Jump to content

My Computer folder opens at startup


YPMajor

Recommended Posts

Hello,

NOD32 reported that I got infected by malware last Saturday while browsing the internet but it could not remove it. Malwarebyte Anti-Malware was the only application in all those that I already had or tried off the internet that could remove it. Thank you so much!

But I still have a problem that I can't fix, no matter what I try: "My Computer" folder always open at startup. I don't know if this represents a threat or not but it is annoying. I've run a full scan using many utilities: MBAM, NOD32, Webroot SpySweeper. Everything is fine according to these applications. And no, I don't have a shortcut pointing to "My Computer" in my startup folder. And the folder option is not set to "Restore previous folder windows at logon".

The only way that I've found to stop this folder from automatically opening is to turn off all Startup files listed in msconfig. I tried to isolate which startup file causes this without success. Some startup files seems to get listed randomly after each startup.

I purchased MBAM protection module in hope that it would spot the problem upon startup but it didn't. In fact, it sometimes get automatically disabled at startup. So there is something weird going on!

Can you please help? I'm pasting a copy of the scan logs from MBAM, Panda ActiveScan, and HijackThis.

Your feedback will be very much appreciated. Thanks in advance!

Best regards,

Yvon-Pierre Major

==============================

MBAM Log when detected the malware:

Malwarebytes' Anti-Malware 1.30

Database version: 1399

Windows 5.1.2600 Service Pack 3

15/11/2008 6:50:50 AM

mbam-log-2008-11-15 (06-50-50).txt

Scan type: Quick Scan

Objects scanned: 54627

Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Y-P Major\Local Settings\Temp\xxx1986.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\Documents and Settings\Y-P Major\Local Settings\Temp\~tmpb.exe (Trojan.FakeAlert) -> Delete on reboot.

==============================

MBAM Log today (one week later):

Malwarebytes' Anti-Malware 1.30

Database version: 1419

Windows 5.1.2600 Service Pack 3

23/11/2008 10:44:16 PM

mbam-log-2008-11-23 (22-44-16).txt

Scan type: Quick Scan

Objects scanned: 54059

Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

==============================

Panda ActiveScan Log:

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-11-23 22:51:17

PROTECTIONS: 1

MALWARE: 2

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

ESET NOD32 Antivirus 3.0 3.0 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Y-P Major\Cookies\y-p_major@atdmt[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Y-P Major\Cookies\y-p_major@com[1].txt

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

==============================

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:52:58 PM, on 23/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\ASUS\AASP\1.00.61\aaCenter.exe

C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\WINDOWS\System32\ups.exe

C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\DOCUME~1\Y-PMAJ~1\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sideWinderTrayV4] "C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe"

O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"

O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"

O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe"

O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE"

O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"

O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" -expressboot

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"

O4 - HKCU\..\Run: [update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 3.0.lnk = ?

O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219824127875

O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe

O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe

O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe

O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--

End of file - 15468 bytes

==============================

That's it! I hope it helps!

Thanks again!

Yvon-Pierre

Link to post
Share on other sites

Hello Yvon-Pierre,

I'm going to suggest some basics, and running one set of reports so we can see a bit more detail on this system.

Hopefully the section on changed items from the reports will point to the underlying item cauing Windows Explorer to open a window.

You have certainly run a set of good tools already; and MBAM has done some removals already. Do the following to get underway:

1. Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

2. Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

=

Download OTListIt.exe & SAVE it to your desktop.

  • Close all applications and windows so that you have nothing open and are at your Desktop
  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.
  • Place a checkmark in the "Scan All Users" checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)
  • Click the Run Scan button
  • NOTE: Please be patient and let the scan run without using the computer
  • When the scan is complete, a text file (OTListIt.Txt) will open in Notepad (if not, it can be found on your Desktop)
  • In Notepad, click Edit, Select all then Edit, Copy
  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.
  • Submit your reply and close the Notepad window with OTList.txt
  • Also OTListIt's Extras.txt log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window
  • In Notepad, click Edit, Select all then Edit, Copy
  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.
  • NOTE: If the files (OTListIt.txt, Extras.txt) do not appear in your taskbar, just open the files in notepad from your desktop.
Link to post
Share on other sites

Hello Maurice,

Thanks for your reply. I did everything you suggested. You will find below a copy of both scans from OTListIt.exe. But before I thought I would give you the background on how my troubles started.

While browsing the internet last week, NOD32 reported an intrusion and quarantined the files (but I could not figure out how to remove them). Eventually, I started seeing an alert reporting that "Windows has detected spyware infection". Then a scan started on its own and I could not stop it. After a few minutes, a message appeared reporting that my computer was infected with ipexewin.exe, audiopitusr.exe, and exeiptransfer.exe. I did not download the software they were recommending. Instead I tried to research these files on the internet but my browser (IE7) kept opening other pages than the ones I was asking for. So I used another computer and eventually found and downloaded Malwarebyte Anti-Malware. I transfered this utility to my infected computer using a USB key. I ran the utility and it reported that it had removed all threats. I thought I was OK.

But weird things keep happening more than one week later and I can't fix them, no matter what I try:

-The computer takes more time to startup

-"My Computer" folder always open at startup

-When I start my IE7 browser, it always opens in a smaller window even though I maximize it every time (it seems windows size settings are not kept)

-I'm receiving spam emails from my own email address

-My security utilities task tray icons get disabled randomly at startup: the first time it was NOD32, then Malwarebyte Anti-Malware, and then, Webroot SpySweeper.

I've run multiples scans using MBAM, NOD32, and SpySweeper but they always report that everything is fine. During all of this, I also ran the Startup Manager module within Advanced System Optimizer to see if it would help. I deleted the startup icon for "SpyNoMore" (SNM.exe) but it kept showing in the list every time I restarted the Startup Manager. So I concluded that Advanced System Optimizer was not working properly and uninstalled it (I re-installed it since but didn't use the Startup Manager).

The only way I found to stop "My Computer" folder from automatically opening at startup is to run msconfig and disable all Startup files. I tried to isolate the startup file creating the problem (very long process) but one day it seemed to be "CPMonitor", but when I tried again another day, disabling CPMonitor didn't make a difference! Go figure!

Maybe I should simply reformat the hard drive and start all over again but I'd prefer to avoid spending countless hours re-installing everything if possible. I'm ready to go this way it if turns out to be the ONLY solution but I need to kwow.

I hope this background info will help. Here are the scan results from OTListIt.exe.

I'm looking forward to your feedback.

(((((((((((((((((((( OTListIt.txt ))))))))))))))))))))

OTListIt logfile created on: 27/11/2008 9:36:49 PM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Y-P Major\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.08 Gb Total Space | 249.15 Gb Free Space | 83.58% Space Free | Partition Type: NTFS

Drive D: | 465.76 Gb Total Space | 212.07 Gb Free Space | 45.53% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 7.45 Gb Total Space | 6.23 Gb Free Space | 83.64% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 969.06 Mb Total Space | 959.38 Mb Free Space | 99.00% Space Free | Partition Type: FAT32

Computer Name: Y-P-P5K-SE

Current User Name: Y-P Major

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2008/06/17 05:30:32 | 00,431,616 | ---- | M] (Faronics Corporation) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

[2008/11/13 17:11:26 | 01,086,840 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

[2007/10/30 19:07:38 | 00,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

[2005/12/12 14:02:24 | 00,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

[2008/08/18 13:25:10 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

[2008/11/08 18:15:46 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[2008/11/27 02:29:25 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

[2008/10/22 16:10:24 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

[2007/05/11 05:03:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

[2004/08/04 07:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe

[2007/10/30 19:51:44 | 00,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

[2008/11/12 16:02:14 | 03,667,312 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

[2007/11/26 13:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe

[2005/06/02 15:54:34 | 00,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

[2007/10/30 19:06:42 | 02,595,616 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[2008/09/20 23:20:29 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[2008/11/27 02:29:25 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

[2000/06/02 18:07:58 | 00,024,650 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Game Controllers\Common\SWTrayV4.EXE

[2008/08/30 01:17:26 | 16,862,720 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe

[2001/08/23 20:37:39 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\point32.exe

[2003/05/08 10:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2008/08/18 13:23:50 | 01,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

[2008/01/28 11:55:10 | 01,413,120 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe

[2008/03/31 15:30:58 | 00,614,400 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.61\aaCenter.exe

[2007/10/30 19:11:48 | 00,909,208 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[2007/10/30 19:07:40 | 00,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[2008/10/14 21:38:56 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[2008/08/10 03:05:54 | 00,080,368 | ---- | M] () -- C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe

[2008/10/09 10:52:54 | 00,333,120 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

[2008/10/22 16:10:24 | 00,399,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

[2008/11/13 17:11:40 | 06,273,400 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe

[2007/11/26 13:47:30 | 01,206,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe

[2008/11/08 18:15:47 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[2008/08/30 17:32:51 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

[2008/11/27 21:35:17 | 01,130,729 | ---- | M] (Faronics Corporation) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe

[2005/12/12 14:03:54 | 00,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

[2008/11/27 21:30:12 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Y-P Major\Desktop\OTListIt.exe

========== (O23) Win32 Services ==========

[2007/10/30 19:07:38 | 00,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])

[2007/03/20 15:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])

[2005/12/12 14:02:24 | 00,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service [Auto | Running])

[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2005/06/02 15:54:34 | 00,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])

[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2008/06/17 05:30:32 | 00,431,616 | ---- | M] (Faronics Corporation) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe -- (DF5Serv [Auto | Running])

[2008/08/18 13:30:58 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])

[2008/08/18 13:25:10 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])

[2008/08/30 17:32:51 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])

[2007/10/09 11:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

[2008/11/08 18:15:46 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])

[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2007/10/11 08:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

[2008/11/27 02:29:25 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2008/10/22 16:10:24 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])

[2007/10/11 08:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

[2007/05/11 05:03:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2008/08/14 00:25:20 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11 [On_Demand | Stopped])

[2008/08/14 00:25:24 | 00,367,088 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe -- (Roxio Upnp Server 11 [Auto | Stopped])

[2008/08/14 00:24:06 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe -- (RoxLiveShare11 [Auto | Stopped])

File not found -- -- (RoxLiveShare9 [Auto | Stopped])

[2008/08/14 00:23:42 | 01,124,848 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11 [On_Demand | Stopped])

[2008/08/14 00:24:02 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe -- (RoxWatch11 [Auto | Stopped])

[2004/08/04 07:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp [Auto | Running])

[2007/10/30 19:51:44 | 00,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService [Auto | Running])

[2008/11/12 16:02:14 | 03,667,312 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Running])

[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[2008/11/13 17:11:26 | 01,086,840 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService [Auto | Running])

[2007/11/26 13:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc [Auto | Running])

========== Driver Services ==========

[2007/12/18 00:14:04 | 00,012,400 | ---- | M] () -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO [system | Running])

[2008/08/30 01:41:22 | 00,036,864 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001 [On_Demand | Running])

[2008/06/17 05:38:26 | 00,132,112 | ---- | M] (Faronics Corporation) -- C:\WINDOWS\System32\drivers\DeepFrz.sys -- (DeepFrz [boot | Running])

[2008/04/13 13:39:46 | 00,206,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4.sys -- (dot4 [On_Demand | Running])

[2001/08/17 12:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Running])

[2001/08/17 12:47:32 | 00,023,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Running])

[2008/08/18 13:18:26 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon [Auto | Running])

[2008/08/18 13:19:26 | 00,053,256 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv [system | Running])

[2008/08/18 13:27:42 | 00,034,312 | ---- | M] () -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir [system | Running])

[2008/04/13 13:45:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gckernel.sys -- (GcKernel [On_Demand | Running])

[2008/11/24 21:52:00 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])

[2004/07/14 11:54:42 | 00,676,864 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock [Auto | Running])

[2008/09/06 00:17:19 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt [Auto | Running])

[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2008/04/13 13:36:38 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt [On_Demand | Stopped])

[2001/08/17 13:02:50 | 00,002,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidswvd.sys -- (HIDSwvd [On_Demand | Running])

[2008/08/30 01:17:26 | 04,800,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

[2001/08/23 02:33:10 | 00,010,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter [On_Demand | Running])

[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Running])

[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])

[2004/08/13 05:56:20 | 00,005,810 | ---- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])

[2008/08/30 14:18:41 | 00,143,360 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\system32\drivers\mv61xx.sys -- (mv61xx [boot | Running])

[2007/05/11 05:03:00 | 06,738,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running])

[2004/03/19 10:17:44 | 00,016,512 | ---- | M] (Dekart) -- C:\Program Files\Dekart\Private Disk Light\pdrjndl.sys -- (PDRJNDL [Auto | Running])

[2004/05/06 09:10:08 | 00,014,976 | ---- | M] (Dekart) -- C:\Program Files\Dekart\Private Disk Light\prvdisk.sys -- (PRVDISK [Auto | Running])

[2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2008/06/16 03:00:00 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2006/11/07 19:02:04 | 00,022,272 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Running])

[2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Running])

[2004/08/04 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])

[2008/08/11 10:53:22 | 00,057,328 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter [Disabled | Stopped])

[2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2004/09/10 06:00:00 | 00,084,064 | ---- | M] (Rainbow Technologies, Inc.) -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel [Auto | Running])

[2008/08/30 17:10:41 | 00,129,248 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman [boot | Running])

[2008/11/12 16:02:26 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssfs0bbc.sys -- (ssfs0bbc [boot | Running])

[2008/11/12 16:02:26 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\sshrmd.sys -- (sshrmd [boot | Running])

[2008/11/12 16:02:28 | 00,170,608 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssidrv.sys -- (ssidrv [boot | Running])

[2008/06/20 06:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [system | Running])

[2008/08/30 17:10:38 | 00,368,544 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman [boot | Running])

[2008/08/30 17:10:49 | 00,044,384 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter [Auto | Running])

[2008/08/30 17:10:49 | 00,441,760 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter [boot | Running])

[2008/04/13 13:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-583907252-1580436667-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKU\S-1-5-21-583907252-1580436667-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKU\S-1-5-21-583907252-1580436667-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2

HKU\S-1-5-21-583907252-1580436667-682003330-1003\S-1-5-21-583907252-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-583907252-1580436667-682003330-1003\S-1-5-21-583907252-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (713 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe [2008/11/11 01:56:22 00,000,000 | ---D | M]

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe [2008/11/11 01:56:22 00,000,000 | ---D | M]

O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKCU\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-583907252-1580436667-682003330-1003\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKU\S-1-5-21-583907252-1580436667-682003330-1003\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" (Acronis)

O4 - HKLM..\Run: [Adobe_ID0EYTHM] "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" ()

O4 - HKLM..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE" (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe" ()

O4 - HKLM..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe" ()

O4 - HKLM..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe" ()

O4 - HKLM..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" ()

O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install ()

O4 - HKLM..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" (ScanSoft, Inc.)

O4 - HKLM..\Run: [POINTER] point32.exe File not found

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)

O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" (Sonic Solutions)

O4 - HKLM..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE" (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sideWinderTrayV4] "C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe" (Microsoft Corporation)

O4 - HKLM..\Run: [spySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray (Webroot Software, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" (Acronis)

O4 - HKLM..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" -expressboot (BillP Studios)

O4 - HKCU..\Run: [sansaDispatch] C:\Documents and Settings\Y-P Major\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe File not found

O4 - HKCU..\Run: [sHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background (Rogers Cable Communications)

O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (Google Inc.)

O4 - HKCU..\Run: [update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background (Rogers Cable Communications Inc. )

O4 - HKCU..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" (Webroot Software, Inc.)

O4 - HKU\S-1-5-21-583907252-1580436667-682003330-1003..\Run: [sansaDispatch] C:\Documents and Settings\Y-P Major\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe File not found

O4 - HKU\S-1-5-21-583907252-1580436667-682003330-1003..\Run: [sHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background (Rogers Cable Communications)

O4 - HKU\S-1-5-21-583907252-1580436667-682003330-1003..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (Google Inc.)

O4 - HKU\S-1-5-21-583907252-1580436667-682003330-1003..\Run: [update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background (Rogers Cable Communications Inc. )

O4 - HKU\S-1-5-21-583907252-1580436667-682003330-1003..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" (Webroot Software, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Y-P Major\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-583907252-1580436667-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Ranges: 127.0.0.1 (http in Local intranet | )

O15 - HKU\S-1-5-21-583907252-1580436667-682003330-1003\..Trusted Ranges: 127.0.0.1 (http in Local intranet | )

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecurity.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1219824127875 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

DfLogon: "DllName" = LogonDll.dll -- C:\WINDOWS\system32\LogonDll.dll ()

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"Authentication Packages" = msv1_0,relog_ap,

>[2007/02/16 15:43:12 | 00,008,704 | ---- | M] (Acronis) -- C:\WINDOWS\system32\relog_ap.dll

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2008/08/27 02:06:30 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AutoRun.inf [[AutoRun] | open=PortableRoboForm.exe | action=Launch RoboForm2Go | shell\RoboForm2Go=Launch RoboForm2Go | shell\RoboForm2Go\command=PortableRoboForm.exe | icon=PortableRoboForm.exe | label=RoboForm2Go | ]

[2008/10/31 23:29:32 | 00,000,197 | ---- | M] () -- I:\AutoRun.inf -- [ FAT32 ]

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2008/11/27 21:30:03 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Y-P Major\Desktop\OTListIt.exe

[2008/11/27 01:39:51 | 00,038,229 | ---- | C] (Generic) -- C:\WINDOWS\System32\drivers\StMp3Rec.sys

[2008/11/25 21:21:54 | 00,000,000 | ---D | C] -- C:\fsaua.data

[2008/11/25 09:27:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\SanDisk

[2008/11/25 08:47:35 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[2008/11/24 21:52:00 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys

[2008/11/24 21:52:00 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini

[2008/11/24 21:52:00 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd

[2008/11/24 21:51:59 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll

[2008/11/24 21:51:59 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe

[2008/11/24 21:09:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Desktop\gmer

[2008/11/24 21:06:57 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Y-P Major\Desktop\gmer.zip

[2008/11/24 21:06:28 | 00,356,763 | ---- | C] () -- C:\Documents and Settings\Y-P Major\Desktop\dds.scr

[2008/11/23 20:20:04 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

[2008/11/23 20:19:30 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2008/11/23 19:37:29 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2008/11/23 19:37:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2008/11/23 19:22:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2008/11/23 18:04:04 | 00,000,000 | ---D | C] -- C:\Program Files\RogueRemover FREE

[2008/11/23 15:10:48 | 00,000,508 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Y-P Major.job

[2008/11/23 15:10:44 | 00,000,494 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Y-P Major.job

[2008/11/23 14:44:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\WinPatrol

[2008/11/23 14:44:37 | 00,000,000 | ---D | C] -- C:\Program Files\BillP Studios

[2008/11/23 14:30:13 | 00,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk

[2008/11/23 14:30:13 | 00,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

[2008/11/23 14:30:13 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Y-P Major\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk

[2008/11/22 23:38:24 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer

[2008/11/22 23:07:37 | 00,001,712 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_L6F0734F7AB7E49AF87136D3A2A6BE246.job

[2008/11/22 23:01:17 | 00,000,000 | ---D | C] -- C:\Binaries

[2008/11/22 23:00:57 | 01,553,272 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll

[2008/11/22 22:59:15 | 00,000,164 | ---- | C] () -- C:\install.dat

[2008/11/22 22:25:19 | 00,424,960 | ---- | C] (Webroot Software, Inc) -- C:\WINDOWS\WRServices.dll

[2008/11/22 21:35:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\Uniblue

[2008/11/22 21:19:52 | 00,000,000 | ---D | C] -- C:\Program Files\ESET

[2008/11/22 18:52:25 | 00,000,000 | ---D | C] -- C:\Program Files\Roxio

[2008/11/22 18:50:26 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar

[2008/11/22 18:49:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared

[2008/11/22 18:28:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\Blackberry Desktop

[2008/11/22 18:28:41 | 00,000,000 | ---D | C] -- C:\Program Files\Research In Motion

[2008/11/22 18:16:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

[2008/11/22 17:59:15 | 00,000,496 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2008/11/22 17:46:45 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\rx_image32.Cache

[2008/11/22 17:22:21 | 00,000,000 | ---D | C] -- C:\Boot File Backup

[2008/11/22 15:39:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2008/11/22 12:30:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2008/11/22 12:30:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\Sun

[2008/11/22 02:02:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\CutePDF Writer

[2008/11/22 02:01:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\CutePDF_Filler

[2008/11/22 02:01:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\CutePDF

[2008/11/22 01:59:25 | 00,000,000 | ---D | C] -- C:\Program Files\Acro Software

[2008/11/16 04:41:56 | 00,011,941 | ---- | C] () -- C:\Documents and Settings\Y-P Major\My Documents\Pi%C3%A8ce%20jointe[1].pdf

[2008/11/15 18:05:42 | 00,000,606 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI

[2008/11/15 07:35:12 | 00,000,002 | ---- | C] () -- C:\WINDOWS\Twain001.Mtx

[2008/11/15 07:30:42 | 00,007,680 | -HS- | C] () -- C:\Thumbs.db

[2008/11/15 06:46:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\Malwarebytes

[2008/11/15 06:46:40 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008/11/15 06:46:37 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/11/15 06:46:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008/11/15 06:46:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008/11/15 06:15:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\Systweak

[2008/11/15 04:24:12 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys

[2008/11/15 04:19:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Download Manager

[2008/11/15 01:55:04 | 00,055,120 | ---- | C] () -- C:\Documents and Settings\Y-P Major\Application Data\GDIPFONTCACHEV1.DAT

[2008/11/14 02:19:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2008/11/14 02:19:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2008/11/14 02:19:23 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2008/11/14 02:19:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\Apple

[2008/11/14 02:19:21 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2008/11/14 02:19:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

[2008/11/14 02:18:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\Apple Computer

[2008/11/12 16:02:28 | 00,170,608 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssidrv.sys

[2008/11/12 16:02:26 | 00,029,808 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfs0bbc.sys

[2008/11/12 16:02:26 | 00,023,152 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\sshrmd.sys

[2008/11/12 16:02:20 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll

[2008/11/12 16:02:12 | 00,016,240 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe

[2008/11/12 07:12:52 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2008/11/12 07:12:46 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll

[2008/11/08 22:25:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI

[2008/11/08 22:07:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2008/11/08 20:16:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008/11/08 20:16:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\Mozilla

[2008/11/08 20:16:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\Mozilla

[2008/11/08 20:16:27 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2008/11/08 20:07:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\OpenOffice.org

[2008/11/08 19:24:00 | 00,000,000 | ---D | C] -- C:\Program Files\JRE

[2008/11/08 19:23:56 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2008/11/08 17:56:56 | 00,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe

[2008/11/08 17:56:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2008/11/08 17:56:34 | 00,000,000 | ---D | C] -- C:\Psfonts

[2008/11/08 17:56:13 | 00,000,603 | ---- | C] () -- C:\WINDOWS\winiini.fin

[2008/11/08 17:56:13 | 00,000,000 | ---D | C] -- C:\Program Files\Finale 2003a

[2008/11/08 17:43:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Y-P Major\Application Data\FileMaker

[2008/11/08 17:41:37 | 00,000,000 | ---D | C] -- C:\Program Files\FileMaker 5.5

[2008/11/03 21:43:15 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Y-P Major\My Documents\My Videos

[2008/11/03 21:24:33 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2008/11/03 21:24:26 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll

[2008/11/03 21:24:23 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2

[2008/11/03 21:23:45 | 00,000,000 | ---D | C] -- C:\bab424dfa7535d205568ef

[2008/11/03 21:22:59 | 00,000,000 | ---D | C] -- C:\2ddf0459ddf4f11392a188723ccb

[2008/11/03 21:22:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2008/11/03 21:22:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2008/11/03 21:22:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF

[2008/11/03 21:22:13 | 00,000,000 | ---D | C] -- C:\e9954975cf2d158c4162

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2008/11/27 21:35:07 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008/11/27 21:30:12 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Y-P Major\Desktop\OTListIt.exe

[2008/11/27 18:06:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008/11/27 18:06:54 | 32,202,87488 | -HS- | M] () -- C:\hiberfil.sys

[2008/11/27 01:09:15 | 00,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Y-P Major.job

[2008/11/27 01:00:12 | 00,000,494 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Y-P Major.job

[2008/11/25 08:47:35 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[2008/11/24 21:52:00 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys

[2008/11/24 21:52:00 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini

[2008/11/24 21:52:00 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd

[2008/11/24 21:51:59 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll

[2008/11/24 21:09:50 | 00,811,008 | ---- | M] () -- C:\WINDOWS\gmer.exe

[2008/11/24 21:07:09 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Y-P Major\Desktop\gmer.zip

[2008/11/24 21:06:31 | 00,356,763 | ---- | M] () -- C:\Documents and Settings\Y-P Major\Desktop\dds.scr

[2008/11/23 14:35:59 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini

[2008/11/23 14:35:59 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2008/11/23 14:35:59 | 00,000,194 | -HS- | M] () -- C:\boot.ini

[2008/11/22 23:07:42 | 00,000,713 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2008/11/22 23:07:37 | 00,001,712 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L6F0734F7AB7E49AF87136D3A2A6BE246.job

[2008/11/22 22:59:17 | 00,000,164 | ---- | M] () -- C:\install.dat

[2008/11/22 19:33:29 | 00,055,120 | ---- | M] () -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2008/11/22 19:31:25 | 01,518,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/11/22 18:00:18 | 00,000,496 | ---- | M] () -- C:\WINDOWS\WININIT.INI

[2008/11/22 17:46:45 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\rx_image32.Cache

[2008/11/22 16:44:57 | 00,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk

[2008/11/22 16:44:57 | 00,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

[2008/11/22 16:44:57 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\Y-P Major\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk

[2008/11/16 04:41:56 | 00,011,941 | ---- | M] () -- C:\Documents and Settings\Y-P Major\My Documents\Pi%C3%A8ce%20jointe[1].pdf

[2008/11/15 18:16:48 | 00,000,606 | ---- | M] () -- C:\WINDOWS\Uninstall Manager.INI

[2008/11/15 04:24:12 | 00,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys

[2008/11/15 01:55:04 | 00,055,120 | ---- | M] () -- C:\Documents and Settings\Y-P Major\Application Data\GDIPFONTCACHEV1.DAT

[2008/11/14 18:18:24 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/14 02:19:23 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2008/11/13 17:11:26 | 01,553,272 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll

[2008/11/13 17:04:24 | 00,511,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll

[2008/11/12 16:51:32 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008/11/12 16:02:28 | 00,170,608 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssidrv.sys

[2008/11/12 16:02:26 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfs0bbc.sys

[2008/11/12 16:02:26 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\sshrmd.sys

[2008/11/12 16:02:20 | 00,031,088 | ---- | M] () -- C:\WINDOWS\System32\wrLZMA.dll

[2008/11/12 16:02:12 | 00,016,240 | ---- | M] () -- C:\WINDOWS\System32\SsiEfr.exe

[2008/11/09 12:44:44 | 02,638,200 | -H-- | M] () -- C:\Documents and Settings\Y-P Major\Local Settings\Application Data\IconCache.db

[2008/11/08 22:25:34 | 00,000,000 | ---- | M] () -- C:\WINDOWS\OpPrintServer.INI

[2008/11/08 20:16:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2008/11/08 17:56:13 | 00,000,603 | ---- | M] () -- C:\WINDOWS\winiini.fin

[2008/11/03 21:28:59 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2008/11/03 21:28:59 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2008/11/03 21:23:41 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2008/11/03 21:22:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2008/11/03 19:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008/11/03 15:46:59 | 00,509,720 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008/11/03 15:46:59 | 00,433,186 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008/11/03 15:46:59 | 00,067,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

< End of report >

(((((((((((((((((((( OTListIt Extras.txt ))))))))))))))))))))

OTListIt Extras logfile created on: 27/11/2008 9:36:49 PM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Y-P Major\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.08 Gb Total Space | 249.15 Gb Free Space | 83.58% Space Free | Partition Type: NTFS

Drive D: | 465.76 Gb Total Space | 212.07 Gb Free Space | 45.53% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 7.45 Gb Total Space | 6.23 Gb Free Space | 83.64% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 969.06 Mb Total Space | 959.38 Mb Free Space | 99.00% Space Free | Partition Type: FAT32

Computer Name: Y-P-P5K-SE

Current User Name: Y-P Major

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

File not found -- C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server

[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2007/03/20 15:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server

[2004/08/19 22:48:06 | 02,314,240 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Install Network Printer Wizard\hpjsi.exe:*:Enabled:HP Jetdirect Wireless Setup Wizard

[2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{003447F5-0058-4B77-9C1E-50488F77C4A7}" = Brother P-touch Editor 4.2

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0

"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3

"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs

"{0725C68F-FD3A-4476-BDA0-C002C7FE307C}" = BlackBerry Desktop Software 4.2.2

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS

"{0C6FFD51-E507-4A29-8B25-4C1AF2796BA0}" = Roxio High-Def/Blu-ray Disc Plug-In

"{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830

"{0DD2BDF7-EAC8-41F7-83ED-61A2D05C6235}" = Adobe Setup

"{0E73300E-52D9-4457-88C5-B8FD6A149697}" = Chief Architect 10.0 Tutorial Videos

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets

"{1A3D8A23-3215-46B7-AB97-E304ADABFC18}" = ESET NOD32 Antivirus

"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth

"{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module

"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}

"{1F698102-5739-441E-96F0-74F4EA540F06}" = Atheros Ethernet Utility

"{21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}" = EMC 11 Content

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 10

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2B82EF41-0E63-474D-8C5F-A8EFD0FF3497}" = Chief Architect Full Version

"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1

"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder

"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5

"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite

"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Creator 2009

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core

"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content

"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC

"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{547D4265-AF45-42E9-A62A-C58182AA35B9}" = Sentinel Protection Installer 7.0.0

"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate

"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3

"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack

"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition

"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup

"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis

Link to post
Share on other sites

Hello Yvon-Pierre,

I was a bit surprised to find that you had another thread for the same set of issues.

ref: http://www.malwarebytes.org/forums/index.php?showtopic=7740

We need to take a time out to see which one of us should continue on your case, whether 1972vet or myself. It is not fair and not recommended to have 2 helpers involved on 2 separate threads working the same case.

Link to post
Share on other sites

Hello Maurice,

Sorry for the double post but please be assured that I didn't do this on purpose. This is my first time asking for help with my computer online. Since I didn't get a reply to my first post (the one you replied to) after some time, I thought that my subject headings was not good enough. So I posted again. I was surprised to see your reply but assumed that since you did reply, it was OK to proceed.

I really appreciate the help I've received so far. I hope one of you will continue helping with my case. Can you please work this out so that the person with the most experience with my kind of problem can keep going?

Sorry again for the inconvenience and thanks for your understanding,

Yvon-Pierre

Link to post
Share on other sites

Hello Yvon-Pierre,

Using Windows Explorer, kindly look at the contents of this folder

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

and

C:\Documents and Settings\Y-P Major\Start Menu\Programs\Startup

I'm looking for any .INI files in there, and more specifically, any that were either created or modified in the past month or two.

Kindly confirm for me that your Windows XP is the English Canadian edition.

At this time, I'm interested in seeking the Desktop.ini files & their locations on this system.

Also get and run Silent Runners utility:

Close all non-essential programs & windows that you have open.

Go here and download & SAVE Silent Runners.vbs (use IE to download it) to a new folder on your drive and run it. It generates a log too {name will start with "Startup Programs". It takes a minute or two and it will notify you with a popup when your log is ready (it will be in the new folder you created). Please post the information back in this thread. If your AV queries the script, allow it to run. It's not malicious. It simply generates a report on your system, and does not do any cleanup.

Link to post
Share on other sites

Hello Maurice,

Thanks again for your help and for sticking with me. I was away all day yesterday and got home way too late to reply earlier. You will find below the info you requested.

In C:\Documents and Settings\All Users\Start Menu\Programs\Startup, I found only one INI file ("desktop.ini") dated Aug 27, 2008

Same thing with C:\Documents and Settings\Y-P Major\Start Menu\Programs\Startup, I found only one INI file ("desktop.ini") dated Aug 27, 2008

Elsewhere in "All Users", I found one "desktop.ini" in each of the following locations (all dated Aug 27, 2008 unless stated otherwise below):

-C:\Documents and Settings\All Users\Start Menu

-C:\Documents and Settings\All Users\Start Menu\Programs

-C:\Documents and Settings\All Users\Start Menu\Programs\Accessories (Sep 7, 2008)

-C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility

-C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications

-C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment

-C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools

-C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools

-C:\Documents and Settings\All Users\Start Menu\Programs\Applications\OpenOffice.org 3.0 (Nov 8, 2008)

-C:\Documents and Settings\All Users\Start Menu\Programs\Games (Oct 17, 2008)

System Properties reports that I'm running, and I quote, "Microsoft Windows XP Professional Version 2002 Service Pack 3". So yes, it is the English version and I presume it is the Canadian version since I purchased the computer in Canada

(((((((((((((((((((( SilentRunners Log ))))))))))))))))))))

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Window Washer" = ""C:\Program Files\Webroot\Washer\wwDisp.exe"" ["Webroot Software, Inc."]

"Update Manager" = ""C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background" ["Rogers Cable Communications Inc. "]

"swg" = ""C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"" ["Google Inc."]

"SHS" = ""C:\Program Files\Rogers\SelfHealing\SHS.exe" /background" ["Rogers Cable Communications"]

"CTFMON.EXE" = ""C:\WINDOWS\system32\ctfmon.exe"" [MS]

"SansaDispatch" = "C:\Documents and Settings\Y-P Major\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"TrueImageMonitor.exe" = ""C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"" ["Acronis"]

"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"SideWinderTrayV4" = ""C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe"" [MS]

"RTHDCPL" = ""C:\WINDOWS\RTHDCPL.EXE"" ["Realtek Semiconductor Corp."]

"RoxWatchTray" = ""C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"" ["Sonic Solutions"]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]

"POINTER" = "point32.exe" [MS]

"OpwareSE2" = ""C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"" ["ScanSoft, Inc."]

"nwiz" = ""C:\WINDOWS\system32\nwiz.exe" /install" ["NVIDIA Corporation"]

"NvMediaCenter" = ""C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"]

"CPU Power Monitor" = ""C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"" [empty string]

"Cpu Level Up help" = ""C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"" [empty string]

"ASUS Energy Saving" = ""C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe"" [empty string]

"Alcmtr" = ""C:\WINDOWS\ALCMTR.EXE"" ["Realtek Semiconductor Corp."]

"Ai Nap" = ""C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"" [null data]

"Adobe_ID0EYTHM" = ""C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE"" ["Adobe Systems Incorporated"]

"AcronisTimounterMonitor" = ""C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"" ["Acronis"]

"Acronis Scheduler2 Service" = ""C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"" ["Acronis"]

"Acrobat Assistant 8.0" = ""C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"" ["Adobe Systems Inc."]

"NvCplDaemon" = ""C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"CPMonitor" = ""C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"" [null data]

"WinPatrol" = ""C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" -expressboot" ["BillP Studios"]

"Malwarebytes' Anti-Malware" = ""C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray" ["Malwarebytes Corporation"]

"SpySweeper" = ""C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray" ["Webroot Software, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{074C1DC5-9320-4A9A-947D-C042949C6216}\(Default) = (no title provided)

-> {HKLM...CLSID} = "ContributeBHO Class"

\InProcServer32\(Default) = "C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."]

{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)

-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"

\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Spybot-S&D IE Protection"

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}\(Default) = "Canon Easy Web Print Helper"

-> {HKLM...CLSID} = "EWPBrowseObject Class"

\InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll" [null data]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Java Plug-In SSV Helper"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"

\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll" ["Google Inc."]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"

-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"

-> {HKLM...CLSID} = "Display Panning CPL Extension"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{C539A15A-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Context Menu Extension"

-> {HKLM...CLSID} = "Acronis True Image Shell Context Menu Extension"

\InProcServer32\(Default) = "C:\Program Files\Acronis\TrueImageHome\tishell.dll" ["Acronis"]

"{C539A15B-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Extension"

-> {HKLM...CLSID} = "Acronis True Image Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Acronis\TrueImageHome\tishell.dll" ["Acronis"]

"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{6EE51AA0-77A0-11D7-B4E1-000347126E46}" = "Window Washer Shredding Utility"

-> {HKLM...CLSID} = "Window Washer Shredding Utility"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"

-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]

"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"

-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\WEBROO~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\

<<!>> "Authentication Packages" = "msv1_0"|"relog_ap"

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> DfLogon\DLLName = "LogonDll.dll" [null data]

<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]

FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]

OnlineProtectMenu\(Default) = "{48865F7A-E34C-483f-AA6F-4AA38E2C3FC4}"

-> {HKLM...CLSID} = "OnlineProtectMenu Class"

\InProcServer32\(Default) = "C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll" ["SOS Online Backup"]

RXDCExtSvr\(Default) = "{70D0238E-E029-4a94-B68D-182018B6C4FF}"

-> {HKLM...CLSID} = "RXDCExtShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Roxio Creator 2009\Virtual Drive 11\DC_ShellExt.dll" ["Sonic Solutions"]

Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}"

-> {HKLM...CLSID} = "Window Washer Shredding Utility"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]

Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}"

-> {HKLM...CLSID} = "Window Washer Shredding Utility"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

OnlineProtectMenu\(Default) = "{48865F7A-E34C-483f-AA6F-4AA38E2C3FC4}"

-> {HKLM...CLSID} = "OnlineProtectMenu Class"

\InProcServer32\(Default) = "C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll" ["SOS Online Backup"]

RXDCExtSvr\(Default) = "{70D0238E-E029-4a94-B68D-182018B6C4FF}"

-> {HKLM...CLSID} = "RXDCExtShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Roxio Creator 2009\Virtual Drive 11\DC_ShellExt.dll" ["Sonic Solutions"]

SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\WEBROO~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\WEBROO~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AdobePremiereProCS3CameraArrival\

"Provider" = "Adobe Premiere Pro"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = ""C:\Program Files\Adobe\Adobe Premiere Pro CS3\Adobe Premiere Pro.exe""

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "ShellExecute HW Event Handler"

\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

BridgeCS3ImportMediaOnArrival\

"Provider" = "Adobe Bridge CS3"

"InvokeProgID" = "Adobe.adobebridge"

"InvokeVerb" = "launch"

HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]

CanonCW50PicturesOnArrival\

"Provider" = "Canon CameraWindow"

"InvokeProgID" = "Cw50.AutoplayHandler"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Cw50.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\CameraWindow\CameraWindowMC\CameraLauncher.exe" ["Canon Inc."]

CanonMPN22PictureOnArrival\

"Provider" = "MP Navigator Ver2.2"

"InvokeProgID" = "MPNavigator22.AutoplayHandler"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\MPNavigator22.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\MP Navigator 2.2\mpn22.exe /AUTOPLAY %1" ["CANON INC."]

CanonZB4PicturesOnArrival\

"Provider" = "ZoomBrowser EX"

"InvokeProgID" = "Zb.AutoplayHandler"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe /AUTOPLAY "%1"" [empty string]

CinePlayerDVD\

"Provider" = "Roxio CinePlayer"

"InvokeProgID" = "CinePlayer.PLAYDVD"

"InvokeVerb" = "Play"

HKLM\SOFTWARE\Classes\CinePlayer.PLAYDVD\shell\Play\Command\(Default) = "C:\Program Files\Roxio Creator 2009\5.0\CinePlayer.exe %l" ["Sonic Solutions"]

DVDClonerBackupDVDMovieOnArrival\

"Provider" = "DVD Cloner"

"InvokeProgID" = "DvdClonerV"

"InvokeVerb" = "Backup using DVD-Cloner V"

HKLM\SOFTWARE\Classes\DvdClonerV\shell\Backup using DVD-Cloner V\command\(Default) = "C:\Program Files\Dvd-cloner\dvd-cloner5.exe" ["DVD COLONER INC."]

InterActualPlayerPlayDVDVideoArrival\

"Provider" = "InterActual Player"

"InvokeProgID" = "InterActualPlayer.PlayDVD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\InterActualPlayer.PlayDVD\shell\play\command\(Default) = "C:\Program Files\InterActual\InterActual Player\iPlayer.exe -startup=autorun" ["Sonic Solutions"]

MediaCapture11Photos\

"Provider" = "Media Import"

"InvokeProgID" = "RoxioMediaCapture11"

"InvokeVerb" = "Photo"

HKLM\SOFTWARE\Classes\RoxioMediaCapture11\shell\Photo\command\(Default) = "C:\Program Files\Roxio Creator 2009\Media Import 11\MediaCapture11.exe -photo %L" ["Sonic Solutions"]

MediaCapture11VideoCamera\

"Provider" = "Media Import"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "C:\Program Files\Roxio Creator 2009\Media Import 11\MediaCapture11.exe"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "ShellExecute HW Event Handler"

\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

MediaCapture11Videos\

"Provider" = "Media Import"

"InvokeProgID" = "RoxioMediaCapture11"

"InvokeVerb" = "Video"

HKLM\SOFTWARE\Classes\RoxioMediaCapture11\shell\Video\command\(Default) = "C:\Program Files\Roxio Creator 2009\Media Import 11\MediaCapture11.exe -video %L" ["Sonic Solutions"]

MSWPDShellNamespaceHandler\

"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = " "

-> {HKLM...CLSID} = "WPDShextAutoplay"

\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

RoxioCreator10PlayCDAudioOnArrival\

"Provider" = "Roxio Creator Classic"

"InvokeProgID" = "Creator11"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Creator11\shell\open\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Creator Classic 11\Creator11.exe" ["Sonic Solutions"]

RoxioSCAudioCDTask45\

"Provider" = "Roxio Central Audio"

"InvokeProgID" = "Roxio.RoxioCentral45"

"InvokeVerb" = "AudioCDTask"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\AudioCDTask\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 10253C4C-229D-4c87-8D1D-169EFDFED869" [null data]

RoxioSCCopyCD45\

"Provider" = "Roxio Central Copy"

"InvokeProgID" = "Roxio.RoxioCentral45"

"InvokeVerb" = "ExactCopyJob"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\ExactCopyJob\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 20C35DAF-3B5B-4c2d-9DCD-5C866838F5CC" [null data]

RoxioSCCopyDisc45\

"Provider" = "Roxio Central Copy"

"InvokeProgID" = "Roxio.RoxioCentral45"

"InvokeVerb" = "ExactCopyJob"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\ExactCopyJob\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 20C35DAF-3B5B-4c2d-9DCD-5C866838F5CC" [null data]

RoxioSCDataProject45\

"Provider" = "Roxio Central Data"

"InvokeProgID" = "Roxio.RoxioCentral45"

"InvokeVerb" = "DataGuide"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\DataGuide\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 1FA905E4-5763-4ba8-999A-5E104D3CDE8C" [null data]

RoxioSCDataTask45\

"Provider" = "Roxio Central Data"

"InvokeProgID" = "Roxio.RoxioCentral45"

"InvokeVerb" = "DataTask"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\DataTask\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 9CA0EEEE-5BC5-41e9-8242-BEE21643FFF0" [null data]

RPCDBurningOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.CDBurn.6"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\

"Provider" = "RealPlayer"

"ProgID" = "RealPlayer.HWEventHandler"

HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"

-> {HKLM...CLSID} = "RealNetworks Scheduler"

\LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.AudioCD.6"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.DVD.6"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.AutoPlay.6"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

Startup items in "Y-P Major" & "All Users" startup folders:

-----------------------------------------------------------

C:\Documents and Settings\Y-P Major\Start Menu\Programs\Startup

"OpenOffice.org 3.0" -> shortcut to: "" [file not found]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

"APC UPS Status" -> shortcut to: "C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe" ["American Power Conversion Corporation"]

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE" [MS]

Enabled Scheduled Tasks:

------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

"Malwarebytes' Scheduled Scan for Y-P Major" -> launches: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /quickscanterminate" ["Malwarebytes Corporation"]

"Malwarebytes' Scheduled Update for Y-P Major" -> launches: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runupdate" ["Malwarebytes Corporation"]

"UPS System Shutdown Program" -> WARNING -- The file "UPS System Shutdown Program.job" is corrupt! (no executable)

"wrSpySweeper_L6F0734F7AB7E49AF87136D3A2A6BE246" -> launches: "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /ScheduleSweep=wrSpySweeper_L6F0734F7AB7E49AF87136D3A2A6BE246" ["Webroot Software, Inc."]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]

000000000006\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" = (no title provided)

-> {HKLM...CLSID} = "Contribute Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."]

"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"

-> {HKLM...CLSID} = "Easy-WebPrint"

\InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\

"MenuText" = "Spybot - Search & Destroy Configuration"

"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"

-> {HKLM...CLSID} = "Spybot-S&D IE Protection"

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]

Acronis Scheduler2 Service, AcrSch2Svc, ""C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"" ["Acronis"]

Acronis Try And Decide Service, TryAndDecideService, ""C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe"" [null data]

APC UPS Service, APC UPS Service, "C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe" ["American Power Conversion Corporation"]

Canon Camera Access Library 8, CCALib8, "C:\Program Files\Canon\CAL\CALMAIN.exe" ["Canon Inc."]

DF5Serv, DF5Serv, "C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe" ["Faronics Corporation"]

Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"]

FLEXnet Licensing Service, FLEXnet Licensing Service, ""C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"" ["Macrovision Europe Ltd."]

Google Updater Service, gusvc, ""C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"]

IPv6 Helper Service, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}

Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]

MBAMService, MBAMService, ""C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"" ["Malwarebytes Corporation"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Simple TCP/IP Services, SimpTcp, "C:\WINDOWS\system32\tcpsvcs.exe" [MS]

Webroot Client Service, WRConsumerService, ""C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe"" ["Webroot Software, Inc. "]

Webroot Spy Sweeper Engine, WebrootSpySweeperService, ""C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe"" ["Webroot Software, Inc. (www.webroot.com)"]

Window Washer Engine, wwEngineSvc, "C:\Program Files\Webroot\Washer\WasherSvc.exe" ["Webroot Software, Inc."]

Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}

Keyboard Driver Filters:

------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\

"UpperFilters" = <<!>> "DeepFrz" ["Faronics Corporation"]

Print Monitors:

---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]

Brother QL-550 Monitor\Driver = "PTQL5L.DLL" ["Brother Industries, Ltd."]

Canon BJ Language Monitor MP830\Driver = "CNMLM7Q.DLL" ["CANON INC."]

Canon MP FAX Language Monitor MP830\Driver = "CNCF2Lb.DLL" ["Canon Inc."]

HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]

---------- (launch time: 2008-11-29 13:04:01)

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 17 seconds, including 4 seconds for message boxes)

Link to post
Share on other sites

My thinking is that one of the desktop.ini files is the renegade that causes Windows Explorer to show at each Windows startup. So I'm going to have you move 2 of them out of the way.

Please download the OTMoveIt3 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :filesC:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.iniC:\Documents and Settings\Y-P Major\Start Menu\Programs\Startup\desktop.ini


  • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Logoff and Restart the system fresh. Now tell me if Windows Explorer opens up a window upon startup.

I've done a quick scan of the Silent Runners log and did not notice malicious entries.

Link to post
Share on other sites

Hello again!

I followed your instructions. Here is the OTMoveIt Log:

========== FILES ==========

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini moved successfully.

C:\Documents and Settings\Y-P Major\Start Menu\Programs\Startup\desktop.ini moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11292008_160300

Unfortunately, "My Computer" folder still opens after startup. I restarted the compuer twice to be sure but the window always appear. I felt like deleting all "desktop.ini" files that I could find but decided instead to wait for your next instructions.

Still hopeful!

Yvon-Pierre

Link to post
Share on other sites

I'll have you run Silent Runners one more time, but with extended search.

Close all open windows so you have a normal desktop view.

Locate where you saved Silentrunners.vbs

start it.

This time, answer "No" at the first message box

and "Yes" at the second message box.

Have plenty of patience and leave it alone, and wait for the completion message.

Reply with a copy of the new log. Let's see what it may show.

Link to post
Share on other sites

Here it the new log:

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Window Washer" = ""C:\Program Files\Webroot\Washer\wwDisp.exe"" ["Webroot Software, Inc."]

"Update Manager" = ""C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background" ["Rogers Cable Communications Inc. "]

"swg" = ""C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"" ["Google Inc."]

"SHS" = ""C:\Program Files\Rogers\SelfHealing\SHS.exe" /background" ["Rogers Cable Communications"]

"CTFMON.EXE" = ""C:\WINDOWS\system32\ctfmon.exe"" [MS]

"SansaDispatch" = "C:\Documents and Settings\Y-P Major\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"TrueImageMonitor.exe" = ""C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"" ["Acronis"]

"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"SideWinderTrayV4" = ""C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe"" [MS]

"RTHDCPL" = ""C:\WINDOWS\RTHDCPL.EXE"" ["Realtek Semiconductor Corp."]

"RoxWatchTray" = ""C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"" ["Sonic Solutions"]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]

"POINTER" = "point32.exe" [MS]

"OpwareSE2" = ""C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"" ["ScanSoft, Inc."]

"nwiz" = ""C:\WINDOWS\system32\nwiz.exe" /install" ["NVIDIA Corporation"]

"NvMediaCenter" = ""C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"]

"CPU Power Monitor" = ""C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"" [empty string]

"Cpu Level Up help" = ""C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"" [empty string]

"ASUS Energy Saving" = ""C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe"" [empty string]

"Alcmtr" = ""C:\WINDOWS\ALCMTR.EXE"" ["Realtek Semiconductor Corp."]

"Ai Nap" = ""C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"" [null data]

"Adobe_ID0EYTHM" = ""C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE"" ["Adobe Systems Incorporated"]

"AcronisTimounterMonitor" = ""C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"" ["Acronis"]

"Acronis Scheduler2 Service" = ""C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"" ["Acronis"]

"Acrobat Assistant 8.0" = ""C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"" ["Adobe Systems Inc."]

"NvCplDaemon" = ""C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"CPMonitor" = ""C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"" [null data]

"WinPatrol" = ""C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" -expressboot" ["BillP Studios"]

"Malwarebytes' Anti-Malware" = ""C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray" ["Malwarebytes Corporation"]

"SpySweeper" = ""C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray" ["Webroot Software, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{074C1DC5-9320-4A9A-947D-C042949C6216}\(Default) = (no title provided)

-> {HKLM...CLSID} = "ContributeBHO Class"

\InProcServer32\(Default) = "C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."]

{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)

-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"

\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Spybot-S&D IE Protection"

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}\(Default) = "Canon Easy Web Print Helper"

-> {HKLM...CLSID} = "EWPBrowseObject Class"

\InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll" [null data]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Java Plug-In SSV Helper"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"

\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll" ["Google Inc."]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"

-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"

-> {HKLM...CLSID} = "Display Panning CPL Extension"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{C539A15A-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Context Menu Extension"

-> {HKLM...CLSID} = "Acronis True Image Shell Context Menu Extension"

\InProcServer32\(Default) = "C:\Program Files\Acronis\TrueImageHome\tishell.dll" ["Acronis"]

"{C539A15B-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Extension"

-> {HKLM...CLSID} = "Acronis True Image Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Acronis\TrueImageHome\tishell.dll" ["Acronis"]

"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{6EE51AA0-77A0-11D7-B4E1-000347126E46}" = "Window Washer Shredding Utility"

-> {HKLM...CLSID} = "Window Washer Shredding Utility"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"

-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]

"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"

-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\WEBROO~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\

<<!>> "Authentication Packages" = "msv1_0"|"relog_ap"

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> DfLogon\DLLName = "LogonDll.dll" [null data]

<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]

FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]

OnlineProtectMenu\(Default) = "{48865F7A-E34C-483f-AA6F-4AA38E2C3FC4}"

-> {HKLM...CLSID} = "OnlineProtectMenu Class"

\InProcServer32\(Default) = "C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll" ["SOS Online Backup"]

RXDCExtSvr\(Default) = "{70D0238E-E029-4a94-B68D-182018B6C4FF}"

-> {HKLM...CLSID} = "RXDCExtShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Roxio Creator 2009\Virtual Drive 11\DC_ShellExt.dll" ["Sonic Solutions"]

Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}"

-> {HKLM...CLSID} = "Window Washer Shredding Utility"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]

Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}"

-> {HKLM...CLSID} = "Window Washer Shredding Utility"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

OnlineProtectMenu\(Default) = "{48865F7A-E34C-483f-AA6F-4AA38E2C3FC4}"

-> {HKLM...CLSID} = "OnlineProtectMenu Class"

\InProcServer32\(Default) = "C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll" ["SOS Online Backup"]

RXDCExtSvr\(Default) = "{70D0238E-E029-4a94-B68D-182018B6C4FF}"

-> {HKLM...CLSID} = "RXDCExtShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Roxio Creator 2009\Virtual Drive 11\DC_ShellExt.dll" ["Sonic Solutions"]

SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\WEBROO~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\WEBROO~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AdobePremiereProCS3CameraArrival\

"Provider" = "Adobe Premiere Pro"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = ""C:\Program Files\Adobe\Adobe Premiere Pro CS3\Adobe Premiere Pro.exe""

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "ShellExecute HW Event Handler"

\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

BridgeCS3ImportMediaOnArrival\

"Provider" = "Adobe Bridge CS3"

"InvokeProgID" = "Adobe.adobebridge"

"InvokeVerb" = "launch"

HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]

CanonCW50PicturesOnArrival\

"Provider" = "Canon CameraWindow"

"InvokeProgID" = "Cw50.AutoplayHandler"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Cw50.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\CameraWindow\CameraWindowMC\CameraLauncher.exe" ["Canon Inc."]

CanonMPN22PictureOnArrival\

"Provider" = "MP Navigator Ver2.2"

"InvokeProgID" = "MPNavigator22.AutoplayHandler"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\MPNavigator22.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\MP Navigator 2.2\mpn22.exe /AUTOPLAY %1" ["CANON INC."]

CanonZB4PicturesOnArrival\

"Provider" = "ZoomBrowser EX"

"InvokeProgID" = "Zb.AutoplayHandler"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe /AUTOPLAY "%1"" [empty string]

CinePlayerDVD\

"Provider" = "Roxio CinePlayer"

"InvokeProgID" = "CinePlayer.PLAYDVD"

"InvokeVerb" = "Play"

HKLM\SOFTWARE\Classes\CinePlayer.PLAYDVD\shell\Play\Command\(Default) = "C:\Program Files\Roxio Creator 2009\5.0\CinePlayer.exe %l" ["Sonic Solutions"]

DVDClonerBackupDVDMovieOnArrival\

"Provider" = "DVD Cloner"

"InvokeProgID" = "DvdClonerV"

"InvokeVerb" = "Backup using DVD-Cloner V"

HKLM\SOFTWARE\Classes\DvdClonerV\shell\Backup using DVD-Cloner V\command\(Default) = "C:\Program Files\Dvd-cloner\dvd-cloner5.exe" ["DVD COLONER INC."]

InterActualPlayerPlayDVDVideoArrival\

"Provider" = "InterActual Player"

"InvokeProgID" = "InterActualPlayer.PlayDVD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\InterActualPlayer.PlayDVD\shell\play\command\(Default) = "C:\Program Files\InterActual\InterActual Player\iPlayer.exe -startup=autorun" ["Sonic Solutions"]

MediaCapture11Photos\

"Provider" = "Media Import"

"InvokeProgID" = "RoxioMediaCapture11"

"InvokeVerb" = "Photo"

HKLM\SOFTWARE\Classes\RoxioMediaCapture11\shell\Photo\command\(Default) = "C:\Program Files\Roxio Creator 2009\Media Import 11\MediaCapture11.exe -photo %L" ["Sonic Solutions"]

MediaCapture11VideoCamera\

"Provider" = "Media Import"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "C:\Program Files\Roxio Creator 2009\Media Import 11\MediaCapture11.exe"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "ShellExecute HW Event Handler"

\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

MediaCapture11Videos\

"Provider" = "Media Import"

"InvokeProgID" = "RoxioMediaCapture11"

"InvokeVerb" = "Video"

HKLM\SOFTWARE\Classes\RoxioMediaCapture11\shell\Video\command\(Default) = "C:\Program Files\Roxio Creator 2009\Media Import 11\MediaCapture11.exe -video %L" ["Sonic Solutions"]

MSWPDShellNamespaceHandler\

"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = " "

-> {HKLM...CLSID} = "WPDShextAutoplay"

\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

RoxioCreator10PlayCDAudioOnArrival\

"Provider" = "Roxio Creator Classic"

"InvokeProgID" = "Creator11"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Creator11\shell\open\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Creator Classic 11\Creator11.exe" ["Sonic Solutions"]

RoxioSCAudioCDTask45\

"Provider" = "Roxio Central Audio"

"InvokeProgID" = "Roxio.RoxioCentral45"

"InvokeVerb" = "AudioCDTask"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\AudioCDTask\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 10253C4C-229D-4c87-8D1D-169EFDFED869" [null data]

RoxioSCCopyCD45\

"Provider" = "Roxio Central Copy"

"InvokeProgID" = "Roxio.RoxioCentral45"

"InvokeVerb" = "ExactCopyJob"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\ExactCopyJob\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 20C35DAF-3B5B-4c2d-9DCD-5C866838F5CC" [null data]

RoxioSCCopyDisc45\

"Provider" = "Roxio Central Copy"

"InvokeProgID" = "Roxio.RoxioCentral45"

"InvokeVerb" = "ExactCopyJob"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\ExactCopyJob\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 20C35DAF-3B5B-4c2d-9DCD-5C866838F5CC" [null data]

RoxioSCDataProject45\

"Provider" = "Roxio Central Data"

"InvokeProgID" = "Roxio.RoxioCentral45"

"InvokeVerb" = "DataGuide"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\DataGuide\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 1FA905E4-5763-4ba8-999A-5E104D3CDE8C" [null data]

RoxioSCDataTask45\

"Provider" = "Roxio Central Data"

"InvokeProgID" = "Roxio.RoxioCentral45"

"InvokeVerb" = "DataTask"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral45\shell\DataTask\Command\(Default) = "C:\Program Files\Roxio Creator 2009\Roxio Central 4\RoxioCentralFx.exe /Launch 9CA0EEEE-5BC5-41e9-8242-BEE21643FFF0" [null data]

RPCDBurningOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.CDBurn.6"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\

"Provider" = "RealPlayer"

"ProgID" = "RealPlayer.HWEventHandler"

HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"

-> {HKLM...CLSID} = "RealNetworks Scheduler"

\LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.AudioCD.6"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.DVD.6"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.AutoPlay.6"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

Startup items in "Y-P Major" & "All Users" startup folders:

-----------------------------------------------------------

C:\Documents and Settings\Y-P Major\Start Menu\Programs\Startup

"OpenOffice.org 3.0" -> shortcut to: "" [file not found]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

"APC UPS Status" -> shortcut to: "C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe" ["American Power Conversion Corporation"]

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE" [MS]

Enabled Scheduled Tasks:

------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

"Malwarebytes' Scheduled Scan for Y-P Major" -> launches: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /quickscanterminate" ["Malwarebytes Corporation"]

"Malwarebytes' Scheduled Update for Y-P Major" -> launches: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runupdate" ["Malwarebytes Corporation"]

"UPS System Shutdown Program" -> WARNING -- The file "UPS System Shutdown Program.job" is corrupt! (no executable)

"wrSpySweeper_L6F0734F7AB7E49AF87136D3A2A6BE246" -> launches: "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /ScheduleSweep=wrSpySweeper_L6F0734F7AB7E49AF87136D3A2A6BE246" ["Webroot Software, Inc."]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]

000000000006\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" = (no title provided)

-> {HKLM...CLSID} = "Contribute Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."]

"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"

-> {HKLM...CLSID} = "Easy-WebPrint"

\InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\

"MenuText" = "Spybot - Search & Destroy Configuration"

"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"

-> {HKLM...CLSID} = "Spybot-S&D IE Protection"

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]

Acronis Scheduler2 Service, AcrSch2Svc, ""C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"" ["Acronis"]

Acronis Try And Decide Service, TryAndDecideService, ""C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe"" [null data]

APC UPS Service, APC UPS Service, "C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe" ["American Power Conversion Corporation"]

Canon Camera Access Library 8, CCALib8, "C:\Program Files\Canon\CAL\CALMAIN.exe" ["Canon Inc."]

DF5Serv, DF5Serv, "C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe" ["Faronics Corporation"]

Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"]

FLEXnet Licensing Service, FLEXnet Licensing Service, ""C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"" ["Macrovision Europe Ltd."]

Google Updater Service, gusvc, ""C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"]

IPv6 Helper Service, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}

Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]

MBAMService, MBAMService, ""C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"" ["Malwarebytes Corporation"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Simple TCP/IP Services, SimpTcp, "C:\WINDOWS\system32\tcpsvcs.exe" [MS]

Webroot Client Service, WRConsumerService, ""C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe"" ["Webroot Software, Inc. "]

Webroot Spy Sweeper Engine, WebrootSpySweeperService, ""C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe"" ["Webroot Software, Inc. (www.webroot.com)"]

Window Washer Engine, wwEngineSvc, "C:\Program Files\Webroot\Washer\WasherSvc.exe" ["Webroot Software, Inc."]

Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}

Keyboard Driver Filters:

------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\

"UpperFilters" = <<!>> "DeepFrz" ["Faronics Corporation"]

Print Monitors:

---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]

Brother QL-550 Monitor\Driver = "PTQL5L.DLL" ["Brother Industries, Ltd."]

Canon BJ Language Monitor MP830\Driver = "CNMLM7Q.DLL" ["CANON INC."]

Canon MP FAX Language Monitor MP830\Driver = "CNCF2Lb.DLL" ["Canon Inc."]

HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]

---------- (launch time: 2008-11-29 16:42:57)

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 268 seconds.

---------- (total run time: 288 seconds)

Link to post
Share on other sites

Start HijackThis. Look for these lines and place a checkmark against each of the following, if still present

O4 - Startup: C:\Documents and Settings\Y-P Major\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = File not found
Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer (& or any other window) is closed when you click Fix Checked!

Start OTMoveIt3 by OldTimer.

  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :filesC:\AUTOEXEC.BATI:\AutoRun.infC:\Documents and Settings\All Users\Start Menu\Programs\Applications\OpenOffice.org 3.0\desktop.ini


  • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Logoff and Restart system.

Start HijackThis. Do a Scan and Save. Reply with copy of new HJT log and

Let me know if Windows Explorer is auto-opening.

Link to post
Share on other sites

Bingo! "My Computer" folder doesn't open automatically anymore! Thank you so much!

Below are the logs that you requested. Can you please confirm if everything looks normal now?

Also, I've installed quite a few security and safety utilities since my problems started. Which ones do you think I should keep? I was thinking of removing WinPatrol since this is the free version and leave installed only those utilities that I've paid for: Eset NOD32, Webroot SpySweeper and Window Washer, and Malwarebyte Anti-Malware. What do you suggest?

(((((((((( OTMoveIt3 Results window ))))))))))

========== FILES ==========

C:\AUTOEXEC.BAT moved successfully.

I:\AutoRun.inf moved successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\Applications\OpenOffice.org 3.0\Desktop.ini moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11292008_174439

(((((((((( HijackThis New Scan ))))))))))

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:51:23 PM, on 29/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\ASUS\AASP\1.00.61\aaCenter.exe

C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe

C:\WINDOWS\System32\ups.exe

C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Webroot\WebrootSecurity\SSU.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

https://www.google.com/accounts/ServiceLogi...rue&rm=fals

e&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k9

6igf4806cy&ltmpl=default&ltmplcache=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} -

C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE}

- C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

- C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar1.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper -

{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

- C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -

C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -

C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program

Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program

Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sideWinderTrayV4]

"C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe"

O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio

Shared\11.0\SharedCOM\RoxWatchTray11.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program

Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE"

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe"

/hide /waitservice

O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI

Suite\AiGear3\CpuPowerMonitor.exe"

O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI

Suite\CpuLevelUpHelp.exe"

O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI

Suite\EnergySaving\PwSave.exe"

O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM]

"C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE"

O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program

Files\Acronis\TrueImageHome\TimounterMonitor.exe"

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common

Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat

8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE"

C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator

2009\5.0\CPMonitor.exe"

O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP

Studios\WinPatrol\WinPatrol.exe" -expressboot

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes'

Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [spySweeper] "C:\Program

Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"

O4 - HKCU\..\Run: [update Manager] "C:\Program Files\Rogers\Update

Manager\UpdateManager.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe"

/background

O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"

O4 - HKCU\..\Run: [sansaDispatch] C:\Documents and Settings\Y-P

Major\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'Default user')

O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute

Personal Edition\Display.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE

O8 - Extra context menu item: Append to existing PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF -

res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF -

res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF -

res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List -

res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print -

res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program

Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program

Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

http://appldnld.apple.com.edgesuite.net/co...QuickTime/qtact

ivex/qtplugin.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer

Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -

C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.microsoft.com/microsoftu...n/x86/client/mu

web_site.cab?1219824127875

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner

3.3) - http://support.f-secure.com/ols/fscax.cab

O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program

Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program

Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation -

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour

Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -

C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep

Freeze\Install C-0\DF5Serv.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET

NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32

Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -

C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program

Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program

Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe

O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio

Creator 2009\Digital Home 11\RoxioUpnpService11.exe

O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions -

C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner -

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

(file missing)

O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common

Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe

O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions -

C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown

owner - C:\Program Files\Common

Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot

Software, Inc. (www.webroot.com) - C:\Program

Files\Webroot\WebrootSecurity\SpySweeper.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software,

Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. -

C:\Program Files\Webroot\Washer\WasherSvc.exe

--

End of file - 15952 bytes

Link to post
Share on other sites

Looks fine. Congratulations ;-)

I would agree: keep the anti-malware tools & the NOD32 which you have bought. Remove WinPatrol since you have quite a bit of protection already.

I am unfamiliar with Faronics Deep Freeze, which this pc has. If the license is not current, I'd suggest removing it as well. In the case that this is a company pc, then check with your IT Admin first.

This pc needs the latest version of Java runtime. Uninstall jre1.6(JRE Runtime Environment ) Sun Java package via Add/Remove Programs. If you see earlier versions there (e.g., JRE Runtime Environment 5.0 ), uninstall all of occurences. After uninstalling, reboot if directed to do so.

In Windows Explorer, navigate to and delete C:\Program Files\Java <=this folder, if found.

  • Do NOT delete C:\Program Files\JavaVM <=this folder, if found!

Open an IE window and go to http://java.sun.com/javase/downloads/index.jsp

> In top of the page (first in the list), click on the Download button to the right of Java Runtime Environment (JRE) 6 Update 10

> If Information Bar pop-ups up, right-click on it and say it's OK to display the blocked content; :hand: You do not have to install the Java Web Start ActiveX Control

> Accept the license agreement

> Click on Windows Offline Installation, Multi-language and Save the file to your desktop; do not Run it.

When the download is complete, close all browser windows and double-click on the saved file to install the update.

  • Tip: Choose Custom install to select only the part(s) you need/want.

Delete the downloaded installation file after completing the above procedure and reboot if prompted to do so.

If you were /not/ prompted to reboot, please do so now.

=

For Adobe READER only:

De-install your Adobe Reader: Use Control Panel's Add-Remove programs, Remove Adobe Reader. Get the latest version from http://www.adobe.com/products/acrobat/readstep2.html

=

  • Please double-click OTMoveIt3.exe to run it.
  • Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.
  • Run ATF Cleaner, and checkmark "Empty Recycle Bin", click "Empty Selected" and exit the program. You can delete or keep this utility as you wish.
  • Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  • Check in at Windows Update and install any Critical Updates offered.
  • Download and Install Windows Defender by Microsoft (free) if you do not already have it:
    http://www.microsoft.com/downloads/details...A4-F7F14E605A0D
  • Make certain that Automatic Updates is enabled.
    • How to configure and use Automatic Updates in WinXP:
    http://support.microsoft.com/kb/306525

We are done. All the best.

Link to post
Share on other sites

Hello Maurice,

I've been trying to implement what you suggest in the last two hours with mix success, unfortunately. Can you help again? Here are the problems so far:

1-I've removed Java and downloaded the latest version. So far so good. But every time I try to run the installer, a window pops up reporting that Java is already installed on my computer and tells me to remove it using Add/Remove Programs control panel. There is nothing called "Java" or "JRE" or "Sun Java or JRE" to remove in my Add/Remove control panel!!! And the installer stops there.

2-You ask me to de-install Adobe Reader using Add/Remove Programs but Adobe Reader is not listed in there. I've got Adobe Acrobat 8 Professional installed as part of my Adobe suite of software but not Adobe Reader, unless it's hidden somewhere.

I'm waiting for your feedback. Thanks again!

Yvon-Pierre

P.S. DeepFreeze is a utility to protect a PC from any modifications made by humans or malware. I turn it on when the kids are using the computer. If they mess-up the settings or download virus by accident, I simply have to restart the computer to bring it back to the state it was in when I turned on DeepFreeze. Great utility... I should have left it on two weeks ago before my troubles started!!

Link to post
Share on other sites

I'd suggest using the Javara utility to remove older Java remnants.

Download -- to your Desktop -- JavaRa.Zip from either of these two sites:

http://prm753.bchea.org/click/click.php?id=9
http://www.majorgeeks.com/JavaRa_d5967.htmlUnzip the download. This will create a new Folder, JavaRa on your Desktop.
Double click this new Folder to open it, and double click the file within: JavaRa to execute the program.
Click the button: Remove Older Versions.
Agree to the cleanup operation by clicking Yes. After a moment, a notice will appear that a log file has been produced. Click OK. Close the Notepad view that opens.
Click the button: Other Tasks. Choose these options:
Remove Useless JRE Files
Remove Startup Entry
Remove JavaRa Logfile
Click Go. When it finishes, click OK to close the panel, and then Exit the program.
Delete the Javara download, and the unzipped folder and all contents.

Next, apply the Java runtime 6 Update 10 (downloaded before).

As to the Adobe Acrobat suite that you have, make sure to run the Update module to get the latest updates. You should consider downloading and installing Adobe Reader version 9.

Link to post
Share on other sites

Hello Maurice,

I downloaded JavaRa and followed your instructions very carefully but it still doesn't work. I restarted the computer and tried once more without success.

When I run "jre-6u10-windows-i586-p.exe", here is what happens, step by step:

1-Get the message "This software has already been installed on your computer. Would you like to reinstall it?"

2-Click Yes

3-Get the message "This action is only valid for products that are currently installed"

4-Click OK

5-Message #1 re-appears

6-Click Yes again

7-Message #3 re-appears again

8-Click OK again

9-Installer quits

This is so weird. Any idea?

Thanks again!

Yvon-Pierre

Link to post
Share on other sites

Hello Maurice,

I went to the website specified: http://www.java.com/en/download/installed.jsp and I clicked on "Verify Java Version". The little green dot keeps running in circle and after about a minute, I'm brought to the following page: http://www.java.com/en/download/help/testvm.xml

So no luck there as well :huh: Is there a way I can kill the loading of Java at startup to be able to finish removing it totally or re-install over whatever is there?

Link to post
Share on other sites

Hello Yvon-Pierre,

Sorry for the troubles. Let's give this a try.

Start HijackThis. Look for these lines and place a checkmark against each of the following, if still present

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer (& or any other window) is closed when you click Fix Checked!

Please download the OTMoveIt3 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :filesC:\Program Files\Java\jre6


  • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Logoff and Restart the system fresh.

Next, go to Control Panel > Add or Remove Programs.

See if there is any entry for "Java".

Let me know.

Then go back to the Sun Java site

http://www.java.com/en/download/installed.jsp

Link to post
Share on other sites

Hello,

Still not able to make this work!

I scanned my computer with HijackThis and when I look for line "O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe", I notice that it says "(file missing)" at the end. I click "Fix Checked" anyway but it doesn't seem to fix anything since I get the same 023 line after a reboot and a new scan with HJT. I've pasted a copy of HJT scan below.

Then I follow instructions for OTMoveIt3.exe. Here is a copy of what shows under Results once I'm done:

========== FILES ==========

File/Folder C:\Program Files\Java\jre6 not found.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11302008_205219

I restarted the computer.

Then I checked Add or Remove Programs control panel. There are no "java" files of any kind to be found in there.

I try installing Java but run into the same messages as I sent you about 2 posts ago.

This is so weird... and frustrating! Any other idea?

Thanks for your patience!

(((((((((((((((((((( HijackThis Log ))))))))))))))))))))

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:57:28 PM, on 30/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe

C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ASUS\AASP\1.00.61\aaCenter.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\WINDOWS\System32\ups.exe

C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sideWinderTrayV4] "C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe"

O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"

O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"

O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"

O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe"

O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE"

O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"

O4 - HKCU\..\Run: [update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background

O4 - HKCU\..\Run: [sansaDispatch] C:\Documents and Settings\Y-P Major\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219824127875

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe

O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe

O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe

O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--

End of file - 15103 bytes

Link to post
Share on other sites

Turn off both SpySweeper & Faronics Deep Freeze. They are both likely preventing the tweaks in HJT & the registry.

You can typically do that by right-clicking their respective icon in the system tray, and then select option to disable or End.

To disable SpySweeper Shields

Open SpySweeper.

Click Shield Settings on the right

(or Shields on the left, depending what screen you're on).

Click Internet Explorer and uncheck all items.

Click Windows System and uncheck all items.

Click Hosts File and uncheck all items.

Click Startup Programs and uncheck all items.

Close SpySweeper.

Reboot you computer, and ensure Spy Sweeper is disabled.

Start HijackThis. Look for these lines and place a checkmark against each of the following, if still present

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing)

O2 - BHO: Java

Link to post
Share on other sites

Hello!

Thanks again for your help Maurice. Please keep in mind that my frustration has never been directed toward you. In fact, I'm very grateful for your help and I trust you completely. My computer was running older versions of Java and I'm glad I got rid of them. I was getting frustrated with the java installer though!

Following your instructions, I was able to get HijackThis to fix the "02-BHO..." files but not the "023-Service..." file.

So I decided to open the Registry Editor and look for anything "java". I ended deleting the "JavaSoft" folder within HKEY_Local_Machine/Software.

I restarted the computer and tried installing JRE once more. Eureka! It finally worked! I restarted the computer, went to the java site to check which version I'm running, and it reports that I have the latest jre. Great!

I hope it was OK to proceed this way? Can you please confirm?

To be on the safe side, I'm including below the latest HijackThis scan of my computer. Can you please take one last look at it and let me know if you see anything suspicious? The computer seems to be running fine but I would like your opinion just in case.

Thanks again for all your help... I'm doing a new full backup as soon as you confirm everything is fine!

(((((((((((((((((((( HijackThis Scan ))))))))))))))))))))

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:55:24 AM, on 01/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe

C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\ASUS\AASP\1.00.61\aaCenter.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\WINDOWS\System32\ups.exe

C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Webroot\WebrootSecurity\SSU.EXE

C:\DOCUME~1\Y-PMAJ~1\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe

c:\program files\internet explorer\iexplore.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sideWinderTrayV4] "C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe"

O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"

O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"

O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"

O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe"

O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE"

O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"

O4 - HKCU\..\Run: [update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background

O4 - HKCU\..\Run: [sansaDispatch] C:\Documents and Settings\Y-P Major\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219824127875

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe

O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe

O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe

O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--

End of file - 15239 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.