Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Resolved] shuts down Explorer for my safety


  • This topic is locked This topic is locked

#46
alumni72

alumni72

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I ended up buying Spysweeper - downloading it got me a $10 e-coupon along with an extra year thrown in.
At any rate, I ran it and the log is below.

After quarantining everything Spysweeper found, I made sure my firewall had exceptions for all the websites I am having trouble logging into, since I am now blocking cookies and I wanted to make sure that wasn't keeping me from logging in.
Unfortunately, that didn't help and I am still unable to log in to those websites.



Here is the Spysweeper log:

1:37 AM: Removal process completed. Elapsed time 00:00:03
1:37 AM: Quarantining All Traces: adecn cookie
1:37 AM: Quarantining All Traces: seeq cookie
1:37 AM: Quarantining All Traces: winantiviruspro cookie
1:37 AM: Quarantining All Traces: stamps.com cookie
1:37 AM: Quarantining All Traces: directtrack cookie
1:37 AM: Quarantining All Traces: partypoker cookie
1:37 AM: Quarantining All Traces: bizrate cookie
1:37 AM: Quarantining All Traces: ask cookie
1:37 AM: Quarantining All Traces: apmebf cookie
1:37 AM: Quarantining All Traces: about cookie
1:37 AM: Quarantining All Traces: 3 cookie
1:37 AM: Quarantining All Traces: exitexchange cookie
1:37 AM: Quarantining All Traces: ugo cookie
1:37 AM: Quarantining All Traces: atwola cookie
1:37 AM: Quarantining All Traces: 180search assistant/zango
1:37 AM: Quarantining All Traces: vs toolbar
1:37 AM: Quarantining All Traces: trojan-backdoor-adagoe
1:37 AM: Removal process initiated
1:20 AM: Traces Found: 34
1:20 AM: Full Sweep has completed. Elapsed time 01:51:31
1:20 AM: File Sweep Complete, Elapsed Time: 01:49:28
1:17 AM: Warning: Stream read error
1:17 AM: C:\avenger\backup.zip (ID = 373314)
1:13 AM: Warning: Failed to open file "c:\windows\temp\_avast4_\webshlock.txt". The operation completed successfully
1:13 AM: Warning: Failed to open file "c:\windows\temp\jet8bd4.tmp". The operation completed successfully
1:12 AM: Warning: Failed to open file "c:\windows\temp\jet8bc5.tmp". The operation completed successfully
12:41 AM: C:\Download\setupUS.exe (ID = 352899)
12:41 AM: Found System Monitor: spector pro
11:40 PM: C:\Documents and Settings\1 - Dad\DoctorWeb\Quarantine\A0090089.dll (ID = 373314)
11:31 PM: C:\Documents and Settings\1 - Dad\Application Data\SearchToolbarCorp (3 subtraces) (ID = 2147531814)
11:31 PM: Found Adware: vs toolbar
11:31 PM: Starting File Sweep
11:31 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:31 PM: c:\documents and settings\1 - dad\cookies\1 - dad@adecn[1].txt (ID = 2063)
11:31 PM: Found Spy Cookie: adecn cookie
11:31 PM: c:\documents and settings\2 - mom\cookies\2 - [email protected][1].txt (ID = 3332)
11:31 PM: Found Spy Cookie: seeq cookie
11:31 PM: c:\documents and settings\2 - mom\cookies\2 - [email protected][2].txt (ID = 3690)
11:31 PM: Found Spy Cookie: winantiviruspro cookie
11:31 PM: c:\documents and settings\2 - mom\cookies\2 - [email protected][1].txt (ID = 3438)
11:31 PM: c:\documents and settings\2 - mom\cookies\2 - mom@stamps[2].txt (ID = 3437)
11:31 PM: Found Spy Cookie: stamps.com cookie
11:31 PM: c:\documents and settings\2 - mom\cookies\2 - [email protected][1].txt (ID = 2528)
11:31 PM: Found Spy Cookie: directtrack cookie
11:31 PM: c:\documents and settings\2 - mom\cookies\2 - mom@partypoker[2].txt (ID = 3111)
11:31 PM: Found Spy Cookie: partypoker cookie
11:31 PM: c:\documents and settings\2 - mom\cookies\2 - mom@exitexchange[1].txt (ID = 2633)
11:31 PM: c:\documents and settings\2 - mom\cookies\2 - [email protected][1].txt (ID = 2038)
11:31 PM: c:\documents and settings\2 - mom\cookies\2 - mom@bizrate[1].txt (ID = 2308)
11:31 PM: Found Spy Cookie: bizrate cookie
11:31 PM: c:\documents and settings\2 - mom\cookies\2 - mom@ask[2].txt (ID = 2245)
11:31 PM: Found Spy Cookie: ask cookie
11:31 PM: c:\documents and settings\2 - mom\cookies\2 - mom@apmebf[2].txt (ID = 2229)
11:31 PM: Found Spy Cookie: apmebf cookie
11:31 PM: c:\documents and settings\2 - mom\cookies\2 - mom@about[2].txt (ID = 2037)
11:31 PM: Found Spy Cookie: about cookie
11:31 PM: c:\documents and settings\2 - mom\cookies\2 - [email protected][1].txt (ID = 1960)
11:31 PM: Found Spy Cookie: 3 cookie
11:31 PM: c:\documents and settings\3 - dennis\cookies\3 - dennis@atwola[1].txt (ID = 2255)
11:31 PM: c:\documents and settings\4 - alyssa\cookies\4 - alyssa@exitexchange[2].txt (ID = 2633)
11:31 PM: Found Spy Cookie: exitexchange cookie
11:31 PM: c:\documents and settings\4 - alyssa\cookies\4 - [email protected][2].txt (ID = 3609)
11:31 PM: Found Spy Cookie: ugo cookie
11:31 PM: c:\documents and settings\4 - alyssa\cookies\4 - alyssa@atwola[1].txt (ID = 2255)
11:31 PM: Found Spy Cookie: atwola cookie
11:31 PM: Starting Cookie Sweep
11:31 PM: Registry Sweep Complete, Elapsed Time:00:00:15
11:31 PM: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || winmedia (ID = 1333205)
11:31 PM: HKU\S-1-5-21-329068152-152049171-839522115-1003\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\zango\ (ID = 554173)
11:30 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\saix.dll (ID = 1156675)
11:30 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/saix.dll\ (ID = 1156667)
11:30 PM: HKLM\software\classes\saix.installercaller\ (ID = 1156661)
11:30 PM: HKLM\software\classes\saix.installercaller.1\ (ID = 1156657)
11:30 PM: HKCR\saix.installercaller\ (ID = 1156613)
11:30 PM: HKCR\saix.installercaller.1\ (ID = 1156609)
11:30 PM: Found Adware: 180search assistant/zango
11:30 PM: Starting Registry Sweep
11:30 PM: Memory Sweep Complete, Elapsed Time: 00:01:42
11:29 PM: Starting Memory Sweep
11:29 PM: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || winmedia (ID = 1374371)
11:29 PM: Found Trojan Horse: trojan-backdoor-adagoe
11:29 PM: Sweep initiated using definitions version 775
11:29 PM: Spy Sweeper 5.0.7.1608 started
11:29 PM: | Start of Session, Wednesday, October 04, 2006 |
********
11:29 PM: | End of Session, Wednesday, October 04, 2006 |
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:27 PM: Shield States
11:27 PM: Spyware Definitions: 775
11:26 PM: Spy Sweeper 5.0.7.1608 started
11:11 PM: Your spyware definitions have been updated.
Operation: File Access
Target:
Source: C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
11:11 PM: Tamper Detection
Operation: File Access
Target:
Source:
11:11 PM: Tamper Detection
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:09 PM: Shield States
11:09 PM: Spyware Definitions: 691
11:09 PM: Spy Sweeper 5.0.5.1286 started
11:09 PM: Spy Sweeper 5.0.5.1286 started
11:09 PM: | Start of Session, Wednesday, October 04, 2006 |
********
  • 0

Advertisements


#47
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Please post a new Winpfind log for me. I didn't have you run the Add-ons the first time so please post a new one according to these directions:

Reboot into Safe Mode


Doubleclick WinPFind.exe
  • Select " Run Add ONs" and then select ALL the options in the box below it, Press Apply
  • Click "Start Scan"
  • It will scan the entire System, so please be patient and let it complete.

Reboot back to Normal Mode!

  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Copy and paste WinPFind.txt in your next post here please.

  • 0

#48
alumni72

alumni72

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 10/5/2006 11:12:54 PM
WinPFind v1.5.0 Folder = C:\Documents and Settings\1 - Dad\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
UPX! 9/25/2006 11:45:08 AM 666240 C:\WINDOWS\SYSTEM32\aswBoot.exe ()
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 12/5/2005 6:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 2/3/2006 8:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 3/31/2006 12:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 8/18/2001 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 7/3/2006 5:40:50 PM 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PECompact2 7/3/2006 5:40:50 PM 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PTech 5/17/2006 11:23:38 AM 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL (Microsoft Corporation)
PECompact2 8/9/2006 3:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/9/2006 3:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/4/2004 3:56:54 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 9/24/2006 9:32:52 PM 9216 C:\WINDOWS\SYSTEM32\VundoFixSVC.exe (Atribune.org)
winsync 8/18/2001 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PEC2 9/11/1998 12:00:00 PM 751080 C:\WINDOWS\SYSTEM32\WIN32.TLB ()

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)
UPX! 11/9/2005 9:07:30 PM 1022432 C:\WINDOWS\SYSTEM32\drivers\VsapiNT.sys (Trend Micro Inc.)
aspack 11/9/2005 9:07:30 PM 1022432 C:\WINDOWS\SYSTEM32\drivers\VsapiNT.sys (Trend Micro Inc.)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/5/2006 11:11:44 PM S 2048 C:\WINDOWS\bootstat.dat ()
8/24/2006 9:46:48 PM H 10820 C:\WINDOWS\Help\update.GID ()
9/25/2006 6:42:58 PM HS 810064 C:\WINDOWS\system32\ilnmp.bak1 ()
9/27/2006 7:01:54 PM HS 833345 C:\WINDOWS\system32\ilnmp.bak2 ()
9/27/2006 7:54:34 PM HS 833327 C:\WINDOWS\system32\ilnmp.ini ()
9/26/2006 4:17:38 PM HS 823173 C:\WINDOWS\system32\ilnmp.ini2 ()
10/5/2006 11:11:50 PM H 12288 C:\WINDOWS\system32\config\default.LOG ()
9/26/2006 7:29:32 PM H 0 C:\WINDOWS\system32\config\SAM.DFG.LOG ()
10/5/2006 11:12:16 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
10/5/2006 11:11:44 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
9/26/2006 7:29:32 PM H 0 C:\WINDOWS\system32\config\software.DFG.LOG ()
10/5/2006 11:11:52 PM H 53248 C:\WINDOWS\system32\config\software.LOG ()
9/26/2006 7:29:32 PM H 0 C:\WINDOWS\system32\config\system.DFG.LOG ()
10/5/2006 11:10:26 PM H 1024 C:\WINDOWS\system32\config\system.LOG ()
8/15/2006 1:31:46 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
10/2/2006 7:15:06 PM S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 ()
10/2/2006 7:15:06 PM S 38065 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 ()
10/2/2006 7:15:10 PM S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 ()
10/2/2006 7:15:06 PM S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 ()
10/2/2006 7:15:06 PM S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 ()
10/2/2006 7:15:10 PM S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 ()
9/16/2006 1:43:20 PM H 0 C:\WINDOWS\system32\dellog\9B4EEB9EE047A876A53342E52B473531B475D49F.qcx ()
10/4/2006 9:02:46 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\a904f44e-eb56-464d-bcfd-64ee93aefb6a ()
10/4/2006 9:02:46 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
9/9/2006 2:34:10 AM H 8628 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_QI021E.GID ()
10/5/2006 10:32:48 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()
9/15/2006 7:27:12 PM HS 616448 C:\WINDOWS\Temp\2ad31c76.TMP ()

Checking for CPL files...
8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/18/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
11/17/2004 5:09:00 AM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
8/18/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase = http://www.kaspersky...can_unicode.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macr...director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - BDSCANONLINE Control - CodeBase = http://download.bitd...can8/oscan8.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase = http://update.micros...b?1136858992712
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase = http://fpdownload.ma...ash/swflash.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
1/28/2006 3:29:16 PM 1764 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
1/9/2006 9:57:36 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
9/26/2006 7:06:22 PM 737 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GhostSurf.lnk ()
1/10/2006 12:46:30 AM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ()
2/7/2006 10:47:28 PM 819 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
1/9/2006 4:26:58 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
5/30/2006 10:30:48 PM 2917 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
1/9/2006 9:57:36 PM HS 84 C:\Documents and Settings\1 - Dad\Start Menu\Programs\Startup\desktop.ini ()
1/10/2006 12:58:32 AM 1712 C:\Documents and Settings\1 - Dad\Start Menu\Programs\Startup\Dialog Tracker.lnk ()

Checking files in %USERPROFILE%\Application Data folder...
1/9/2006 4:26:58 PM HS 62 C:\Documents and Settings\1 - Dad\Application Data\desktop.ini ()
7/3/2006 4:53:16 PM 27576 C:\Documents and Settings\1 - Dad\Application Data\GDIPFONTCACHEV1.DAT ()
2/22/2006 3:46:58 AM 1024 C:\Documents and Settings\1 - Dad\Application Data\WavCodec.wff ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft...p...ER}&ar=home
\\Search Bar - http://us.rd.yahoo.c...rch/search.html
\\Search Page - http://us.rd.yahoo.c...//www.yahoo.com
\\Default_Page_URL - http://www.microsoft...p...&ar=msnhome
\\Default_Search_URL - http://us.rd.yahoo.c...//www.yahoo.com
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Bar - http://www.google.com/ie
\\Search Page - http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn...st/srchcust.htm
\\SearchAssistant - http://www.google.com/ie


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{9527D42F-D666-11D3-B8DD-00600838CD5F} - IEWatchObj Class = C:\WINDOWS\system32\IETie.dll (Tenebril Incorporated)
\{955BE0B8-BC85-4CAF-856E-8E0D8B610560} - Encarta Web Companion Helper Object = C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (Microsoft Corporation)
\{A765EE2A-6F1C-47C7-82DA-CE64DC466A10} - = C:\WINDOWS\system32\pmnli.dll ()
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar1.dll (Google Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (Yahoo! Inc.)
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (Yahoo! Inc.)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{147D6308-0614-4112-89B1-31402F9B82C4} - Encarta Web Companion = C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (Microsoft Corporation)
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8192 =
\\NEXTID - 8198
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8193 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 = Windows Messenger
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8195 = Sun Java Console
\\{85d1f590-48f4-11d9-9669-0800200c9a66} - 8196 = Uninstall BitDefender Online Scanner v8
\\{578FC4E3-151E-456c-AF8E-B63061EFE228} - 8197 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{578FC4E3-151E-456c-AF8E-B63061EFE228}} - MenuText: = ()
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - ButtonText: Yahoo! Services =
\{85d1f590-48f4-11d9-9669-0800200c9a66} - MenuText: Uninstall BitDefender Online Scanner v8 = ()
\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\PROGRA~1\AIM\aim.exe (America Online, Inc.)
\{B205A35E-1FC4-4CE3-818B-899DBBB3388C} - MenuText: = ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{48F45200-91E6-11CE-8A4F-0080C81A28D4} - TMD Shell Extension = C:\Program Files\Trend Micro\Internet Security 2005\Tmdshell.dll (Trend Micro Incorporated.)
\\{771A9DA0-731A-11CE-993C-00AA004ADB6C} - VBPropSheet = C:\Program Files\Trend Micro\Internet Security 2005\VBProp.dll (Trend Micro Incorporated.)
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{FED7043D-346A-414D-ACD7-550D052499A7} - dBpowerAMP Music Converter 1 = C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll ()
\\{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} - dBpowerAMP Music Converter = C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll ()
\\{CF74B903-3389-469c-B3B6-0204D204FCBD} - SnagIt Shell Extension = C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll (TechSmith Corporation)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\{23170F69-40C1-278A-1000-000100020000} - 7-Zip Shell Extension = C:\Program Files\7-Zip\7-zip.dll ()
\\{472083B0-C522-11CF-8763-00608CC02F24} - avast = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\\{7C9D5882-CB4A-4090-96C8-430BFE8B795B} - Webroot Spy Sweeper Context Menu Integration = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\7-Zip - {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll ()
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\ExplorerPlus Menu - {3A5C58F7-E421-4fcd-8DC2-F06B83E9E5AA} = C:\Program Files\Novatix\ExplorerPlus\NXShExt.dll (Novatix Corporation)
\Fix-It Menu - {A50302A0-8E15-11d2-887B-006008C1C087} = C:\Program Files\VCOM\SystemSuite\mxctxmnu.dll (V Communications, Inc.)
\SnagItMainShellExt - {CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll (TechSmith Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\{48F45200-91E6-11CE-8A4F-0080C81A28D4} - = C:\Program Files\Trend Micro\Internet Security 2005\Tmdshell.dll (Trend Micro Incorporated.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
\SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\7-Zip - {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll ()
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\ExplorerPlus Menu - {3A5C58F7-E421-4fcd-8DC2-F06B83E9E5AA} = C:\Program Files\Novatix\ExplorerPlus\NXShExt.dll (Novatix Corporation)
\Fix-It Menu - {A50302A0-8E15-11d2-887B-006008C1C087} = C:\Program Files\VCOM\SystemSuite\mxctxmnu.dll (V Communications, Inc.)
\SnagItMainShellExt - {CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll (TechSmith Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\{48F45200-91E6-11CE-8A4F-0080C81A28D4} - = C:\Program Files\Trend Micro\Internet Security 2005\Tmdshell.dll (Trend Micro Incorporated.)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalExt.NeroDigitalColumnHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)
\{FED7043D-346A-414D-ACD7-550D052499A7} - dBpowerAMP Column Handler = C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll ()

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
pccguide.exe - C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe (Trend Micro Incorporated.)
NvCplDaemon - C:\WINDOWS\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
NvMediaCenter - C:\WINDOWS\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
SetIcon - C:\Program Files\Generic\Seticon.exe (Standard Microsystems Corp.)
CTHelper - C:\WINDOWS\SYSTEM32\CTHELPER.EXE (Creative Technology Ltd)
SBDrvDet - C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
UpdReg - C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
EPSON Stylus C84 Series - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE (SEIKO EPSON CORPORATION)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ()
!ewido - C:\Program Files\ewido anti-spyware 4.0\ewido.exe (Anti-Malware Development a.s.)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
RCScheduleCheck - C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE (imagine LAN, Inc.)
Fix-It AV - C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe (V Communications, Inc.)
SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
PhotoShow Deluxe Media Manager - C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
swg - C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GhostSurf.lnk - C:\Program Files\GhostSurf\GhostSurf.exe (Tenebril Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe (TechSmith Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\1 - Dad\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\1 - Dad\Start Menu\Programs\Startup\Dialog Tracker.lnk - C:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe (Novatix Corporation)

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
\\{a5780613-492e-4a2a-a7fd-549610edf6cc} - HookRC Class = C:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL ()

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\pmnli - C:\WINDOWS\system32\pmnli.dll = ()
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
\WRNotifier - WRLogonNTF.dll = (Webroot Software, Inc.)

>>> DNS Name Servers <<<
{25F5E297-D75D-40DD-A7AD-F039263DF5E0} - (Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4))
{8FDED572-E4A4-40E1-AFE0-980C8DCC3A67} - (1394 Net Adapter)
{E492CE81-8A31-443F-83A4-54EF3C8BBD68} - (1394 Net Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

>>>>Output for AddOn file BotCheck_NoSubs.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
Ole\\DefaultLaunchPermission - 01 00 04 80 64 00 00 00 80 00 00 00 00 00 00 00 14 00 00 00 02 00 50 00 03 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00
Ole\\EnableDCOM - Y
Ole\\MachineLaunchRestriction - 01 00 04 80 48 00 00 00 58 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 1F 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 0B 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00
Ole\\MachineAccessRestriction - 01 00 04 80 44 00 00 00 54 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 02 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 07 00 00 00 00 00 14 00 07 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00
\AppCompat
\NONREDIST

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
Security Center\\AntiVirusDisableNotify - 0
Security Center\\FirewallDisableNotify - 0
Security Center\\UpdatesDisableNotify - 0
Security Center\\AntiVirusOverride - 0
Security Center\\FirewallOverride - 0
\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
Control\\CurrentUser - USERNAME
Control\\WaitToKillServiceTimeout - 20000
Control\\SystemStartOptions - FASTDETECT NOEXECUTE=OPTOUT SAFEBOOT:MINIMAL SOS BOOTLOG NOGUIBOOT
Control\\SystemBootDevice - multi(0)disk(0)rdisk(0)partition(1)
Control\\UpdateMode - 01
\AGP
\Arbiters
\BackupRestore
\Biosinfo
\BootVerificationProgram
\Class
\CoDeviceInstallers
\COM Name Arbiter
\ComputerName
\ContentIndex
\ContentIndexCommon
\CrashControl
\Creative Tech
\CriticalDeviceDatabase
\DeviceClasses
\FileSystem
\GraphicsDrivers
\GroupOrderList
\HAL
\IDConfigDB
\Keyboard Layout
\Keyboard Layouts
\Lsa
\MediaCategories
\MediaInterfaces
\MediaProperties
\MediaResources
\MediaSets
\MSPaper
\Network
\NetworkProvider
\Nls
\NTMS
\PnP
\Print
\PriorityControl
\ProductOptions
\SafeBoot
\ScsiPort
\SecurePipeServers
\SecurityProviders
\Server Applications
\ServiceGroupOrder
\ServiceProvider
\Session Manager
\Setup
\StillImage
\SystemResources
\Terminal Server
\TimeZoneInformation
\Update
\UsbFlags
\Video
\VirtualDeviceDrivers
\Watchdog
\Windows
\WMI
\WOW
\hivelist
\ServiceCurrent

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
Lsa\\Authentication Packages - msv1_0;
Lsa\\Bounds - 00 30 00 00 00 20 00 00
Lsa\\Security Packages - kerberos;msv1_0;schannel;wdigest;
Lsa\\LsaPid - 280
Lsa\\SecureBoot - 1
Lsa\\auditbaseobjects - 0
Lsa\\crashonauditfail - 0
Lsa\\disabledomaincreds - 0
Lsa\\everyoneincludesanonymous - 0
Lsa\\fipsalgorithmpolicy - 0
Lsa\\forceguest - 0
Lsa\\fullprivilegeauditing - 00
Lsa\\limitblankpassworduse - 1
Lsa\\lmcompatibilitylevel - 0
Lsa\\nodefaultadminowner - 1
Lsa\\nolmhash - 0
Lsa\\restrictanonymous - 0
Lsa\\restrictanonymoussam - 1
Lsa\\Notification Packages - scecli;
Lsa\\ImpersonatePrivilegeUpgradeToolHasRun - 1
\AccessProviders
\Audit
\Data
\GBG
\JD
\Kerberos
\MSV1_0
\Skew1
\SSO
\SspiCache

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
Parameters\\autodisconnect - 15
Parameters\\enableforcedlogoff - 1
Parameters\\enablesecuritysignature - 0
Parameters\\requiresecuritysignature - 0
Parameters\\NullSessionPipes - COMNAP;COMNODE;SQL\QUERY;SPOOLSS;LLSRPC;browser;
Parameters\\NullSessionShares - COMCFG;DFS$;
Parameters\\ServiceDll - %SystemRoot%\System32\srvsvc.dll
Parameters\\Lmannounce - 0
Parameters\\Size - 1
Parameters\\Guid - 2E 72 BA 29 A3 81 8B 47 B1 5F C9 98 91 8F C7 49
Parameters\\AdjustedNullSessionPipes - 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters]
Parameters\\autodisconnect - 15
Parameters\\enableforcedlogoff - 1
Parameters\\enablesecuritysignature - 0
Parameters\\requiresecuritysignature - 0
Parameters\\NullSessionPipes - COMNAP;COMNODE;SQL\QUERY;SPOOLSS;LLSRPC;browser;
Parameters\\NullSessionShares - COMCFG;DFS$;
Parameters\\ServiceDll - %SystemRoot%\System32\srvsvc.dll
Parameters\\Lmannounce - 0
Parameters\\Size - 1
Parameters\\Guid - 2E 72 BA 29 A3 81 8B 47 B1 5F C9 98 91 8F C7 49
Parameters\\AdjustedNullSessionPipes - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Parameters - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Parameters]
Parameters\\enableplaintextpassword - 0
Parameters\\enablesecuritysignature - 1
Parameters\\requiresecuritysignature - 0
Parameters\\ServiceDll - %SystemRoot%\System32\wkssvc.dll
Parameters\\OtherDomains -

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Parameters - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Parameters]
Parameters\\enableplaintextpassword - 0
Parameters\\enablesecuritysignature - 1
Parameters\\requiresecuritysignature - 0
Parameters\\ServiceDll - %SystemRoot%\System32\wkssvc.dll
Parameters\\OtherDomains -

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
SharedAccess\\Type - 32
SharedAccess\\Start - 2
SharedAccess\\ErrorControl - 1
SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
SharedAccess\\DependOnService - Netman;WinMgmt;
SharedAccess\\DependOnGroup -
SharedAccess\\ObjectName - LocalSystem
SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
\Epoch
\Parameters
\Security
\Setup
\Enum

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
RemoteRegistry\\Description - Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
RemoteRegistry\\DependOnService - RPCSS;
RemoteRegistry\\DisplayName - Remote Registry
RemoteRegistry\\ErrorControl - 1
RemoteRegistry\\ImagePath - %SystemRoot%\system32\svchost.exe -k LocalService
RemoteRegistry\\ObjectName - NT AUTHORITY\LocalService
RemoteRegistry\\Group -
RemoteRegistry\\Start - 4
RemoteRegistry\\Type - 32
RemoteRegistry\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00
\Parameters
\Security
\Enum

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]
RemoteRegistry\\Description - Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
RemoteRegistry\\DependOnService - RPCSS;
RemoteRegistry\\DisplayName - Remote Registry
RemoteRegistry\\ErrorControl - 1
RemoteRegistry\\ImagePath - %SystemRoot%\system32\svchost.exe -k LocalService
RemoteRegistry\\ObjectName - NT AUTHORITY\LocalService
RemoteRegistry\\Group -
RemoteRegistry\\Start - 4
RemoteRegistry\\Type - 32
RemoteRegistry\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00
\Parameters
\Security
\Enum

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipservice - No SUBKEYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipservice - not found.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipservice - No SUBKEYS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipservice - not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
TlntSvr\\Type - 16
TlntSvr\\Start - 3
TlntSvr\\ErrorControl - 1
TlntSvr\\ImagePath - C:\WINDOWS\System32\tlntsvr.exe
TlntSvr\\DisplayName - Telnet
TlntSvr\\DependOnService - RPCSS;TCPIP;NTLMSSP;
TlntSvr\\DependOnGroup -
TlntSvr\\ObjectName - LocalSystem
TlntSvr\\Description - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
\Security

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr]
TlntSvr\\Type - 16
TlntSvr\\Start - 3
TlntSvr\\ErrorControl - 1
TlntSvr\\ImagePath - C:\WINDOWS\System32\tlntsvr.exe
TlntSvr\\DisplayName - Telnet
TlntSvr\\DependOnService - RPCSS;TCPIP;NTLMSSP;
TlntSvr\\DependOnGroup -
TlntSvr\\ObjectName - LocalSystem
TlntSvr\\Description - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
\Security

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
\Parameters
\Security
\Enum

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
\Parameters
\Security
\Enum

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings]
Internet Settings\\ProxyEnable - 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
Internet Settings\\ProxyEnable - 0

>>>>Output for AddOn file BotCheck_Subs.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
Ole\\DefaultLaunchPermission - 01 00 04 80 64 00 00 00 80 00 00 00 00 00 00 00 14 00 00 00 02 00 50 00 03 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00
Ole\\EnableDCOM - Y
Ole\\MachineLaunchRestriction - 01 00 04 80 48 00 00 00 58 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 1F 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 0B 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00
Ole\\MachineAccessRestriction - 01 00 04 80 44 00 00 00 54 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 02 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 07 00 00 00 00 00 14 00 07 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00
Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} - 1
Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-
  • 0

#49
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Sorr for the late reply. Please try this for now. I'll look through the Winpfind log later. I'm a bit rushed right now so go ahead and follow the directions at the link below to run IEfix:

http://windowsxp.mvps.org/IEFIX.htm
  • 0

#50
alumni72

alumni72

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
No luck with IEFix - I ran it but still cannot log into most websites; I can log in here and post, but do not stay logged in after the current session is over.
The other websites, I still can't log in at all.
  • 0

#51
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
We have tried just about everything except the router. Please disconnect the router and try connecting directly to the internet bypassing the router.

Edited by Flrman1, 09 October 2006 - 02:36 PM.

  • 0

#52
alumni72

alumni72

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Well, I bypassed my router. I still have the same problem with eBay, but I tried one other message board I couldn't post to or even log into (it insisted I didn't have cookies enabled) and I was able to post there. That's the good news.
Whether or not I can post here will be known once I try to post this response. (edit: Yes, it worked.)

I also still cannot log onto the Microsoft Passport Network.

And when I go to Linksys to upgrade the firmware for my router, that website still insists I don't have cookies enabled.

"Oops...

Our web server has detected that you may not have Session Cookies enabled for your browser."

So again no real luck on this front. Did I mention before that I get a message in some cases that I don't have Session Cookies enabled (when I actually do)? I just wanted to make sure.

Is it possible that reinstalling Windows XP Pro might solve the problem? The idea has been bouncing around in the back of my head for a while now, but the prospect always frightens me. I'm annoyingly paranoid when it comes to losing data and I always end up buying a new, larger HDD so I can install Windows on a clean drive and then copy data back off of my older drive at my leisure. Problem is, I never have the leisure, so right now I have data I've been meaning to clean up and organize for years - going back to my 840mb HDD I upgraded from that back in 1999.
So if you don't think reinstalling Windows will help, please say so! :whistling:

2nd edit: I'm going to reconnect the router, since my son needs to use his laptop soon.

Edited by alumni72, 09 October 2006 - 07:35 PM.

  • 0

#53
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Yes reinstalling XP would correct it. How long has it been since the last reformat and reinstall?

Go to Tools > Internet Options. Click on the Privacy tab then click the "Advanced" button. Put a check in the box by "Override automatic cookie handling". Now under "First-party Cookies" put a tick by "Accept". Put a check in the box by "Always allow session cookies". Under "Third-party Cookies" put a tick by "Block". Click OK then Apply and OK again.

Let me know if those settings were already that way or not and if this changes anything.
  • 0

#54
alumni72

alumni72

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
'Override automatic cookie handling' was disabled - when I changed the settings as you recommended and tried to log into eBay, it looked like it had worked; I got past the login screen, but when I clicked on My eBay it flashed me back to the login screen again and from then on I wasn't able to get past thge login screen at all. This happens every time I open up an IE window and go to eBay - I can apparently log in, but when I try to navigate with eBay after that it throws me back out to the login screen.
I still can't log into MS Passport at all.

note: Out of curiosity I went to my firewall software and unchecked the 'Filter session cookies' option, and now I can navigate around in eBay with no trouble at all. Is allowing session cookies safe enough, or should I be concerned that I have to leave them unblocked?
Changing this option also allows me to get into the MS Passport website and also allows me into other websites that before were giving me grief about not having cookies enabled.

And I've had this install going since January - at that point every single thing about this system was brand-spanking new. Shiny, even.

So I guess this means I'm all set. I have some awesome new anti-spyware weapons (some too awesome for me to wield without special clearance) and a little better understanding of how this all works.
But I'll miss you, man! :whistling: Thanks for all the help you've provided, and for busting your hump for my sake over the past month. You kept me from doing horrible, unmentionable things to my PC!

Final question - If I had had to reinstall Windows, what data would I have lost? Every time I do it I go crazy with worry over losing some data or other that I don't know I need until it's gone - I'm a pretty pathetic worrier, I know - I have to back up favorites, address books (I busted mine during the last install and now I can't get anything out of it anyway), email files (my kids insist on using OE even though I tried forcing Outlook on them this last time, so backing up email is twice the pain it should be). Is there any tool out there that makes backing up all significant data like this any easier than doing it the old-fashioned way, when getting ready for a Windows install?

Thanks again - may we never meet again, I guess.....but if we do, you now know to run the other way! :blink:
  • 0

#55
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
The only data you would have lost would be anything you didn't backup. You should get in the habit of making regular backups of all your important data. I do it at least one a week.

There are a lot of programs out there that make backing up easier. I use Acronis True Image:

http://www.Acronis.com/

You're Welcome! :whistling:

* If I had you use Killbox to delete any files, go ahead and delete the C:\!Killbox folder then empty the Recycle Bin.


* Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.


* Go to Windows update and install all "High Priority Updates".


* Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

Edited by Flrman1, 11 October 2006 - 06:09 PM.

  • 0

Advertisements


#56
alumni72

alumni72

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Sorry - the PC is working well overall, but the password-storing thing is still an issue.

Geeks-to-Go is about the only message board that I can go to and find myself logged in. Others I have to log in every time I go there - and I never had to before (except for when I occasionally deleted cookies).
I went to Internet Options -> Content -> AutoComplete

I had, and still have, checked:

Forms
User names and passwords on forms
Prompt me to save passwords

I clicked the button to Clear Passwords, to make sure I was storing post-problem, valid password information on the sites where I wanted to automatically be logged in.

After clicking Clear Passwords, the app froze, so I had to C-A-D and close it. I tried 3 times, always with the same result. I tried from IE and from Control Panel - no difference. But when I went to a few websites and typed in username and password, I was asked if I wanted to save that information, giving me the impression that the clear had worked anyway. But for the past 2 days I have gone to several message boards more than once, and even after indicating that I did want to save my username and password, I still have to enter both fields every time I go to that page. Every website that I mentioned earlier on as being a problem in this regard is still a problem. The only one that is not is this website here, where I do remain logged in over time.

THe only way I know of to avoid this issue is to turn off the "Filter persistent cookies" option in my firewall software. Even with it turned on but with the problem websites listed in the exceptions area, the cookies are still blocked and I have to log in each time.
What are Persistent Cookies? There is an option to filter Foreign cookies and I will not switch that off, but if Persistent Cookies are safe then I'll leave that option off. I just want to make sure of what they are before I stop filtering them, though.
  • 0

#57
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
It is obvious that the problem is the settings on your firewall that is causing your problems. You are just going to have to change whatever settings you have to in order to remain logged in at these sites.

Edited by Flrman1, 14 October 2006 - 10:13 AM.

  • 0

#58
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP