Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo Infection [CLOSED] [RESOLVED]

Started by Rachel Chipman , Feb 05 2008 10:14 AM

  • This topic is locked This topic is locked

#16
Rorschach112
Posted 12 March 2008 - 05:58 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements

#17
Rorschach112
Posted 13 March 2008 - 03:23 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Post the logs please
  • 0

#18
Rachel Chipman
Posted 13 March 2008 - 03:58 PM

Rachel Chipman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thank you for your patience.
DrvIconQuery Log:
Report
03/13/2008 17:54:11.76


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
IconUnderline REG_NONE 03000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarSizeMove REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder
Type REG_SZ group
Text REG_SZ @shell32.dll,-30498
Bitmap REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,4
HelpID REG_SZ shell.hlp#51140

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30506
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ ClassicViewState
CheckedValue REG_DWORD 0x0
UncheckedValue REG_DWORD 0x1
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51076

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons
Text REG_SZ @shell32.dll,-30497
Type REG_SZ checkbox
ValueName REG_SZ {21EC2020-3AEA-1069-A2DD-08002B30309D}
CheckedValue REG_DWORD 0x0
UncheckedValue REG_DWORD 0x1
DefaultValue REG_DWORD 0x1
HKeyRoot REG_DWORD 0x80000001
HelpID REG_SZ shell.hlp#51150

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30507
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ SeparateProcess
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51079

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy\SeparateProcess
<NO NAME> REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30517
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ DisableThumbnailCache
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51155

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30514
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ FolderContentsInfoTip
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30511
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ FriendlyTree
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51149
DefaultValue REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden
Text REG_SZ @shell32.dll,-30499
Type REG_SZ group
Bitmap REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,4
HelpID REG_SZ shell.hlp#51131

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Text REG_SZ @shell32.dll,-30501
Type REG_SZ radio
CheckedValue REG_DWORD 0x2
ValueName REG_SZ Hidden
DefaultValue REG_DWORD 0x2
HKeyRoot REG_DWORD 0x80000001
HelpID REG_SZ shell.hlp#51104

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Text REG_SZ @shell32.dll,-30500
Type REG_SZ radio
CheckedValue REG_DWORD 0x1
ValueName REG_SZ Hidden
DefaultValue REG_DWORD 0x2
HKeyRoot REG_DWORD 0x80000001
HelpID REG_SZ shell.hlp#51105

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30503
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ HideFileExt
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HelpID REG_SZ shell.hlp#51101

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30509
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ NoNetCrawling
CheckedValue REG_DWORD 0x0
UncheckedValue REG_DWORD 0x1
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51147

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy\NoNetCrawling
<NO NAME> REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30513
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ PersistBrowsers
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51152
DefaultValue REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30512
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ ShowCompColor
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HelpID REG_SZ shell.hlp#51130

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30504
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
ValueName REG_SZ FullPath
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51100

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30505
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
ValueName REG_SZ FullPathAddress
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HelpID REG_SZ shell.hlp#51107

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30502
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ ShowInfoTip
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HelpID REG_SZ shell.hlp#51102

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30508
WarningIfNotDefault REG_SZ @shell32.dll,-28964
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ ShowSuperHidden
CheckedValue REG_DWORD 0x0
UncheckedValue REG_DWORD 0x1
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51103

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden
<NO NAME> REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30510
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ WebViewBarricade
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51148
DefaultValue REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\15
RegisteredApp REG_SZ Mail

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\16
Association REG_SZ .cda

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\17
ShellExecute REG_SZ ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\18
ShellExecute REG_SZ calc.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\7
Association REG_SZ http

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations
XMLLookup REG_SZ http://shell.windows...ass...x&Ext=%s
Application REG_SZ http://shell.windows...edir.asp?Ext=%s
intl REG_SZ http://shell.windows...ass...x&Ext=%s

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID
2AF30D99-133E-421F-895A-150C432F46AC REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\Files
*setup*.exe REG_SZ
*instal*.exe REG_SZ
*setup*.bat REG_SZ
*instal*.bat REG_SZ
*setup*.cmd REG_SZ
*instal*.cmd REG_SZ
*setup*.com REG_SZ
*instal*.com REG_SZ
Y?kle* REG_SZ
Felrak.exe REG_SZ
Imposta.exe REG_SZ
KUR.exe REG_SZ
Ayarla.exe REG_SZ
sfc2.ico REG_SZ
evanims REG_SZ
00000001.tmp REG_SZ
updmoney.exe REG_SZ
hs\media\y\11399\11399_cd_fp.jpg REG_SZ
hs\media\y\9953\9953_cd_fp.jpg REG_SZ
hs\media\y\9951\9951_cd_fp.jpg REG_SZ
hs\media\y\9964\9964_cd_fp.jpg REG_SZ
hs\media\y\9968\9968_cd_fp.jpg REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-225

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\EventHandlers\MediaArrival

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\FriendlyName
Content REG_SZ music files
IconLabel REG_SZ Music files (WMA/MP3)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler
DefaultIcon REG_EXPAND_SZ shimgvw.dll,3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\EventHandlers\DeviceArrival
ShowPicturesOnArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\EventHandlers\MediaArrival
ShowPicturesOnArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\FriendlyName
Content REG_SZ picture files
IconLabel REG_SZ Pictures

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-224

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\EventHandlers\MediaArrival

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\FriendlyName
Content REG_SZ video files
IconLabel REG_SZ Video

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\MusicFilesContentSniffer
ContentTypeHandler REG_SZ MusicFilesContentHandler
RelPattern REG_MULTI_SZ *.wma\0HIFI\*\*.wma\0*.mp3\0HIFI\*\*.mp3\0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\PicturesContentSniffer
ContentTypeHandler REG_SZ PicturesContentHandler
RelPattern REG_MULTI_SZ *.bmp\0DCIM\*\*.bmp\0*.jpg\0DCIM\*\*.jpg\0*.gif\0DCIM\*\*.gif\0DC*\*.jpg\0*.tif\0MSSONY\*\*.tif\0IM*\*.jpg\0CAMERA01\*.jpg\0DC*\BR*\*.jpg\0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\VideoFilesContentSniffer
ContentTypeHandler REG_SZ VideoFilesContentHandler
RelPattern REG_MULTI_SZ *.mpg\0VIDEO\*.mpg\0*.mpeg\0VIDEO\*.mpeg\0*.asf\0VIDEO\*.asf\0MSSONY\*\*.mpg\0MSSONY\*\*.mpeg\0*.wmv\0VIDEO\*.wmv\0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceClasses

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceClasses\{CC7BFB41-F175-11D1-A392-00E0291F3959}
DeviceHandlers REG_SZ VideoCameraDeviceHandler
Label REG_SZ @C:\Program Files\Movie Maker\wmmres.dll,-61827
Icons REG_MULTI_SZ C:\WINDOWS\System32\shell32.dll,-317\0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\Camera
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-309\0\0
Label REG_SZ Digital Camera

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\CellPhone
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-310\0\0
Label REG_SZ Cell Phone

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\CFStorage
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-303\0\0
Label REG_SZ CompactFlash Reader/Writer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ClikDrive
Label REG_SZ Clik! Drive
NoSoftEject REG_SZ 0x00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\FaxDevice
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-196\0\0
Label REG_SZ Fax Machine

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ImageMate
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-229\0\0
NoMediaIcons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-229\0\0
Label REG_SZ ImageMate
NoSoftEject REG_SZ 0x00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\JazDrive
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-312\0\0
Label REG_SZ Jaz Drive

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\MemoryStick
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-305\0\0
Label REG_SZ Memory Stick
NoSoftEject REG_SZ 0x00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\MemoryStick-MG
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-233\0\0
Label REG_SZ Memory Stick - MG
NoSoftEject REG_SZ 0x00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\OpticalDrive
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-301\0\0
Label REG_SZ Optical Drive

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\PCMCIAStorage
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-306\0\0
Label REG_SZ PCMCIA Storage Device

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\PocketPC
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-314\0\0
Label REG_SZ Pocket PC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\PortableAudioPlayer
Label REG_SZ Portable Audio Player
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-299\0\0
NoSoftEject REG_SZ 0x00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\Printer
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-17\0\0
Label REG_SZ Printer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\Scanner
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-315\0\0
Label REG_SZ Scanner

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\SMStorage
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-308\0\0
Label REG_SZ SmartMedia Reader/Writer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\TapeDrive
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-300\0\0
Label REG_SZ Tape Drive

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\VideoCamera
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-317\0\0
Label REG_SZ Digital Video Camera

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ZipDrive100
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-230\0\0
Label REG_SZ Zip Drive 100

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ZipDrive250
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-230\0\0
Label REG_SZ Zip Drive 250

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\ContentTypes
MusicFilesContentSniffer REG_SZ
PicturesContentSniffer REG_SZ
VideoFilesContentSniffer REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\EventHandlers\DeviceArrival
GenericVolumeArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\EventHandlers\MediaArrival
GenericVolumeArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler\EventHandlers\DeviceArrival
VideoCameraArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\AutorunINFLegacyArrival
MSOpenFolder REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\GenericVolumeArrival
MSGenericVolumeArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\HandleCDBurningOnArrival
MSCDBurningOnArrival REG_SZ
MMJBAutoplayBURNERPLUS REG_SZ
MSWMPBurnCDOnArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\MixedContentOnArrival
MSOpenFolder REG_SZ
Picasa2ImportPicturesOnArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival
MSPlayCDAudioOnArrival REG_SZ
MSOpenFolder REG_SZ
PCinemaPlayCDAudioOnArrival REG_SZ
MMJBPlayCDAudioOnArrival REG_SZ
MSRipCDAudioOnArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayDVDMovieOnArrival
MSPlayDVDMovieOnArrival REG_SZ
MSOpenFolder REG_SZ
PCinemaPlayDVDMovieOnArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayMusicFilesOnArrival
MSOpenFolder REG_SZ
MSPlayMediaOnArrival REG_SZ
MMJBPlayMediaOnArrival REG_SZ
OlyCamediaAutoplay1 REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival
MSOpenFolder REG_SZ
MSPlayMediaOnArrival REG_SZ
OlyCamediaAutoplay1 REG_SZ
Picasa2ImportPicturesOnArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\ShowPicturesOnArrival
MSWiaEventHandler REG_SZ
MSShowPicturesOnArrival REG_SZ
MSPrintPicturesOnArrival REG_SZ
MSOpenFolder REG_SZ
Jasc Paint Shop Photo AlbumShowPicturesOnArrivalHandler REG_SZ
OlyCamediaAutoplay1 REG_SZ
Picasa2ImportPicturesOnArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\VideoCameraArrival
MSVideoCameraArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\Jasc Paint Shop Photo AlbumShowPicturesOnArrivalHandler
Action REG_SZ View pictures on removable media
DefaultIcon REG_SZ C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe,0
InvokeProgID REG_SZ JascPaintShopPhotoAlbumAlbum
InvokeVerb REG_SZ OpenPCCard
Provider REG_SZ Jasc Paint Shop Photo Album

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MMJBAutoplayBURNERPLUS
Action REG_SZ Burn CD
Provider REG_SZ MUSICMATCH Burner Plus
DefaultIcon REG_SZ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmfwlaunch.exe, 0
InvokeProgID REG_SZ MMJB.BURN
InvokeVerb REG_SZ Burn

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MMJBPlayCDAudioOnArrival
Action REG_SZ Play Audio CD
DefaultIcon REG_SZ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe,0
InvokeVerb REG_SZ Play
Provider REG_SZ MUSICMATCH Jukebox
InvokeProgID REG_SZ MMJB.AUDIOCD

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MMJBPlayMediaOnArrival
Action REG_SZ Play
DefaultIcon REG_SZ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe,0
InvokeVerb REG_SZ Play
Provider REG_SZ MUSICMATCH Jukebox
InvokeProgID REG_SZ MMJB.MMJB

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSCDBurningOnArrival
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-5
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17169
Provider REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17170
InvokeProgID REG_SZ Folder
InvokeVerb REG_SZ open

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSOpenFolder
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-5
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17154
Provider REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17155
InvokeProgID REG_SZ Folder
InvokeVerb REG_SZ open

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayCDAudioOnArrival
Action REG_SZ @wmploc.dll,-6503
Provider REG_SZ @wmploc.dll,-6502
InvokeProgID REG_SZ WMP.AudioCD
InvokeVerb REG_SZ play
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayDVDMovieOnArrival
Action REG_SZ @wmploc.dll,-6504
Provider REG_SZ @wmploc.dll,-6502
InvokeProgID REG_SZ WMP.DVD
InvokeVerb REG_SZ play
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayMediaOnArrival
Action REG_SZ @wmploc.dll,-1800
Provider REG_SZ @wmploc.dll,-6502
InvokeProgid REG_SZ WMP.PlayMedia
InvokeVerb REG_SZ play
DefaultIcon REG_SZ C:\Program Files\Windows Media Player\wmplayer.exe,0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPrintPicturesOnArrival
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-17
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17158
Provider REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17159
InvokeProgID REG_SZ Applications\shimgvw.dll
InvokeVerb REG_SZ print

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPromptEachTime
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-3
Action REG_SZ Prompt each time
Provider REG_SZ Windows Explorer
ProgID REG_SZ Shell.Autoplay
InitCmdLine REG_SZ PromptEachTime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPromptEachTimeNoContent
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-3
Action REG_SZ Prompt each time - No Content
Provider REG_SZ Windows Explorer
ProgID REG_SZ Shell.Autoplay
InitCmdLine REG_SZ PromptEachTimeNoContent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSRipCDAudioOnArrival
Action REG_SZ @wmploc.dll,-6506
Provider REG_SZ @wmploc.dll,-6502
InvokeProgID REG_SZ WMP.RipCD
InvokeVerb REG_SZ Rip
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSShowPicturesOnArrival
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-249
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17156
Provider REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17157
InvokeProgID REG_SZ Shell.AutoplayForSlideShow.1
InvokeVerb REG_SZ open

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSTakeNoAction
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-338
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17168
Provider REG_SZ <TakeNoAction>
ProgID REG_SZ Shell.AutoplaySpecial

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSVideoCameraArrival
InitCmdLine REG_SZ "C:\Program Files\Movie Maker\moviemk.exe" /RECORD
ProgID REG_SZ Shell.HWEventHandlerShellExecute
DefaultIcon REG_SZ C:\Program Files\Movie Maker\moviemk.exe,0
CLSIDForCancel REG_SZ {AB007EC8-E2D4-4664-ACD9-1D059681F3DE}
Action REG_SZ @C:\Program Files\Movie Maker\wmmres.dll,-61826
Provider REG_SZ @C:\Program Files\Movie Maker\wmmres.dll,-61424

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWiaEventHandler
ProgID REG_SZ WiaDevMgr
Action REG_SZ @%systemroot%\System32\wiaacmgr.exe,-276
Provider REG_SZ @%systemroot%\System32\wiaacmgr.exe,-101
DefaultIcon REG_EXPAND_SZ %systemroot%\System32\wiaacmgr.exe,-2
InvokeProgID REG_SZ WIA.AutoplayDropHandler.1
InvokeVerb REG_SZ open

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMDMHandler
Action REG_SZ Transfer Files
CLSIDForCancel REG_SZ {91778246-9BE4-4713-A651-E833B853CC30}
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0
InitCmdLine REG_EXPAND_SZ "%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:3 /task:PortableDevice
ProgID REG_SZ Shell.HWEventHandlerShellExecute
Provider REG_SZ @wmploc.dll,-6502

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMPBurnCDOnArrival
Action REG_SZ @wmploc.dll,-6505
Provider REG_SZ @wmploc.dll,-6502
InvokeProgid REG_SZ WMP.BurnCD
InvokeVerb REG_SZ Burn
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\OlyCamediaAutoplay1
Action REG_SZ Launch CAMEDIA Master
Provider REG_SZ OLYMPUS CAMEDIA Master
DefaultIcon REG_SZ C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\AutoPlay.dll,0
InvokeProgID REG_SZ OLY.Autoplay1
InvokeVerb REG_SZ Play

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\PCinemaPlayCDAudioOnArrival
Action REG_SZ Play audio CD
DefaultIcon REG_SZ C:\Program Files\Dell\Media Experience\PCM2.exe,0
InvokeProgID REG_SZ AudioCD
InvokeVerb REG_SZ PlayWithPowerCinema
Provider REG_SZ Media Experience

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\PCinemaPlayDVDMovieOnArrival
Action REG_SZ Play DVD video
DefaultIcon REG_SZ C:\Program Files\Dell\Media Experience\PCM2.exe,0
InvokeProgID REG_SZ DVD
InvokeVerb REG_SZ PlayWithPowerCinema
Provider REG_SZ Media Experience

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\Picasa2ImportPicturesOnArrival
Action REG_SZ Copy pictures to your computer and view them
DefaultIcon REG_SZ C:\Program Files\Picasa2\Picasa2.exe
InvokeProgID REG_SZ picasa2.autoplay
InvokeVerb REG_SZ import
Provider REG_SZ Picasa2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket
UseGlobalSettings REG_DWORD 0x1
Percent REG_DWORD 0xa
NukeOnDelete REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\c
VolumeSerialNumber REG_DWORD 0x4687547
IsUnicode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
BrowseNewProcess REG_SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
NoExplorer REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}
<NO NAME> REG_SZ McAntiPhishingBHO
NoExplorer REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4115122B-85FF-4DD3-9515-F075BEDE5EB5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
NoExplorer REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
<NO NAME> REG_SZ scriptproxy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}
NoExplorer REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\AudioBurnHandlers
<NO NAME> REG_SZ {8dd448e6-c188-4aed-af92-44956194eb1f}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\AudioBurnHandlers\{8dd448e6-c188-4aed-af92-44956194eb1f}
verb REG_SZ WMPBurnAsAudioCD
SupportedFileTypes REG_SZ *.WMA;*.MP3;*.WAV

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\ExcludedFS
UDF REG_SZ
CDUDF REG_SZ
CDUDFRW REG_SZ
UDFREADR REG_SZ
UDF1.50 REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\Flags
desk.cpl REG_DWORD 0x1
access.cpl REG_DWORD 0x1
hdwwiz.cpl REG_DWORD 0x1
keymgr.cpl REG_DWORD 0x1
inetcpl.cpl REG_DWORD 0x1
joy.cpl REG_DWORD 0x1
main.cpl REG_DWORD 0x1
intl.cpl REG_DWORD 0x1
mmsys.cpl REG_DWORD 0x1
sapi.cpl REG_DWORD 0x1
sysdm.cpl REG_DWORD 0x1
telephon.cpl REG_DWORD 0x1
timedate.cpl REG_DWORD 0x1
powercfg.cpl REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Accessibility_Options
IconIndex REG_DWORD 0x6e
Info REG_SZ Customizes accessibility features for your computer.
Module REG_EXPAND_SZ %SystemRoot%\system32\access.cpl
Name REG_SZ Accessibility Options

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Add-Remove_Programs
IconIndex REG_DWORD 0x5dc
Info REG_SZ Installs and removes programs and Windows components.
Module REG_EXPAND_SZ %SystemRoot%\system32\appwiz.cpl
Name REG_SZ Add/Remove Programs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Date-Time
IconIndex REG_DWORD 0xc8
Info REG_SZ Changes date, time, and time-zone information.
Module REG_EXPAND_SZ %SystemRoot%\system32\timedate.cpl
Name REG_SZ Date/Time

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Dialing_Options
IconIndex REG_DWORD 0x64
Info REG_SZ Configures telephone dialing rules for your location.
Module REG_EXPAND_SZ %SystemRoot%\system32\telephon.cpl
Name REG_SZ Dialing Options

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Display_Properties
IconIndex REG_DWORD 0x64
Info REG_SZ Customizes your desktop display and screen saver.
Module REG_EXPAND_SZ %SystemRoot%\system32\desk.cpl
Name REG_SZ Display

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Internet_Options
IconIndex REG_DWORD 0x1187
Info REG_SZ Configures your Internet display and connections settings.
Module REG_EXPAND_SZ %SystemRoot%\system32\inetcpl.cpl
Name REG_SZ Internet Options

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Printers
IconIndex REG_DWORD 0x12c
Info REG_SZ Adds, removes and changes settings for printers.
Module REG_EXPAND_SZ %SystemRoot%\system32\main.cpl
Name REG_SZ Printers and Faxes
<NO NAME> REG_SZ {2227A280-3AEA-1069-A2DE-08002B30309D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
<NO NAME> REG_SZ Taskbar and Start Menu

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
<NO NAME> REG_SZ Folder Options

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{7007ACC7-3202-11D1-AAD2-00805FC1270E}
<NO NAME> REG_SZ Network Connections

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D20EA4E1-3957-11d2-A40B-0C5020524152}
<NO NAME> REG_SZ Fonts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D20EA4E1-3957-11d2-A40B-0C5020524153}
<NO NAME> REG_SZ Administrative Tools

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
<NO NAME> REG_SZ Scheduled Tasks

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{E211B736-43FD-11D1-9EFB-0000F8757FCD}
<NO NAME> REG_SZ Scanners & Cameras

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}
<NO NAME> REG_SZ Computer Search Results Folder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}
<NO NAME> REG_SZ
Removal Message REG_SZ @mydocs.dll,-900

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}
<NO NAME> REG_SZ Recycle Bin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}
<NO NAME> REG_SZ Search Results Folder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths
Owner REG_SZ C:\Documents and Settings\Owner\My Documents
Rwchipman REG_SZ C:\Documents and Settings\Rwchipman\My Documents

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c\DefaultIcon
<NO NAME> REG_SZ %SystemRoot%\system32\shell32.dll,131

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation
KillList REG_SZ %1;explorer.exe;dvdplay.exe;mplay32.exe;msohtmed.exe;quikview.exe;rundll.exe;rund
ll32.exe;taskman.exe;bck32api.dll;
CutList REG_MULTI_SZ Application File\0MFC Application\0\0
AddRemoveApps REG_SZ SETUP.EXE;INSTALL.EXE;ISUNINST.EXE;UNWISE.EXE;UNWISE32.EXE;ST5UNST.EXE;RUNDLL32.
EXE;MSOOBE.EXE;LNKSTUB.EXE
AddRemoveNames REG_SZ Documentation;Help;Install;More Info;Readme;Read me;Read First;Setup;Support;What's New;Remove

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\ShellFindInDirectory
<NO NAME> REG_SZ {F020E586-5264-11d1-A532-0000F8757D7E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\QuickFinderMenu
<NO NAME> REG_SZ {C0E10002-0028-0004-C0E1-C0E1C0E1C0E1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\QuickFinderMenu\0
<NO NAME> REG_SZ using &QuickFinder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\QuickFinderMenu\0\DefaultIcon
<NO NAME> REG_SZ c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL,0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch
<NO NAME> REG_SZ {169A0691-8DF9-11d1-A1C4-00C04FD75D13}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0
<NO NAME> REG_SZ For &Files or Folders...
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23232
RunInProcess REG_SZ 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0\DefaultIcon
<NO NAME> REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-134
HotIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-50
GrayIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-51

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0\HelpText
<NO NAME> REG_SZ Search for files or folders
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23296

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0\SearchGUID
<NO NAME> REG_SZ {169A0691-8DF9-11d1-A1C4-00C04FD75D13}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0\SearchGUID\UrlNavNew
<NO NAME> REG_EXPAND_SZ ::{e17d4fc0-5564-11d1-83f2-00a0c90dc849}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1
<NO NAME> REG_SZ For &Computers
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23233

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1\DefaultIcon
<NO NAME> REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-135
HotIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-52
GrayIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-53

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1\HelpText
<NO NAME> REG_SZ Search for computers on the network
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23297

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1\SearchGUID
<NO NAME> REG_SZ {996E1EB1-B524-11d1-9120-00A0C98BA67D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1\SearchGUID\UrlNavNew
<NO NAME> REG_EXPAND_SZ ::{1f4de370-d627-11d1-ba4f-00a0c91eedba}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\2
<NO NAME> REG_SZ For &Printer
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23234

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\2\DefaultIcon
<NO NAME> REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-135

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\2\HelpText
<NO NAME> REG_SZ Search for a printer
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23298

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\2\SearchGUID
<NO NAME> REG_SZ {D515F311-B78B-11d1-9123-00A0C98BA67D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WabFind
<NO NAME> REG_SZ {32714800-2E5F-11d0-8B85-00AA0044F941}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WabFind\0
<NO NAME> REG_SZ For &People...
LocalizedString REG_SZ @C:\Program Files\Common Files\System\wab32res.dll,-1646

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WabFind\0\DefaultIcon
<NO NAME> REG_SZ C:\Program Files\Outlook Express\wabfind.dll, 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WebSearch
<NO NAME> REG_SZ {07798131-AF23-11d1-9111-00A0C98BA67D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WebSearch\0
<NO NAME> REG_SZ On the &Internet...
LocalizedString REG_SZ @browselc.dll,-13060

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WebSearch\0\DefaultIcon
<NO NAME> REG_EXPAND_SZ %SystemRoot%\system32\shdocvw.dll,-111

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WebSearch\0\HelpText
<NO NAME> REG_SZ Search the web
LocalizedString REG_SZ @browselc.dll,-13061

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu
{871C5380-42A0-1069-A2EA-08002B30309D}.default REG_SZ 0
{871C5380-42A0-1069-A2EA-08002B30309D} REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel
{20D04FE0-3AEA-1069-A2D8-08002B30309D} REG_DWORD 0x1
{450D8FBA-AD25-11D0-98A8-0800361B1103} REG_DWORD 0x1
{208D2C60-3AEA-1069-A2D7-08002B30309D} REG_DWORD 0x1
{871C5380-42A0-1069-A2EA-08002B30309D} REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons
{21EC2020-3AEA-1069-A2DD-08002B30309D} REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\cleanuppath
<NO NAME> REG_EXPAND_SZ %SystemRoot%\system32\cleanmgr.exe /D %c

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath
<NO NAME> REG_EXPAND_SZ %systemroot%\system32\dfrg.msc %c:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\Controls
<NO NAME> REG_SZ {21EC2020-3AEA-1069-A2DD-08002B30309D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders\{59031a47-3f72-44a7-89c5-5595fe6b30ee}
<NO NAME> REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders\{E211B736-43FD-11D1-9EFB-0000F8757FCD}
<NO NAME> REG_SZ Scanners & Cameras

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects\WorkgroupCrawler
CLSID REG_SZ {72b3882f-453a-4633-aac9-8c3dced62aff}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\DelegateFolders

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\DelegateFolders\{9DB7A13C-F208-4981-8353-73CC61AE2783}
<NO NAME>
  • 0

#19
Rachel Chipman
Posted 13 March 2008 - 04:02 PM

Rachel Chipman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I'm not certain if the entire DrvIconQuery log fit on the last post.

HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55, on 03/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SunshineNet Web Accelerator\PBHELPER.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec....ta/nprdtinf.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1156893026992
O23 - Service: McAfee Application Installer Cleanup (0257771205124574) (0257771205124574mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\025777~1.EXE
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\SYSTEM32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 10056 bytes
  • 0

#20
Rorschach112
Posted 13 March 2008 - 04:55 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe



Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Driveicons]


Then double click on the fix.reg file, when it prompts to merge click "Yes".


Reboot and tell me how your PC is running
  • 0

#21
Rachel Chipman
Posted 15 March 2008 - 05:50 PM

Rachel Chipman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thank you for this information. I will go through these steps on the computer but I won't be able to get to it until Monday. As soon as I have it done, I will post my results.
I appreciate your patience.
  • 0

#22
Rorschach112
Posted 15 March 2008 - 06:09 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok no problem :)
  • 0

#23
Rachel Chipman
Posted 18 March 2008 - 04:16 PM

Rachel Chipman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thank you very much.

The red "X" is now gone.
I have one more question, which is kind of stupid.....the clock in the system tray is set to military time. I have checked the time settings under Control Panel and the settings are fine. Any ideas?
  • 0

#24
Rorschach112
Posted 18 March 2008 - 05:37 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yep

Now lets uninstall Combofix:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
The above procedure will do the following:
  • Delete ComboFix and its associated files and folders.
  • Delete VundoFix backups, if present
  • Delete the C:\Deckard folder, if present
  • Delete the C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#25
Rachel Chipman
Posted 23 March 2008 - 08:14 PM

Rachel Chipman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thank you for all of your help.
ComboFix was uninstalled but the clock is still showing military time. Will that change after a reboot?

Thank you for the suggestions. I do appreciate your time and assistance on this issue - you certainly DO know you stuff !!
  • 0

Advertisements

#26
Rorschach112
Posted 30 March 2008 - 11:40 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
That should hopefully be restored on a reboot

If it doesn't, feel free to make a topic in the Windows XP forum and they can fix it

Let me know if you have any more questions
  • 0

#27
Rorschach112
Posted 03 April 2008 - 06:25 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP