJ Language Monitor MP830\Driver = "CNMLM7Q.DLL" ["CANON INC."] Canon MP FAX Language Monitor MP830\Driver = "CNCF2Lb.DLL" ["Canon Inc."] HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"] ---------- (launch time: 2008-11-29 16:42:57) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 268 seconds. ---------- (total run time: 288 seconds)

Hello again! I followed your instructions. Here is the OTMoveIt Log: ========== FILES ========== C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini moved successfully. C:\Documents and Settings\Y-P Major\Start Menu\Programs\Startup\desktop.ini moved successfully. OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11292008_160300 Unfortunately, "My Computer" folder still opens after startup. I restarted the compuer twice to be sure but the window always appear. I felt like deleting all "desktop.ini" files that I could find but decided instead to wait for your next instructions. Still hopeful! Yvon-Pierre

Hello Maurice, Thanks again for your help and for sticking with me. I was away all day yesterday and got home way too late to reply earlier. You will find below the info you requested. In C:\Documents and Settings\All Users\Start Menu\Programs\Startup, I found only one INI file ("desktop.ini") dated Aug 27, 2008 Same thing with C:\Documents and Settings\Y-P Major\Start Menu\Programs\Startup, I found only one INI file ("desktop.ini") dated Aug 27, 2008 Elsewhere in "All Users", I found one "desktop.ini" in each of the following locations (all dated Aug 27, 2008 unless stated otherwise below): -C:\Documents and Settings\All Users\Start Menu -C:\Documents and Settings\All Users\Start Menu\Programs -C:\Documents and Settings\All Users\Start Menu\Programs\Accessories (Sep 7, 2008) -C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility -C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications -C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment -C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools -C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools -C:\Documents and Settings\All Users\Start Menu\Programs\Applications\OpenOffice.org 3.0 (Nov 8, 2008) -C:\Documents and Settings\All Users\Start Menu\Programs\Games (Oct 17, 2008) System Properties reports that I'm running, and I quote, "Microsoft Windows XP Professional Version 2002 Service Pack 3". So yes, it is the English version and I presume it is the Canadian version since I purchased the computer in Canada (((((((((((((((((((( SilentRunners Log )))))))))))))))))))) "Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Window Washer" = ""C:\Program Files\Webroot\Washer\wwDisp.exe"" ["Webroot Software, Inc."] "Update Manager" = ""C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background" ["Rogers Cable Communications Inc. "] "swg" = ""C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"" ["Google Inc."] "SHS" = ""C:\Program Files\Rogers\SelfHealing\SHS.exe" /background" ["Rogers Cable Communications"] "CTFMON.EXE" = ""C:\WINDOWS\system32\ctfmon.exe"" [MS] "SansaDispatch" = "C:\Documents and Settings\Y-P Major\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "TrueImageMonitor.exe" = ""C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"" ["Acronis"] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."] "SideWinderTrayV4" = ""C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe"" [MS] "RTHDCPL" = ""C:\WINDOWS\RTHDCPL.EXE"" ["Realtek Semiconductor Corp."] "RoxWatchTray" = ""C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"" ["Sonic Solutions"] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."] "POINTER" = "point32.exe" [MS] "OpwareSE2" = ""C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"" ["ScanSoft, Inc."] "nwiz" = ""C:\WINDOWS\system32\nwiz.exe" /install" ["NVIDIA Corporation"] "NvMediaCenter" = ""C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"] "CPU Power Monitor" = ""C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"" [empty string] "Cpu Level Up help" = ""C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"" [empty string] "ASUS Energy Saving" = ""C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe"" [empty string] "Alcmtr" = ""C:\WINDOWS\ALCMTR.EXE"" ["Realtek Semiconductor Corp."] "Ai Nap" = ""C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"" [null data] "Adobe_ID0EYTHM" = ""C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE"" ["Adobe Systems Incorporated"] "AcronisTimounterMonitor" = ""C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"" ["Acronis"] "Acronis Scheduler2 Service" = ""C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"" ["Acronis"] "Acrobat Assistant 8.0" = ""C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"" ["Adobe Systems Inc."] "NvCplDaemon" = ""C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "CPMonitor" = ""C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"" [null data] "WinPatrol" = ""C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" -expressboot" ["BillP Studios"] "Malwarebytes' Anti-Malware" = ""C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray" ["Malwarebytes Corporation"] "SpySweeper" = ""C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray" ["Webroot Software, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {074C1DC5-9320-4A9A-947D-C042949C6216}\(Default) = (no title provided) -> {HKLM...CLSID} = "ContributeBHO Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."] {3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided) -> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {68F9551E-0411-48E4-9AAF-4BC42A6A46BE}\(Default) = "Canon Easy Web Print Helper" -> {HKLM...CLSID} = "EWPBrowseObject Class" \InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll" [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java Plug-In SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Notifier BHO" \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll" ["Google Inc."] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."] {E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl" -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{C539A15A-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Context Menu Extension" -> {HKLM...CLSID} = "Acronis True Image Shell Context Menu Extension" \InProcServer32\(Default) = "C:\Program Files\Acronis\TrueImageHome\tishell.dll" ["Acronis"] "{C539A15B-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Extension" -> {HKLM...CLSID} = "Acronis True Image Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Acronis\TrueImageHome\tishell.dll" ["Acronis"] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{6EE51AA0-77A0-11D7-B4E1-000347126E46}" = "Window Washer Shredding Utility" -> {HKLM...CLSID} = "Window Washer Shredding Utility" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\WEBROO~1\SSCtxMnu.dll" ["Webroot Software, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <<!>> "Authentication Packages" = "msv1_0"|"relog_ap" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> DfLogon\DLLName = "LogonDll.dll" [null data] <<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"] OnlineProtectMenu\(Default) = "{48865F7A-E34C-483f-AA6F-4AA38E2C3FC4}" -> {HKLM...CLSID} = "OnlineProtectMenu Class" \InProcServer32\(Default) = "C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll" ["SOS Online Backup"] RXDCExtSvr\(Default) = "{70D0238E-E029-4a94-B68D-182018B6C4FF}" -> {HKLM...CLSID} = "RXDCExtShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Roxio Creator 2009\Virtual Drive 11\DC_ShellExt.dll" ["Sonic Solutions"] Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}" -> {HKLM...CLSID} = "Window Washer Shredding Utility" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"] Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}" -> {HKLM...CLSID} = "Window Washer Shredding Utility" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] OnlineProtectMenu\(Default) = "{48865F7A-E34C-483f-AA6F-4AA38E2C3FC4}" -> {HKLM...CLSID} = "OnlineProtectMenu Class" \InProcServer32\(Default) = "C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll" ["SOS Online Backup"] RXDCExtSvr\(Default) = "{70D0238E-E029-4a94-B68D-182018B6C4FF}" -> {HKLM...CLSID} = "RXDCExtShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Roxio Creator 2009\Virtual Drive 11\DC_ShellExt.dll" ["Sonic Solutions"] SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\WEBROO~1\SSCtxMnu.dll" ["Webroot Software, Inc."] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\WEBROO~1\SSCtxMnu.dll" ["Webroot Software, Inc."] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AdobePremiereProCS3CameraArrival\ "Provider" = "Adobe Premiere Pro" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\Adobe\Adobe Premiere Pro CS3\Adobe Premiere Pro.exe"" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] BridgeCS3ImportMediaOnArrival\ "Provider" = "Adobe Bridge CS3" "InvokeProgID" = "Adobe.adobebridge" "InvokeVerb" = "launch" HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."] CanonCW50PicturesOnArrival\ "Provider" = "Canon CameraWindow" "InvokeProgID" = "Cw50.AutoplayHandler" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Cw50.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\CameraWindow\CameraWindowMC\CameraLauncher.exe" ["Canon Inc."] CanonMPN22PictureOnArrival\ "Provider" = "MP Navigator Ver2.2" "InvokeProgID" = "MPNavigator22.AutoplayHandler" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\MPNavigator22.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\MP Navigator 2.2\mpn22.exe /AUTOPLAY %1" ["CANON INC."] CanonZB4PicturesOnArrival\ "Provider" = "ZoomBrowser EX" "InvokeProgID" = "Zb.AutoplayHandler" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe /AUTOPLAY "%1"" [empty string] CinePlayerDVD\ "Provider" = "Roxio CinePlayer" "InvokeProgID" = "CinePlayer.PLAYDVD" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\CinePlayer.PLAYDVD\shell\Play\Command\(Default) = "C:\Program Files\Roxio Creator 2009\5.0\CinePlayer.exe %l" ["Sonic Solutions"] DVDClonerBackupDVDMovieOnArrival\ "Provider" = "DVD Cloner" "InvokeProgID" = "DvdClonerV" "InvokeVerb" = "Backup using DVD-Cloner V" HKLM\SOFTWARE\Classes\DvdClonerV\shell\Backup using DVD-Cloner V\command\(Default) = "C:\Program Files\Dvd-cloner\dvd-cloner5.exe" ["DVD COLONER INC."] InterActualPlayerPlayDVDVideoArrival\ "Provider" = "InterActual Player" "InvokeProgID" = "InterActualPlayer.PlayDVD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\InterActualPlayer.PlayDVD\shell\play\command\(Default) = "C:\Program Files\InterActual\InterActual Player\iPlayer.exe -startup=autorun" ["Sonic Solutions"] MediaCapture11Photos\ "Provider" = "Media Import" "InvokeProgID" = "RoxioMediaCapture11" "InvokeVerb" = "Photo" HKLM\SOFTWARE\Classes\RoxioMediaCapture11\shell\Photo\command\(Default) = "C:\Program Files\Roxio Creator 2009\Media Import 11\MediaCapture11.exe -photo %L" ["Sonic Solutions"] MediaCapture11VideoCamera\ "Provider" = "Media Import" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Program Files\Roxio Creator 2009\Media Import 11\MediaCapture11.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] MediaCapture11Videos\ "Provider" = "Media Import" "InvokeProgID" = "RoxioMediaCapture11" "InvokeVerb" = "Video" HKLM\SOFTWARE\Classes\RoxioMediaCapture11\shell\Video\command\(Default) = "C:\Program Files\Roxio Creator 2009\Media Import 11\MediaCapture11.exe -video %L" ["Sonic Solutions"] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] RoxioCreator10PlayCDAudioOnArrival\ "Provider" = "Roxio Creator Classic" "InvokeProgID" = "Creator11" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Creator11\shell\open\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Creator Classic 11\Creator11.exe" ["Sonic Solutions"] RoxioSCAudioCDTask45\ "Provider" = "Roxio Central Audio" "InvokeProgID" = "Roxio.RoxioCentral45" "InvokeVerb" = "AudioCDTask" HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\AudioCDTask\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 10253C4C-229D-4c87-8D1D-169EFDFED869" [null data] RoxioSCCopyCD45\ "Provider" = "Roxio Central Copy" "InvokeProgID" = "Roxio.RoxioCentral45" "InvokeVerb" = "ExactCopyJob" HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\ExactCopyJob\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 20C35DAF-3B5B-4c2d-9DCD-5C866838F5CC" [null data] RoxioSCCopyDisc45\ "Provider" = "Roxio Central Copy" "InvokeProgID" = "Roxio.RoxioCentral45" "InvokeVerb" = "ExactCopyJob" HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\ExactCopyJob\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 20C35DAF-3B5B-4c2d-9DCD-5C866838F5CC" [null data] RoxioSCDataProject45\ "Provider" = "Roxio Central Data" "InvokeProgID" = "Roxio.RoxioCentral45" "InvokeVerb" = "DataGuide" HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\DataGuide\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 1FA905E4-5763-4ba8-999A-5E104D3CDE8C" [null data] RoxioSCDataTask45\ "Provider" = "Roxio Central Data" "InvokeProgID" = "Roxio.RoxioCentral45" "InvokeVerb" = "DataTask" HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\DataTask\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 9CA0EEEE-5BC5-41e9-8242-BEE21643FFF0" [null data] RPCDBurningOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.CDBurn.6" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."] RPDeviceOnArrival\ "Provider" = "RealPlayer" "ProgID" = "RealPlayer.HWEventHandler" HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}" -> {HKLM...CLSID} = "RealNetworks Scheduler" \LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."] RPPlayCDAudioOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AudioCD.6" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."] RPPlayDVDMovieOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.DVD.6" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."] RPPlayMediaOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AutoPlay.6" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."] Startup items in "Y-P Major" & "All Users" startup folders: ----------------------------------------------------------- C:\Documents and Settings\Y-P Major\Start Menu\Programs\Startup "OpenOffice.org 3.0" -> shortcut to: "" [file not found] C:\Documents and Settings\All Users\Start Menu\Programs\Startup "APC UPS Status" -> shortcut to: "C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe" ["American Power Conversion Corporation"] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE" [MS] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] "Malwarebytes' Scheduled Scan for Y-P Major" -> launches: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /quickscanterminate" ["Malwarebytes Corporation"] "Malwarebytes' Scheduled Update for Y-P Major" -> launches: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runupdate" ["Malwarebytes Corporation"] "UPS System Shutdown Program" -> WARNING -- The file "UPS System Shutdown Program.job" is corrupt! (no executable) "wrSpySweeper_L6F0734F7AB7E49AF87136D3A2A6BE246" -> launches: "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /ScheduleSweep=wrSpySweeper_L6F0734F7AB7E49AF87136D3A2A6BE246" ["Webroot Software, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."] 000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS] 000000000006\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" = (no title provided) -> {HKLM...CLSID} = "Contribute Toolbar" \InProcServer32\(Default) = "C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."] "{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint" -> {HKLM...CLSID} = "Easy-WebPrint" \InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ "MenuText" = "Spybot - Search & Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."] Acronis Scheduler2 Service, AcrSch2Svc, ""C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"" ["Acronis"] Acronis Try And Decide Service, TryAndDecideService, ""C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe"" [null data] APC UPS Service, APC UPS Service, "C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe" ["American Power Conversion Corporation"] Canon Camera Access Library 8, CCALib8, "C:\Program Files\Canon\CAL\CALMAIN.exe" ["Canon Inc."] DF5Serv, DF5Serv, "C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe" ["Faronics Corporation"] Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"] FLEXnet Licensing Service, FLEXnet Licensing Service, ""C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"" ["Macrovision Europe Ltd."] Google Updater Service, gusvc, ""C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"] IPv6 Helper Service, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]} Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."] MBAMService, MBAMService, ""C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"" ["Malwarebytes Corporation"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Simple TCP/IP Services, SimpTcp, "C:\WINDOWS\system32\tcpsvcs.exe" [MS] Webroot Client Service, WRConsumerService, ""C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe"" ["Webroot Software, Inc. "] Webroot Spy Sweeper Engine, WebrootSpySweeperService, ""C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe"" ["Webroot Software, Inc. (www.webroot.com)"] Window Washer Engine, wwEngineSvc, "C:\Program Files\Webroot\Washer\WasherSvc.exe" ["Webroot Software, Inc."] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Keyboard Driver Filters: ------------------------ HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ "UpperFilters" = <<!>> "DeepFrz" ["Faronics Corporation"] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."] Brother QL-550 Monitor\Driver = "PTQL5L.DLL" ["Brother Industries, Ltd."] Canon BJ Language Monitor MP830\Driver = "CNMLM7Q.DLL" ["CANON INC."] Canon MP FAX Language Monitor MP830\Driver = "CNCF2Lb.DLL" ["Canon Inc."] HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"] ---------- (launch time: 2008-11-29 13:04:01) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 17 seconds, including 4 seconds for message boxes)

Hello 1972vet, As requested, I've copied the content of the text.txt file below. But before going on, I need to clarify something. I opened a thread on the same subject 4 days ago but nobody was replying. In my ignorance (and in panic with my computer problem), I thought I had to open another thread to get noticed. So I opend this thread the next day. But Maurice Naggard started working on my first thread today. Since he replied to my first message, I assumed it was OK to let both threads go. Maurice brought this to my attention and explained that we should not have two threads on the same subject. I'm sorry for creating this problem - this is a true rookie mistake! Maurice will most likely get in contact with you to sort this out. Like I told Maurice, I really appreciate the help I've received so far and I hope that one of you will continue with my case. So here is the content of the file you requested: (((((((((((((((((((( text.txt )))))))))))))))))))) Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=dword:00000001 "DefaultDomainName"="Y-P-P5K-SE" "DefaultUserName"="Y-P Major" "LegalNoticeCaption"="" "LegalNoticeText"="" "PowerdownAfterShutdown"="0" "ReportBootOk"="1" "Shell"="Explorer.exe" "ShutdownWithoutLogon"="0" "System"="" "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\"" "SfcQuota"=dword:ffffffff "allocatecdroms"="0" "allocatedasd"="0" "allocatefloppies"="0" "cachedlogonscount"="10" "forceunlocklogon"=dword:00000000 "passwordexpirywarning"=dword:0000000e "scremoveoption"="0" "AllowMultipleTSSessions"=dword:00000001 "UIHost"=hex(2):6c,00,6f,00,67,00,6f,00,6e,00,75,00,69,00,2e,00,65,00,78,00,65,\ 00,00,00 "LogonType"=dword:00000001 "Background"="0 0 0" "DebugServerCommand"="no" "SFCDisable"=dword:00000000 "WinStationsDisabled"="0" "HibernationPreviouslyEnabled"=dword:00000001 "ShowLogonOptions"=dword:00000000 "AltDefaultUserName"="Y-P Major" "AltDefaultDomainName"="Y-P-P5K-SE" "ChangePasswordUseKerberos"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}] @="Wireless" "ProcessGroupPolicy"="ProcessWIRELESSPolicy" "DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\ 00,00 "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}] @="Folder Redirection" "ProcessGroupPolicyEx"="ProcessGroupPolicyEx" "DllName"=hex(2):66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "NoMachinePolicy"=dword:00000001 "NoSlowLink"=dword:00000001 "PerUserLocalSettings"=dword:00000001 "NoGPOListChanges"=dword:00000000 "NoBackgroundPolicy"=dword:00000000 "GenerateGroupPolicy"="GenerateGroupPolicy" "EventSources"=hex(7):28,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,\ 00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,2c,00,41,00,70,00,\ 70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,29,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] @="Microsoft Disk Quota" "NoMachinePolicy"=dword:00000000 "NoUserPolicy"=dword:00000001 "NoSlowLink"=dword:00000001 "NoBackgroundPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "PerUserLocalSettings"=dword:00000000 "RequiresSuccessfulRegistry"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000000 "DllName"=hex(2):64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "ProcessGroupPolicy"="ProcessGroupPolicy" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}] @="QoS Packet Scheduler" "ProcessGroupPolicy"="ProcessPSCHEDPolicy" "DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\ 00,00 "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}] @="Scripts" "ProcessGroupPolicy"="ProcessScriptsGroupPolicy" "ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx" "GenerateGroupPolicy"="GenerateScriptsGroupPolicy" "DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\ 00,00 "NoSlowLink"=dword:00000001 "NoGPOListChanges"=dword:00000001 "NotifyLinkTransition"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}] @="Internet Explorer Zonemapping" "DllName"=hex(2):69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap" "NoGPOListChanges"=dword:00000001 "RequiresSucessfulRegistry"=dword:00000001 "DisplayName"=hex(2):40,00,69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,31,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] "ProcessGroupPolicy"="SceProcessSecurityPolicyGPO" "GenerateGroupPolicy"="SceGenerateGroupPolicy" "ExtensionRsopPlanningDebugLevel"=dword:00000001 "ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx" "ExtensionDebugLevel"=dword:00000001 "DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\ 00,00 @="Security" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 "MaxNoGPOListChangesInterval"=dword:000003c0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}] "ProcessGroupPolicyEx"="ProcessGroupPolicyEx" "GenerateGroupPolicy"="GenerateGroupPolicy" "ProcessGroupPolicy"="ProcessGroupPolicy" "DllName"="iedkcs32.dll" @="Internet Explorer Branding" "NoSlowLink"=dword:00000001 "NoBackgroundPolicy"=dword:00000000 "NoGPOListChanges"=dword:00000001 "NoMachinePolicy"=dword:00000001 "DisplayName"=hex(2):40,00,69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,31,00,34,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}] "ProcessGroupPolicy"="SceProcessEFSRecoveryGPO" "DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\ 00,00 @="EFS recovery" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "RequiresSuccessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}] @="802.3 Group Policy" "DisplayName"=hex(2):40,00,64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,\ 00,74,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00 "ProcessGroupPolicyEx"="ProcessLANPolicyEx" "GenerateGroupPolicy"="GenerateLANPolicy" "DllName"=hex(2):64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,00,74,00,\ 2e,00,64,00,6c,00,6c,00,00,00 "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}] @="Microsoft Offline Files" "DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\ 00,73,00,63,00,75,00,69,00,2e,00,64,00,6c,00,6c,00,00,00 "EnableAsynchronousProcessing"=dword:00000000 "NoBackgroundPolicy"=dword:00000000 "NoGPOListChanges"=dword:00000000 "NoMachinePolicy"=dword:00000000 "NoSlowLink"=dword:00000000 "NoUserPolicy"=dword:00000001 "PerUserLocalSettings"=dword:00000000 "ProcessGroupPolicy"="ProcessGroupPolicy" "RequiresSuccessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}] @="Software Installation" "DllName"=hex(2):61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx" "GenerateGroupPolicy"="GenerateGroupPolicy" "NoBackgroundPolicy"=dword:00000000 "RequiresSucessfulRegistry"=dword:00000000 "NoSlowLink"=dword:00000001 "PerUserLocalSettings"=dword:00000001 "EventSources"=hex(7):28,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\ 00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,\ 74,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\ 00,29,00,00,00,28,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\ 6c,00,65,00,72,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\ 00,6f,00,6e,00,29,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}] @="IP Security" "ProcessGroupPolicy"="ProcessIPSECPolicy" "DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\ 00,00 "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DfLogon] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "Startup"="DfEventStartup" "DllName"=hex(2):4c,00,6f,00,67,00,6f,00,6e,00,44,00,6c,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] "Asynchronous"=dword:00000001 "DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\ 00,69,00,6d,00,73,00,6e,00,74,00,66,00,79,00,2e,00,64,00,6c,00,6c,00,00,00 "Startup"="WlDimsStartup" "Shutdown"="WlDimsShutdown" "Logon"="WlDimsLogon" "Logoff"="WlDimsLogoff" "StartShell"="WlDimsStartShell" "Lock"="WlDimsLock" "Unlock"="WlDimsUnlock" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] "Logon"="WLEventLogon" "Logoff"="WLEventLogoff" "Startup"="WLEventStartup" "Shutdown"="WLEventShutdown" "StartScreenSaver"="WLEventStartScreenSaver" "StopScreenSaver"="WLEventStopScreenSaver" "Lock"="WLEventLock" "Unlock"="WLEventUnlock" "StartShell"="WLEventStartShell" "PostShell"="WLEventPostShell" "Disconnect"="WLEventDisconnect" "Reconnect"="WLEventReconnect" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000000 "SafeMode"=dword:00000001 "MaxWait"=dword:ffffffff "DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Event"=dword:00000000 "InstallEvent"="1.8.0031.9" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings] @="" "Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\ 00,00,7e,c0,93,6a,39,e0,b1,4a,a0,97,55,1e,5c,17,96,80,04,00,00,00,04,00,00,\ 00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,df,6e,b8,0b,6c,73,06,3a,\ 24,c1,2c,cb,db,bd,9f,d1,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,27,\ 8f,67,4d,b4,53,5b,be,39,7e,be,30,91,99,0e,56,b0,01,00,00,6d,7c,49,8c,cc,99,\ 23,60,0a,ea,75,94,1a,89,47,ef,30,5a,ba,68,1c,00,d5,dd,b4,3d,42,0c,1d,ea,58,\ f6,5b,d7,9f,57,e0,b3,89,f6,27,66,5b,70,ad,32,56,0f,6e,30,ad,b7,fc,c1,26,3d,\ 2d,ef,cb,f1,48,90,75,65,34,91,b1,5d,d3,d9,e2,90,c0,8f,6b,ad,26,f3,d0,cb,dc,\ 79,a1,5c,b2,2f,73,36,2a,5d,12,ce,aa,57,66,a5,52,1d,8e,df,1c,8d,45,5a,e0,7a,\ d3,f3,42,08,29,e5,e7,b5,f7,ce,26,0f,21,73,df,7a,7a,7b,db,85,5e,d6,03,66,b3,\ 66,2e,39,37,b7,6b,f6,47,b8,11,40,a6,b5,e6,e2,83,8c,06,a9,d9,0e,39,96,84,44,\ 83,93,5c,65,27,14,e3,23,38,ab,5f,32,f5,d6,86,cf,d9,29,5c,8e,25,19,95,a3,f9,\ d8,eb,e2,cc,46,da,93,b9,92,7e,b1,4f,a0,e5,4d,e1,72,d7,61,ab,0b,32,de,97,08,\ 16,55,6b,61,37,ce,ee,21,18,fd,22,98,f9,d0,92,81,4f,c0,7e,96,08,29,6f,a4,b0,\ 33,27,0d,19,84,87,6b,91,27,84,61,fa,d9,7e,47,3a,17,fb,ab,9a,af,11,ba,ed,86,\ d5,b6,83,80,a9,23,4e,b2,10,1b,a2,2c,38,e0,35,b4,08,4a,2c,21,a0,4b,d2,76,d4,\ 20,59,1d,00,17,61,9a,12,1b,98,84,6e,fe,f3,00,75,55,20,03,bc,ad,63,e5,87,50,\ b9,6a,c6,31,bd,f2,ca,5b,9e,f9,f8,01,55,a2,6a,da,2e,da,1e,81,a3,50,70,a9,76,\ 9f,66,a1,f5,ee,05,1c,a3,71,31,e8,f9,d5,3b,d1,e5,5c,f0,ca,da,18,50,2a,9c,79,\ 05,75,1c,e0,ca,0e,d6,c2,ff,a7,d3,2a,a7,99,62,1d,40,dd,d0,b3,fe,02,ac,e6,af,\ 65,a2,b8,b7,92,7f,62,ba,0d,da,c1,69,68,76,6f,b9,51,db,f2,ee,eb,94,92,27,d2,\ 8c,77,ed,0a,52,b8,a4,99,3e,97,be,3a,2c,5f,cc,c4,10,e4,85,e1,ed,24,24,97,2b,\ bc,14,00,00,00,51,e7,4d,26,bc,d9,47,ab,20,2b,6b,1c,89,ca,ce,79,18,39,be,f6 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList] "HelpAssistant"=dword:00000000 "TsInternetUser"=dword:00000000 "SQLAgentCmdExec"=dword:00000000 "NetShowServices"=dword:00000000 "IWAM_"=dword:00010000 "IUSR_"=dword:00010000 "VUSR_"=dword:00010000

Hello Maurice, Sorry for the double post but please be assured that I didn't do this on purpose. This is my first time asking for help with my computer online. Since I didn't get a reply to my first post (the one you replied to) after some time, I thought that my subject headings was not good enough. So I posted again. I was surprised to see your reply but assumed that since you did reply, it was OK to proceed. I really appreciate the help I've received so far. I hope one of you will continue helping with my case. Can you please work this out so that the person with the most experience with my kind of problem can keep going? Sorry again for the inconvenience and thanks for your understanding, Yvon-Pierre

Hello Maurice, Thanks for your reply. I did everything you suggested. You will find below a copy of both scans from OTListIt.exe. But before I thought I would give you the background on how my troubles started. While browsing the internet last week, NOD32 reported an intrusion and quarantined the files (but I could not figure out how to remove them). Eventually, I started seeing an alert reporting that "Windows has detected spyware infection". Then a scan started on its own and I could not stop it. After a few minutes, a message appeared reporting that my computer was infected with ipexewin.exe, audiopitusr.exe, and exeiptransfer.exe. I did not download the software they were recommending. Instead I tried to research these files on the internet but my browser (IE7) kept opening other pages than the ones I was asking for. So I used another computer and eventually found and downloaded Malwarebyte Anti-Malware. I transfered this utility to my infected computer using a USB key. I ran the utility and it reported that it had removed all threats. I thought I was OK. But weird things keep happening more than one week later and I can't fix them, no matter what I try: -The computer takes more time to startup -"My Computer" folder always open at startup -When I start my IE7 browser, it always opens in a smaller window even though I maximize it every time (it seems windows size settings are not kept) -I'm receiving spam emails from my own email address -My security utilities task tray icons get disabled randomly at startup: the first time it was NOD32, then Malwarebyte Anti-Malware, and then, Webroot SpySweeper. I've run multiples scans using MBAM, NOD32, and SpySweeper but they always report that everything is fine. During all of this, I also ran the Startup Manager module within Advanced System Optimizer to see if it would help. I deleted the startup icon for "SpyNoMore" (SNM.exe) but it kept showing in the list every time I restarted the Startup Manager. So I concluded that Advanced System Optimizer was not working properly and uninstalled it (I re-installed it since but didn't use the Startup Manager). The only way I found to stop "My Computer" folder from automatically opening at startup is to run msconfig and disable all Startup files. I tried to isolate the startup file creating the problem (very long process) but one day it seemed to be "CPMonitor", but when I tried again another day, disabling CPMonitor didn't make a difference! Go figure! Maybe I should simply reformat the hard drive and start all over again but I'd prefer to avoid spending countless hours re-installing everything if possible. I'm ready to go this way it if turns out to be the ONLY solution but I need to kwow. I hope this background info will help. Here are the scan results from OTListIt.exe. I'm looking forward to your feedback. (((((((((((((((((((( OTListIt.txt )))))))))))))))))))) OTListIt logfile created on: 27/11/2008 9:36:49 PM - Run OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Y-P Major\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.08 Gb Total Space | 249.15 Gb Free Space | 83.58% Space Free | Partition Type: NTFS Drive D: | 465.76 Gb Total Space | 212.07 Gb Free Space | 45.53% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 7.45 Gb Total Space | 6.23 Gb Free Space | 83.64% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 969.06 Mb Total Space | 959.38 Mb Free Space | 99.00% Space Free | Partition Type: FAT32 Computer Name: Y-P-P5K-SE Current User Name: Y-P Major Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== Processes ========== [2008/06/17 05:30:32 | 00,431,616 | ---- | M] (Faronics Corporation) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe [2008/11/13 17:11:26 | 01,086,840 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2007/10/30 19:07:38 | 00,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2005/12/12 14:02:24 | 00,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe [2008/08/18 13:25:10 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008/11/08 18:15:46 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008/11/27 02:29:25 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe [2008/10/22 16:10:24 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2007/05/11 05:03:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe [2004/08/04 07:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe [2007/10/30 19:51:44 | 00,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008/11/12 16:02:14 | 03,667,312 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2007/11/26 13:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe [2005/06/02 15:54:34 | 00,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe [2007/10/30 19:06:42 | 02,595,616 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2008/09/20 23:20:29 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008/11/27 02:29:25 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe [2000/06/02 18:07:58 | 00,024,650 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Game Controllers\Common\SWTrayV4.EXE [2008/08/30 01:17:26 | 16,862,720 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe [2001/08/23 20:37:39 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\point32.exe [2003/05/08 10:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe [2008/08/18 13:23:50 | 01,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008/01/28 11:55:10 | 01,413,120 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe [2008/03/31 15:30:58 | 00,614,400 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.61\aaCenter.exe [2007/10/30 19:11:48 | 00,909,208 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007/10/30 19:07:40 | 00,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008/10/14 21:38:56 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008/08/10 03:05:54 | 00,080,368 | ---- | M] () -- C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe [2008/10/09 10:52:54 | 00,333,120 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe [2008/10/22 16:10:24 | 00,399,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008/11/13 17:11:40 | 06,273,400 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2007/11/26 13:47:30 | 01,206,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe [2008/11/08 18:15:47 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008/08/30 17:32:51 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008/11/27 21:35:17 | 01,130,729 | ---- | M] (Faronics Corporation) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe [2005/12/12 14:03:54 | 00,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe [2008/11/27 21:30:12 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Y-P Major\Desktop\OTListIt.exe ========== (O23) Win32 Services ========== [2007/10/30 19:07:38 | 00,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running]) [2007/03/20 15:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped]) [2005/12/12 14:02:24 | 00,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service [Auto | Running]) [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) [2005/06/02 15:54:34 | 00,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running]) [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2008/06/17 05:30:32 | 00,431,616 | ---- | M] (Faronics Corporation) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe -- (DF5Serv [Auto | Running]) [2008/08/18 13:30:58 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped]) [2008/08/18 13:25:10 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running]) [2008/08/30 17:32:51 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running]) [2007/10/09 11:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) [2008/11/08 18:15:46 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running]) [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2007/10/11 08:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) [2008/11/27 02:29:25 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) [2008/10/22 16:10:24 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running]) [2007/10/11 08:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) [2007/05/11 05:03:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [2008/08/14 00:25:20 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11 [On_Demand | Stopped]) [2008/08/14 00:25:24 | 00,367,088 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe -- (Roxio Upnp Server 11 [Auto | Stopped]) [2008/08/14 00:24:06 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe -- (RoxLiveShare11 [Auto | Stopped]) File not found -- -- (RoxLiveShare9 [Auto | Stopped]) [2008/08/14 00:23:42 | 01,124,848 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11 [On_Demand | Stopped]) [2008/08/14 00:24:02 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe -- (RoxWatch11 [Auto | Stopped]) [2004/08/04 07:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp [Auto | Running]) [2007/10/30 19:51:44 | 00,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService [Auto | Running]) [2008/11/12 16:02:14 | 03,667,312 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Running]) [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) [2008/11/13 17:11:26 | 01,086,840 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService [Auto | Running]) [2007/11/26 13:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc [Auto | Running]) ========== Driver Services ========== [2007/12/18 00:14:04 | 00,012,400 | ---- | M] () -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO [system | Running]) [2008/08/30 01:41:22 | 00,036,864 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001 [On_Demand | Running]) [2008/06/17 05:38:26 | 00,132,112 | ---- | M] (Faronics Corporation) -- C:\WINDOWS\System32\drivers\DeepFrz.sys -- (DeepFrz [boot | Running]) [2008/04/13 13:39:46 | 00,206,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4.sys -- (dot4 [On_Demand | Running]) [2001/08/17 12:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Running]) [2001/08/17 12:47:32 | 00,023,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Running]) [2008/08/18 13:18:26 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon [Auto | Running]) [2008/08/18 13:19:26 | 00,053,256 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv [system | Running]) [2008/08/18 13:27:42 | 00,034,312 | ---- | M] () -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir [system | Running]) [2008/04/13 13:45:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gckernel.sys -- (GcKernel [On_Demand | Running]) [2008/11/24 21:52:00 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped]) [2004/07/14 11:54:42 | 00,676,864 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock [Auto | Running]) [2008/09/06 00:17:19 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt [Auto | Running]) [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running]) [2008/04/13 13:36:38 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt [On_Demand | Stopped]) [2001/08/17 13:02:50 | 00,002,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidswvd.sys -- (HIDSwvd [On_Demand | Running]) [2008/08/30 01:17:26 | 04,800,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) [2001/08/23 02:33:10 | 00,010,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter [On_Demand | Running]) [2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Running]) [2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running]) [2004/08/13 05:56:20 | 00,005,810 | ---- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running]) [2008/08/30 14:18:41 | 00,143,360 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\system32\drivers\mv61xx.sys -- (mv61xx [boot | Running]) [2007/05/11 05:03:00 | 06,738,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running]) [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running]) [2004/03/19 10:17:44 | 00,016,512 | ---- | M] (Dekart) -- C:\Program Files\Dekart\Private Disk Light\pdrjndl.sys -- (PDRJNDL [Auto | Running]) [2004/05/06 09:10:08 | 00,014,976 | ---- | M] (Dekart) -- C:\Program Files\Dekart\Private Disk Light\prvdisk.sys -- (PRVDISK [Auto | Running]) [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2008/06/16 03:00:00 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running]) [2006/11/07 19:02:04 | 00,022,272 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Running]) [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Running]) [2004/08/04 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running]) [2008/08/11 10:53:22 | 00,057,328 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter [Disabled | Stopped]) [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2004/09/10 06:00:00 | 00,084,064 | ---- | M] (Rainbow Technologies, Inc.) -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel [Auto | Running]) [2008/08/30 17:10:41 | 00,129,248 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman [boot | Running]) [2008/11/12 16:02:26 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssfs0bbc.sys -- (ssfs0bbc [boot | Running]) [2008/11/12 16:02:26 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\sshrmd.sys -- (sshrmd [boot | Running]) [2008/11/12 16:02:28 | 00,170,608 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssidrv.sys -- (ssidrv [boot | Running]) [2008/06/20 06:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [system | Running]) [2008/08/30 17:10:38 | 00,368,544 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman [boot | Running]) [2008/08/30 17:10:49 | 00,044,384 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter [Auto | Running]) [2008/08/30 17:10:49 | 00,441,760 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter [boot | Running]) [2008/04/13 13:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running]) ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-21-583907252-1580436667-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm HKU\S-1-5-21-583907252-1580436667-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-21-583907252-1580436667-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2 HKU\S-1-5-21-583907252-1580436667-682003330-1003\S-1-5-21-583907252-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-21-583907252-1580436667-682003330-1003\S-1-5-21-583907252-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local O1 HOSTS File: (713 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe [2008/11/11 01:56:22 00,000,000 | ---D | M] O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe [2008/11/11 01:56:22 00,000,000 | ---D | M] O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-583907252-1580436667-682003330-1003\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKU\S-1-5-21-583907252-1580436667-682003330-1003\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" (Acronis) O4 - HKLM..\Run: [Adobe_ID0EYTHM] "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" () O4 - HKLM..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE" (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe" () O4 - HKLM..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe" () O4 - HKLM..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe" () O4 - HKLM..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" () O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install () O4 - HKLM..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" (ScanSoft, Inc.) O4 - HKLM..\Run: [POINTER] point32.exe File not found O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.) O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" (Sonic Solutions) O4 - HKLM..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE" (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sideWinderTrayV4] "C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe" (Microsoft Corporation) O4 - HKLM..\Run: [spySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray (Webroot Software, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" (Acronis) O4 - HKLM..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" -expressboot (BillP Studios) O4 - HKCU..\Run: [sansaDispatch] C:\Documents and Settings\Y-P Major\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe File not found O4 - HKCU..\Run: [sHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background (Rogers Cable Communications) O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (Google Inc.) O4 - HKCU..\Run: [update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background (Rogers Cable Communications Inc. ) O4 - HKCU..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" (Webroot Software, Inc.) O4 - HKU\S-1-5-21-583907252-1580436667-682003330-1003..\Run: [sansaDispatch] C:\Documents and Settings\Y-P Major\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe File not found O4 - HKU\S-1-5-21-583907252-1580436667-682003330-1003..\Run: [sHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background (Rogers Cable Communications) O4 - HKU\S-1-5-21-583907252-1580436667-682003330-1003..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (Google Inc.) O4 - HKU\S-1-5-21-583907252-1580436667-682003330-1003..\Run: [update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background (Rogers Cable Communications Inc. ) O4 - HKU\S-1-5-21-583907252-1580436667-682003330-1003..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" (Webroot Software, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Y-P Major\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-583907252-1580436667-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Ranges: 127.0.0.1 (http in Local intranet | ) O15 - HKU\S-1-5-21-583907252-1580436667-682003330-1003\..Trusted Ranges: 127.0.0.1 (http in Local intranet | ) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object) O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecurity.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1219824127875 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10) O18 - Protocol\Handler: - ipp - No CLSID value found O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp - No CLSID value found O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - See sections below for AppInitDlls and Winlogon settings ========== Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] DfLogon: "DllName" = LogonDll.dll -- C:\WINDOWS\system32\LogonDll.dll () ========== LSA *Authentication Packages* ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages" = msv1_0,relog_ap, >[2007/02/16 15:43:12 | 00,008,704 | ---- | M] (Acronis) -- C:\WINDOWS\system32\relog_ap.dll ========== Safeboot Options ========== "AlternateShell" = cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2008/08/27 02:06:30 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] AutoRun.inf [[AutoRun] | open=PortableRoboForm.exe | action=Launch RoboForm2Go | shell\RoboForm2Go=Launch RoboForm2Go | shell\RoboForm2Go\command=PortableRoboForm.exe | icon=PortableRoboForm.exe | label=RoboForm2Go | ] [2008/10/31 23:29:32 | 00,000,197 | ---- | M] () -- I:\AutoRun.inf -- [ FAT32 ] ========== Files/Folders - Created Within 30 Days ========== [4 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2008/11/27 21:30:03 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Y-P Major\Desktop\OTListIt.exe [2008/11/27 01:39:51 | 00,038,229 | ---- | C] (Generic) -- C:\WINDOWS\System32\drivers\StMp3Rec.sys [2008/11/25 21:21:54 | 00,000,000 | ---D | C] -- C:\fsaua.data [2008/11/25 09:27:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\SanDisk [2008/11/25 08:47:35 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2008/11/24 21:52:00 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys [2008/11/24 21:52:00 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini [2008/11/24 21:52:00 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd [2008/11/24 21:51:59 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll [2008/11/24 21:51:59 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe [2008/11/24 21:09:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Desktop\gmer [2008/11/24 21:06:57 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Y-P Major\Desktop\gmer.zip [2008/11/24 21:06:28 | 00,356,763 | ---- | C] () -- C:\Documents and Settings\Y-P Major\Desktop\dds.scr [2008/11/23 20:20:04 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2008/11/23 20:19:30 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security [2008/11/23 19:37:29 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2008/11/23 19:37:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2008/11/23 19:22:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2008/11/23 18:04:04 | 00,000,000 | ---D | C] -- C:\Program Files\RogueRemover FREE [2008/11/23 15:10:48 | 00,000,508 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Y-P Major.job [2008/11/23 15:10:44 | 00,000,494 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Y-P Major.job [2008/11/23 14:44:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\WinPatrol [2008/11/23 14:44:37 | 00,000,000 | ---D | C] -- C:\Program Files\BillP Studios [2008/11/23 14:30:13 | 00,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk [2008/11/23 14:30:13 | 00,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2008/11/23 14:30:13 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Y-P Major\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2008/11/22 23:38:24 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer [2008/11/22 23:07:37 | 00,001,712 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_L6F0734F7AB7E49AF87136D3A2A6BE246.job [2008/11/22 23:01:17 | 00,000,000 | ---D | C] -- C:\Binaries [2008/11/22 23:00:57 | 01,553,272 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll [2008/11/22 22:59:15 | 00,000,164 | ---- | C] () -- C:\install.dat [2008/11/22 22:25:19 | 00,424,960 | ---- | C] (Webroot Software, Inc) -- C:\WINDOWS\WRServices.dll [2008/11/22 21:35:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\Uniblue [2008/11/22 21:19:52 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2008/11/22 18:52:25 | 00,000,000 | ---D | C] -- C:\Program Files\Roxio [2008/11/22 18:50:26 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar [2008/11/22 18:49:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared [2008/11/22 18:28:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\Blackberry Desktop [2008/11/22 18:28:41 | 00,000,000 | ---D | C] -- C:\Program Files\Research In Motion [2008/11/22 18:16:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2008/11/22 17:59:15 | 00,000,496 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008/11/22 17:46:45 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\rx_image32.Cache [2008/11/22 17:22:21 | 00,000,000 | ---D | C] -- C:\Boot File Backup [2008/11/22 15:39:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2008/11/22 12:30:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun [2008/11/22 12:30:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\Sun [2008/11/22 02:02:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\CutePDF Writer [2008/11/22 02:01:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\CutePDF_Filler [2008/11/22 02:01:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\CutePDF [2008/11/22 01:59:25 | 00,000,000 | ---D | C] -- C:\Program Files\Acro Software [2008/11/16 04:41:56 | 00,011,941 | ---- | C] () -- C:\Documents and Settings\Y-P Major\My Documents\Pi%C3%A8ce%20jointe[1].pdf [2008/11/15 18:05:42 | 00,000,606 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI [2008/11/15 07:35:12 | 00,000,002 | ---- | C] () -- C:\WINDOWS\Twain001.Mtx [2008/11/15 07:30:42 | 00,007,680 | -HS- | C] () -- C:\Thumbs.db [2008/11/15 06:46:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\Malwarebytes [2008/11/15 06:46:40 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/11/15 06:46:37 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/11/15 06:46:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2008/11/15 06:46:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2008/11/15 06:15:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\Systweak [2008/11/15 04:24:12 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys [2008/11/15 04:19:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Download Manager [2008/11/15 01:55:04 | 00,055,120 | ---- | C] () -- C:\Documents and Settings\Y-P Major\Application Data\GDIPFONTCACHEV1.DAT [2008/11/14 02:19:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2008/11/14 02:19:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2008/11/14 02:19:23 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2008/11/14 02:19:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\Apple [2008/11/14 02:19:21 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2008/11/14 02:19:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2008/11/14 02:18:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\Apple Computer [2008/11/12 16:02:28 | 00,170,608 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssidrv.sys [2008/11/12 16:02:26 | 00,029,808 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfs0bbc.sys [2008/11/12 16:02:26 | 00,023,152 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\sshrmd.sys [2008/11/12 16:02:20 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll [2008/11/12 16:02:12 | 00,016,240 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe [2008/11/12 07:12:52 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2008/11/12 07:12:46 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll [2008/11/08 22:25:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2008/11/08 22:07:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2008/11/08 20:16:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/11/08 20:16:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\Mozilla [2008/11/08 20:16:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\Mozilla [2008/11/08 20:16:27 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2008/11/08 20:07:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\OpenOffice.org [2008/11/08 19:24:00 | 00,000,000 | ---D | C] -- C:\Program Files\JRE [2008/11/08 19:23:56 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2008/11/08 17:56:56 | 00,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe [2008/11/08 17:56:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2008/11/08 17:56:34 | 00,000,000 | ---D | C] -- C:\Psfonts [2008/11/08 17:56:13 | 00,000,603 | ---- | C] () -- C:\WINDOWS\winiini.fin [2008/11/08 17:56:13 | 00,000,000 | ---D | C] -- C:\Program Files\Finale 2003a [2008/11/08 17:43:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\FileMaker [2008/11/08 17:41:37 | 00,000,000 | ---D | C] -- C:\Program Files\FileMaker 5.5 [2008/11/03 21:43:15 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Y-P Major\My Documents\My Videos [2008/11/03 21:24:33 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2008/11/03 21:24:26 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll [2008/11/03 21:24:23 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2 [2008/11/03 21:23:45 | 00,000,000 | ---D | C] -- C:\bab424dfa7535d205568ef [2008/11/03 21:22:59 | 00,000,000 | ---D | C] -- C:\2ddf0459ddf4f11392a188723ccb [2008/11/03 21:22:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2008/11/03 21:22:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2008/11/03 21:22:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2008/11/03 21:22:13 | 00,000,000 | ---D | C] -- C:\e9954975cf2d158c4162 ========== Files - Modified Within 30 Days ========== [4 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2008/11/27 21:35:07 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008/11/27 21:30:12 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Y-P Major\Desktop\OTListIt.exe [2008/11/27 18:06:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008/11/27 18:06:54 | 32,202,87488 | -HS- | M] () -- C:\hiberfil.sys [2008/11/27 01:09:15 | 00,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Y-P Major.job [2008/11/27 01:00:12 | 00,000,494 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Y-P Major.job [2008/11/25 08:47:35 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2008/11/24 21:52:00 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys [2008/11/24 21:52:00 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini [2008/11/24 21:52:00 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd [2008/11/24 21:51:59 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll [2008/11/24 21:09:50 | 00,811,008 | ---- | M] () -- C:\WINDOWS\gmer.exe [2008/11/24 21:07:09 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Y-P Major\Desktop\gmer.zip [2008/11/24 21:06:31 | 00,356,763 | ---- | M] () -- C:\Documents and Settings\Y-P Major\Desktop\dds.scr [2008/11/23 14:35:59 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini [2008/11/23 14:35:59 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2008/11/23 14:35:59 | 00,000,194 | -HS- | M] () -- C:\boot.ini [2008/11/22 23:07:42 | 00,000,713 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2008/11/22 23:07:37 | 00,001,712 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L6F0734F7AB7E49AF87136D3A2A6BE246.job [2008/11/22 22:59:17 | 00,000,164 | ---- | M] () -- C:\install.dat [2008/11/22 19:33:29 | 00,055,120 | ---- | M] () -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2008/11/22 19:31:25 | 01,518,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/11/22 18:00:18 | 00,000,496 | ---- | M] () -- C:\WINDOWS\WININIT.INI [2008/11/22 17:46:45 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\rx_image32.Cache [2008/11/22 16:44:57 | 00,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk [2008/11/22 16:44:57 | 00,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2008/11/22 16:44:57 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\Y-P Major\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2008/11/16 04:41:56 | 00,011,941 | ---- | M] () -- C:\Documents and Settings\Y-P Major\My Documents\Pi%C3%A8ce%20jointe[1].pdf [2008/11/15 18:16:48 | 00,000,606 | ---- | M] () -- C:\WINDOWS\Uninstall Manager.INI [2008/11/15 04:24:12 | 00,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys [2008/11/15 01:55:04 | 00,055,120 | ---- | M] () -- C:\Documents and Settings\Y-P Major\Application Data\GDIPFONTCACHEV1.DAT [2008/11/14 18:18:24 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/11/14 02:19:23 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2008/11/13 17:11:26 | 01,553,272 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll [2008/11/13 17:04:24 | 00,511,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll [2008/11/12 16:51:32 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2008/11/12 16:02:28 | 00,170,608 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssidrv.sys [2008/11/12 16:02:26 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfs0bbc.sys [2008/11/12 16:02:26 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\sshrmd.sys [2008/11/12 16:02:20 | 00,031,088 | ---- | M] () -- C:\WINDOWS\System32\wrLZMA.dll [2008/11/12 16:02:12 | 00,016,240 | ---- | M] () -- C:\WINDOWS\System32\SsiEfr.exe [2008/11/09 12:44:44 | 02,638,200 | -H-- | M] () -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\IconCache.db [2008/11/08 22:25:34 | 00,000,000 | ---- | M] () -- C:\WINDOWS\OpPrintServer.INI [2008/11/08 20:16:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2008/11/08 17:56:13 | 00,000,603 | ---- | M] () -- C:\WINDOWS\winiini.fin [2008/11/03 21:28:59 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2008/11/03 21:28:59 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2008/11/03 21:23:41 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2008/11/03 21:22:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2008/11/03 19:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2008/11/03 15:46:59 | 00,509,720 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2008/11/03 15:46:59 | 00,433,186 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2008/11/03 15:46:59 | 00,067,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat < End of report > (((((((((((((((((((( OTListIt Extras.txt )))))))))))))))))))) OTListIt Extras logfile created on: 27/11/2008 9:36:49 PM - Run OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Y-P Major\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.08 Gb Total Space | 249.15 Gb Free Space | 83.58% Space Free | Partition Type: NTFS Drive D: | 465.76 Gb Total Space | 212.07 Gb Free Space | 45.53% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 7.45 Gb Total Space | 6.23 Gb Free Space | 83.64% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 969.06 Mb Total Space | 959.38 Mb Free Space | 99.00% Space Free | Partition Type: FAT32 Computer Name: Y-P-P5K-SE Current User Name: Y-P Major Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 File not found -- C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour [2007/03/20 15:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server [2004/08/19 22:48:06 | 02,314,240 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Install Network Printer Wizard\hpjsi.exe:*:Enabled:HP Jetdirect Wireless Setup Wizard [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003447F5-0058-4B77-9C1E-50488F77C4A7}" = Brother P-touch Editor 4.2 "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0 "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs "{0725C68F-FD3A-4476-BDA0-C002C7FE307C}" = BlackBerry Desktop Software 4.2.2 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS "{0C6FFD51-E507-4A29-8B25-4C1AF2796BA0}" = Roxio High-Def/Blu-ray Disc Plug-In "{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830 "{0DD2BDF7-EAC8-41F7-83ED-61A2D05C6235}" = Adobe Setup "{0E73300E-52D9-4457-88C5-B8FD6A149697}" = Chief Architect 10.0 Tutorial Videos "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets "{1A3D8A23-3215-46B7-AB97-E304ADABFC18}" = ESET NOD32 Antivirus "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR} "{1F698102-5739-441E-96F0-74F4EA540F06}" = Atheros Ethernet Utility "{21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}" = EMC 11 Content "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 10 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2B82EF41-0E63-474D-8C5F-A8EFD0FF3497}" = Chief Architect Full Version "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1 "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5 "{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Creator 2009 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core "{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{547D4265-AF45-42E9-A62A-C58182AA35B9}" = Sentinel Protection Installer 7.0.0 "{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3 "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3 "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis

Hello again! As instructed, I went to Start-->Control Panel-->Folder Options-->View tab but there are no check mark beside "Restore previous folder windows at logon". "My Computer" folder still opens at startup. I have not seen spam coming from my own email address in the last few days. To answer your question, I don't know how these spam emails got to my inbox but they were sure showing my complete email address as the person sending the emails. Below is how my troubles started. I thought a little background would help: While browsing the internet last week, NOD32 reported an intrusion and quarantined the files (but I could not figure out how to remove them). Eventually, I started seeing an alert reporting that "Windows has detected spyware infection". Then a scan started on its own and I could not stop it. After a few minutes, a message appeared reporting that my computer was infected with ipexewin.exe, audiopitusr.exe, and exeiptransfer.exe. I did not download the software they were recommending. Instead I tried to research the files on the internet but my browser (IE7) kept opening other pages than the ones I was asking for. So I used another computer and eventually found and downloaded Malwarebyte Anti-Malware. I transfered this utility to my infected computer using a USB key. I ran the utility and it reported that it had removed the threat. I thought I was OK. But weird things keep happening more than one week later and I can't fix them, no matter what I try: -The computer takes more time to startup -"My Computer" folder always open at startup -When I start my IE7 browser, it always opens in a smaller window even though I maximize it every time (it seems windows size settings are not kept) -I'm receiving spam emails from my own email address -My security utilities task tray icons get disabled randomly at startup: the first time it was NOD32, then Malwarebyte Anti-Malware, and then, Webroot SpySweeper. I've run multiples scans using MBAM, NOD32, and SpySweeper but they always report that everything is fine. During all of this, I also ran the Startup Manager module within Advanced System Optimizer to see if it would help. I deleted the startup icon for "SpyNoMore" (SNM.exe) but it kept showing in the list every time I restarted the Startup Manager. So I concluded that Advanced System Optimizer was not working properly and uninstalled it (I re-installed it since but didn't use the Startup Manager). The only way I found to stop "My Computer" folder from automatically open at startup is to run msconfig and disable all Startup files. I tried to isolate the startup file creating the problem (very long process) but one day it seemed to be "CPMonitor", but when I tried again another time, disabling CPMonitor didn't make a difference! Go figure! Maybe I should simply reformat the hard drive and start all over again but I'd prefer to avoid spending countless hours re-installing everything if possible. I'm ready to go this way it if turns out to be the ONLY solution but I need to kwow. What do you suggest? Thanks again! Yvon-Pierre

Hello, After deleting "F-Secure Online Scanner 3.3" from "Downloaded Program Files" in Windows Explorer, I was able to re-download F-Secure Online Scanner and get the scan to work. Here is the content of the "Show Report". Hope this is going to help. Yvon-Pierre (((((((((( F-Secure Online Scanner 3.3.1 Scanning Report )))))))))) Scanning Report Thursday, November 27, 2008 03:27:00 - 06:24:49 Computer name: Y-P-P5K-SE Scanning type: Scan system for malware, rootkits Target: C:\ D:\ -------------------------------------------------------------------------------- Result: 7 malware found TrackingCookie.2o7 (spyware) System TrackingCookie.Advertising (spyware) System TrackingCookie.Atdmt (spyware) System TrackingCookie.Doubleclick (spyware) System TrackingCookie.Mediaplex (spyware) System TrackingCookie.Revsci (spyware) System TrackingCookie.Yieldmanager (spyware) System -------------------------------------------------------------------------------- Statistics Scanned: Files: 554121 System: 3990 Not scanned: 166 Actions: Disinfected: 0 Renamed: 0 Deleted: 0 None: 7 Submitted: 0 Files not scanned: 8xLIBERFIL.SYS C:\PAGEFILE.SYS C:\PERSI0.SYS C:\WINDOWS\TEMP\PERFLIB_PERFDATA_8A8.DAT C:\WINDOWS\TEMP\WRSTEMP\SSMS0144ACA2-C12E-492B-A306-D0062FD95B94.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS02D29209-8B02-4116-8EBF-A5B50641AE72.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS0617A811-DE3D-4E56-AD0E-D8C5F80B52E3.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS0B8306B3-1828-485A-82CA-776FB04BF559.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS12F77231-245B-4216-A3FA-D2CF420299F3.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS1A023F12-8135-447B-9641-611D0B2B6A35.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS1D82FD3A-6BA3-460C-8515-CA565ADBE476.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS1DFC0DE6-0C18-4268-9CFB-5D0B9201D2A0.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS20371F8D-A416-4DBB-B53B-096D3CCEA357.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS2430D821-AF8D-49FC-8FA1-7B1BBBF4F0A1.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS25FC528B-62B8-4B06-90BD-E9CCFEBB6567.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS293617C5-8A63-4A52-809E-6EBCF554E8FE.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS2B4D5F63-92C7-4B1E-A47A-35DAFC0924A5.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS30BE4441-0F14-4DF2-8F44-431AC5A0690C.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS3153D57E-E6AD-478C-AADF-17660FFB6E49.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS3227E035-03DC-4DCA-88BC-0B96F61336F9.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS334F108E-4AB6-4313-82FF-5BBDE5CA1FEA.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS352DCA78-A276-4EF5-AFD8-F3ED300EA68D.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS3B6FEA55-951A-4E16-A664-6BE11BC856A3.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS3CA98511-E2CE-4EF8-9625-B38E83802F99.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS3E426E56-4DC2-4439-B79D-35821B7B5D83.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS3F2F38F9-59EE-429E-B624-1714506CFDA7.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS48142AE7-DF8F-471E-9B3B-B8AF5A7C2C76.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS4A464274-F22E-48C3-9773-971E011DC175.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS4BD22F3D-A8D6-41F5-B086-3FF7446376C5.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS4CB3CEA8-6019-4BF4-AD70-7EA40C077C03.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS4D3D5689-BE33-468E-908F-DAA74C84D455.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS4DE65FDB-0494-4F7E-BEB8-63A6E5F763F1.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS4DFF314A-992C-4468-A29E-4E0BB2158EC7.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS4F8663AA-5385-46B6-BD44-3D1D5E853A28.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS52A184B2-BAD5-4351-A6AD-5FE6329B7D55.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS59B44713-8909-40D6-81CF-E18213742585.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS601A30A2-DDF0-4F55-871C-D9820174F92B.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS60B4B523-1DDE-4BE3-8573-F8F7EC65333A.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS615FC69A-E4A4-45D3-AA59-0ACEDD2E5580.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS622542D5-C212-4980-98BE-375FF73DF674.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS64739DEC-C1F5-45CD-9D8F-7D431F3F9E67.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS652D7524-BD9D-46A0-8E18-7B022B1DCF54.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS67F4A03C-2547-42B2-AC62-CEABEBBE21BE.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS68F0BA4B-C2F1-41BA-BEA4-6849D50ADECE.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS6ADDDCEB-AA32-4A4B-A38B-8473427F4D07.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS6FFBF99E-30A9-4BCB-BEE8-2DEC46B781DB.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS72DFFE17-99C7-4669-ABFE-B974138EF6E1.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS7943CCA7-EB7F-4B89-955E-6B975495C649.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS7A13A6B2-E424-4E2C-B609-0FA8C0525BC0.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS7C88B860-4709-4258-9949-6F16698626C5.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS7D36C282-31B4-4725-AFFB-2A6CC1544892.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS7EB66F15-CDFF-4184-A7F2-019C366A748F.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS7F480329-77BD-4D5B-9478-3C98538A2A8D.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS8085C41C-0F03-42EA-A247-BCE3A6A809D0.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS81D47383-0233-429C-80DB-E283E7EA3DAE.TMP C:\WINDOWS\TEMP\WRSTEMP\SSMS825C0C71-A10E-4374-9DF9 -------------------------------------------------------------------------------- Options Scanning engines: F-Secure USS: 2.40.0 F-Secure Hydra: 2.8.8110, 2008-11-27 F-Secure AVP: 7.0.171, 2008-11-27 F-Secure Pegasus: 1.20.0, 2008-10-25 F-Secure Blacklight: 2.4.1093 Scanning options: Scan all files Scan inside archives Use Advanced heuristics -------------------------------------------------------------------------------- Copyright

Hello 1972Vet, Thanks for your reply. Unfortunately, I cannot get the "F-Secure Online Scanner" to perform the scan (and by the way, the Online Virus Scanner beta program has ended - Version 3.3 is now available). Here is what happens: I follow your instructions to start the scan. When the download finishes and the scan is just about to start, I receive this message: "An error has occured! Please close the scanner and your browser, then try again. (Id:12)" I closed my browser as instructed and started the whole process all over again but I got the same error message. So I restarted my computer and then pointed my browser to the F-Secure site to start the scan once more but I ended up with the same error again. Please let me know what I should do. Thanks, Yvon-Pierre