Ie Custom Tools/ie Saftey Features[RESOLVED]


Recommended Posts

Hello

I lent my Laptop to a friend while i was away for the weekend and i came back to find my Internet Explorer homepage hijacked and loads of pop-ups interfering with my browsing. I looked for programs to uninstall and found the IE Custom Tools/IE Saftey Features in the windows add/remove programs list (i have never seen before and asume they are responsible). When i try to uninstall them it asks me to restart the computer before un-installing and then the same thing after I restart. I completed Norton Antivirus 2007 and Ad-aware 2007 scans to no avail, so here i am. I am running Windows Vista 32 bit version. Any help is greatly appriciated!

Here is my HijackThis Log -

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:07:15 PM, on 16/12/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Video Add-on\isfmntr.exe

C:\Program Files\Video Add-on\isfmm.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Video Add-on\isfmm.exe

C:\Program Files\Video Add-on\isfmm.exe

C:\Program Files\Video Add-on\isfmm.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Video Add-on\isfmm.exe

C:\Program Files\Video Add-on\isfmm.exe

C:\Program Files\Video Add-on\isfmm.exe

C:\Program Files\Creative\MediaSource5\CTDetctu.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe

C:\Users\User\HJT\HJTInstall.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014} - C:\Program Files\Video Add-on\isfmdl.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\mattsearch.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: IE Custom Tools - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - C:\Program Files\Video Add-on\ictmdl.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE

O4 - HKLM\..\RunOnce: [installShieldSetup] C:\PROGRA~1\INSTAL~1\{BEEFC~1\SETUP.EXE -rebootC:\PROGRA~1\INSTAL~1\{BEEFC~1\reboot.ini -l0x9

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe"

O4 - HKCU\..\RunOnce: [startMSu] "C:\Program Files\Creative\MediaSource5\Startmsu.exe" /s

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 10776 bytes

Thankyou

Link to post
Share on other sites

Hi,

Welcome to the site

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.

You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.

Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.

These instuctions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. :)

Link to post
Share on other sites

Download ComboFix from Here or Here to your Desktop.

  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Link to post
Share on other sites

Hi there

Sorry for the slow reply, here are the logs you asked for:

-----ComboFix------

ComboFix 07-12-21.4 - User 2007-12-21 14:34:57.1 - NTFSx86

Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.1242 [GMT 0:00]

Running from: C:\Users\User\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\Helper

C:\Program Files\Helper\mattsearch.dll

.

((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))

.

2007-12-16 19:57 . 2007-12-16 20:07 <DIR> d-------- C:\Users\User\HJT

2007-12-16 19:24 . 1999-12-13 09:01 44,032 --a------ C:\Windows\System32\CTSVCCDA.EXE

2007-12-16 18:35 . 2007-12-16 18:35 <DIR> d-------- C:\Users\All Users\Lavasoft

2007-12-16 18:35 . 2007-12-16 18:35 <DIR> d-------- C:\ProgramData\Lavasoft

2007-12-16 18:35 . 2007-12-16 18:35 <DIR> d-------- C:\Program Files\Lavasoft

2007-12-16 18:34 . 2007-12-16 18:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-12-16 18:01 . 2007-12-16 18:12 <DIR> d-------- C:\Program Files\Video Add-on

2007-12-13 16:12 . 2007-12-16 20:29 <DIR> d-------- C:\Users\User\AppData\Roaming\Creative

2007-12-13 15:54 . 1999-10-11 01:00 41,984 --------- C:\Windows\Ctregrun.exe

2007-12-13 15:51 . 1999-11-18 09:00 25,088 --------- C:\Windows\System32\CTSVCCTL.EXE

2007-12-13 15:50 . 2007-12-16 20:05 <DIR> d--h----- C:\Program Files\Creative Installation Information

2007-12-13 15:50 . 2007-12-13 15:50 <DIR> d-------- C:\Program Files\Common Files\Creative

2007-12-13 15:45 . 2007-12-16 20:23 <DIR> d-------- C:\Program Files\Creative

2007-12-12 18:46 . 1999-05-10 01:00 1,384,448 --a------ C:\Windows\System32\temp.000

2007-12-12 02:40 . 2007-12-12 02:40 1,327,104 --a------ C:\Windows\System32\quartz.dll

2007-12-12 02:40 . 2007-12-12 02:40 223,232 --a------ C:\Windows\System32\WMASF.DLL

2007-12-12 02:40 . 2007-12-12 02:40 9,728 --a------ C:\Windows\System32\LAPRXY.DLL

2007-12-12 02:40 . 2007-12-12 02:40 2,048 --a------ C:\Windows\System32\asferror.dll

2007-12-12 02:38 . 2007-12-12 02:38 130,048 --a------ C:\Windows\System32\drivers\srv2.sys

2007-12-12 02:38 . 2007-12-12 02:38 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys

2007-12-12 02:38 . 2007-12-12 02:38 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys

2007-12-12 02:38 . 2007-12-12 02:38 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys

2007-12-12 02:37 . 2007-12-12 02:37 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe

2007-12-12 02:37 . 2007-12-12 02:37 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe

2007-12-12 02:36 . 2007-12-12 02:36 2,048 --a------ C:\Windows\System32\tzres.dll

2007-12-11 23:27 . 2007-12-11 23:29 <DIR> d-------- C:\Users\All Users\DVD Shrink

2007-12-11 23:27 . 2007-12-11 23:29 <DIR> d-------- C:\ProgramData\DVD Shrink

2007-12-11 23:27 . 2007-12-11 23:27 <DIR> d-------- C:\Program Files\DVD Shrink

2007-12-11 20:25 . 2007-12-11 20:25 <DIR> d-------- C:\Program Files\BearShare

2007-12-10 22:26 . 2007-12-10 22:26 <DIR> d-------- C:\Program Files\BearShare Test

2007-12-10 21:56 . 2007-12-10 21:56 2,560 --a------ C:\Windows\_MSRSTRT.EXE

2007-12-10 20:33 . 2007-12-10 20:33 <DIR> d-------- C:\My Downloads

2007-12-10 18:52 . 2007-12-16 22:40 58 --a------ C:\Windows\nfsc_patch.ini

2007-12-04 01:33 . 2007-12-04 01:33 823,296 --a------ C:\Windows\System32\divx_xx0c.dll

2007-12-04 01:33 . 2007-12-04 01:33 823,296 --a------ C:\Windows\System32\divx_xx07.dll

2007-12-04 01:33 . 2007-12-04 01:33 802,816 --a------ C:\Windows\System32\divx_xx11.dll

2007-12-04 01:33 . 2007-12-04 01:33 682,496 --a------ C:\Windows\System32\DivX.dll

2007-12-04 01:33 . 2007-12-04 01:33 630,784 --a------ C:\Windows\System32\divxdec.ax

2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\Windows\System32\drivers\srtspl.sys

2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\Windows\System32\drivers\srtsp.sys

2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\Windows\System32\drivers\srtspx.sys

2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\Windows\System32\drivers\srtspx.cat

2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\Windows\System32\drivers\srtspl.cat

2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\Windows\System32\drivers\srtsp.cat

2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\Windows\System32\drivers\srtspl.inf

2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\Windows\System32\drivers\srtspx.inf

2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\Windows\System32\drivers\srtsp.inf

2007-11-30 17:47 . 2007-11-30 17:47 <DIR> dr-h----- C:\Users\User\AppData\Roaming\SecuROM

2007-11-30 17:47 . 2007-11-30 17:47 108,144 --a------ C:\Windows\System32\CmdLineExt.dll

2007-11-29 22:30 . 2007-11-29 22:30 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll

2007-11-29 22:30 . 2007-11-29 22:30 1,044,480 --a------ C:\Windows\System32\libdivx.dll

2007-11-29 22:30 . 2007-11-29 22:30 524,288 --a------ C:\Windows\System32\DivXsm.exe

2007-11-29 22:30 . 2007-11-29 22:30 200,704 --a------ C:\Windows\System32\ssldivx.dll

2007-11-29 22:30 . 2007-11-29 22:30 4,816 --a------ C:\Windows\System32\divxsm.tlb

2007-11-29 22:28 . 2007-11-29 22:28 196,608 --a------ C:\Windows\System32\dtu100.dll

2007-11-29 22:28 . 2007-11-29 22:28 81,920 --a------ C:\Windows\System32\dpl100.dll

2007-11-29 22:28 . 2007-11-29 22:28 416 --a------ C:\Windows\System32\dtu100.dll.manifest

2007-11-29 22:28 . 2007-11-29 22:28 416 --a------ C:\Windows\System32\dpl100.dll.manifest

2007-11-28 23:26 . 2007-11-28 23:26 <DIR> d-------- C:\temp

2007-11-28 23:20 . 2007-11-28 23:20 <DIR> d-------- C:\Users\All Users\Media Center Programs

2007-11-28 23:20 . 2007-11-28 23:20 <DIR> d-------- C:\ProgramData\Media Center Programs

2007-11-28 22:59 . 2007-11-28 22:59 <DIR> d-------- C:\Program Files\THQ

2007-11-28 22:59 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll

2007-11-28 22:59 . 2006-09-28 16:05 237,848 --a------ C:\Windows\System32\xactengine2_4.dll

2007-11-28 22:59 . 2006-07-28 09:30 236,824 --a------ C:\Windows\System32\xactengine2_3.dll

2007-11-28 22:59 . 2006-09-28 16:04 68,888 --a------ C:\Windows\System32\xinput1_3.dll

2007-11-28 22:59 . 2006-07-28 09:30 62,744 --a------ C:\Windows\System32\xinput1_2.dll

2007-11-28 22:59 . 2006-09-28 16:03 15,128 --a------ C:\Windows\System32\x3daudio1_1.dll

2007-11-28 22:08 . 2007-11-28 22:08 <DIR> d-------- C:\Users\User\AppData\Roaming\InstallShield

2007-11-28 21:55 . 2007-11-28 21:55 156,992 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe

2007-11-28 21:53 . 2007-11-28 21:53 593,920 --a------ C:\Windows\System32\dpuGUI11.dll

2007-11-28 21:53 . 2007-11-28 21:53 344,064 --a------ C:\Windows\System32\dpus11.dll

2007-11-28 21:53 . 2007-11-28 21:53 294,912 --a------ C:\Windows\System32\dpu11.dll

2007-11-28 21:53 . 2007-11-28 21:53 294,912 --a------ C:\Windows\System32\dpu10.dll

2007-11-28 21:53 . 2007-11-28 21:53 57,344 --a------ C:\Windows\System32\dpv11.dll

2007-11-28 21:53 . 2007-11-28 21:53 53,248 --a------ C:\Windows\System32\dpuGUI10.dll

2007-11-28 21:52 . 2007-11-28 21:52 12,288 --a------ C:\Windows\System32\DivXWMPExtType.dll

2007-11-26 14:01 . 2007-11-26 14:01 <DIR> d-------- C:\Users\All Users\Electronic Arts

2007-11-26 14:01 . 2007-11-26 14:01 <DIR> d-------- C:\ProgramData\Electronic Arts

2007-11-26 13:59 . 2007-11-26 13:59 22,009,600 --a------ C:\Users\User\eadm-installer.exe

2007-11-21 12:46 . 2007-11-21 12:46 <DIR> d-------- C:\Users\User\AppData\Roaming\Earthsim

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-16 20:04 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-16 19:16 --------- d-----w C:\Users\User\AppData\Roaming\uTorrent

2007-12-13 21:36 --------- d-----w C:\Program Files\Steam

2007-12-12 02:39 56,320 ----a-w C:\Windows\System32\iesetup.dll

2007-12-12 02:39 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-12-12 02:39 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2007-12-12 00:11 --------- d-----w C:\Program Files\DivX

2007-12-11 20:08 --------- d-----w C:\ProgramData\Symantec

2007-12-09 12:30 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF

2007-12-09 12:30 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS

2007-12-09 12:30 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT

2007-12-09 12:30 --------- d-----w C:\Program Files\Symantec

2007-12-05 16:12 --------- d-----w C:\ProgramData\Roxio

2007-12-04 15:54 --------- d-----w C:\Program Files\VideoLAN

2007-11-26 22:57 --------- d-----w C:\Program Files\Windows Mail

2007-11-26 14:01 --------- d-----w C:\Program Files\Electronic Arts

2007-11-18 18:44 --------- d-----w C:\Program Files\Norton Internet Security

2007-11-18 17:02 25,406,752 ----a-w C:\Users\User\earthsim_ati.exe

2007-11-18 17:00 --------- d-----w C:\Program Files\Common Files\Steam

2007-11-11 12:56 --------- d-----w C:\Program Files\ATI

2007-11-10 20:00 --------- d-----w C:\Program Files\Intel

2007-11-06 17:05 --------- d-----w C:\Program Files\Common Files\xing shared

2007-11-06 17:05 --------- d-----w C:\Program Files\Common Files\Real

2007-11-06 16:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-10-30 19:55 39,856 ----a-w C:\Windows\system32\drivers\symids.sys

2007-10-30 19:55 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys

2007-10-30 19:55 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys

2007-10-30 19:55 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys

2007-10-30 19:55 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys

2007-10-30 19:55 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys

2007-10-30 19:24 12,963 ----a-w C:\Windows\system32\drivers\SymRedir.cat

2007-10-30 19:24 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf

2007-10-19 09:55 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe

2007-10-15 01:00 22,328 ----a-w C:\Users\User\AppData\Roaming\PnkBstrK.sys

2007-10-15 00:59 674,600 ----a-w C:\Windows\System32\pbsvc.exe

2007-10-15 00:59 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe

2007-10-14 20:16 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2007-10-14 20:16 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2007-10-14 20:16 542,720 ----a-w C:\Windows\System32\sysmain.dll

2007-10-14 20:16 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2007-10-14 20:16 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2007-10-14 20:16 297,984 ----a-w C:\Windows\System32\wlansec.dll

2007-10-14 20:16 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2007-10-14 20:16 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2007-10-14 20:16 2,923,520 ----a-w C:\Windows\explorer.exe

2007-10-14 20:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2007-10-10 02:09 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2007-10-10 02:09 7,680 ----a-w C:\Windows\System32\spwmp.dll

2007-10-10 02:09 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2007-10-10 02:09 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2007-10-10 02:07 84,480 ----a-w C:\Windows\System32\INETRES.dll

2007-10-10 02:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll

2007-10-10 02:01 788,992 ----a-w C:\Windows\System32\rpcrt4.dll

2007-10-09 07:44 110,592 ----a-w C:\Windows\System32\SynTPCo4.dll

2007-10-09 07:16 147,456 ----a-w C:\Windows\System32\SynTPAPI.dll

2007-10-09 07:08 196,608 ----a-w C:\Windows\System32\SynCtrl.dll

2007-10-09 07:07 163,840 ----a-w C:\Windows\System32\SynCOM.dll

2007-09-29 03:03 9,850,880 ----a-w C:\Windows\System32\atioglxx.dll

2007-09-29 03:02 43,520 ----a-w C:\Windows\System32\ati2edxx.dll

2007-09-29 03:02 356,352 ----a-w C:\Windows\System32\ATIDEMGX.dll

2007-09-29 03:02 266,240 ----a-w C:\Windows\System32\atipdlxx.dll

2007-09-29 03:02 245,760 ----a-w C:\Windows\System32\Ati2evxx.dll

2007-09-29 03:02 237,568 ----a-w C:\Windows\System32\Oemdspif.dll

2007-09-29 03:02 159,744 ----a-w C:\Windows\System32\atitmmxx.dll

2007-09-29 03:01 610,304 ----a-w C:\Windows\System32\Ati2evxx.exe

2007-09-29 02:54 1,429,504 ----a-w C:\Windows\System32\atidxx32.dll

2007-09-29 02:50 3,071,488 ----a-w C:\Windows\System32\atiumdag.dll

2007-09-29 02:37 3,887,104 ----a-w C:\Windows\System32\atiumdva.dll

2007-09-29 02:27 48,128 ----a-w C:\Windows\System32\amdpcom32.dll

2007-09-28 16:07 129,784 ------w C:\Windows\System32\PxAFS.DLL

2007-09-28 16:07 120,056 ------w C:\Windows\System32\pxcpyi64.exe

2007-09-28 16:07 118,520 ------w C:\Windows\System32\pxinsi64.exe

2007-08-30 02:11 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014}]

2007-12-16 18:01 12800 --a------ C:\Program Files\Video Add-on\isfmdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{90222687-F593-4738-B738-FBEE9C7B26DF}

{F2BADA0D-FD61-45EF-A994-64A073FD6613}

[HKEY_CLASSES_ROOT\clsid\{f2bada0d-fd61-45ef-a994-64a073fd6613}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{F2BADA0D-FD61-45EF-A994-64A073FD6613}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-12-16 18:01 74752]

[HKEY_CLASSES_ROOT\clsid\{f2bada0d-fd61-45ef-a994-64a073fd6613}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36]

"MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 08:56]

"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2006-11-02 12:35]

"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-03-07 17:47]

"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 10:19]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-30 02:17]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-09 07:44]

"RtHDVCpl"="RtHDVCpl.exe" [2007-08-07 03:59 C:\Windows\RtHDVCpl.exe]

"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-11-08 19:36]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 14:59]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-26 23:18]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:30]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-14 19:23]

"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 11:03]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 11:03 C:\Windows\KHALMNPR.Exe]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-06 17:04]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-10-09 07:23]

"Skytel"="Skytel.exe" [2007-08-03 05:22 C:\Windows\SkyTel.exe]

"CTRegRun"="C:\Windows\CTRegRun.EXE" [1999-10-11 01:00]

"StartCCC"="C:\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 08:48:20]

Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 07:01:50]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-18 14:09:02]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 15:23]

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2006-11-20 22:14]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070828.001\IDSvix86.sys [2007-06-07 02:24]

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 21:40]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 08:39]

R3 CIR;Hid Device;C:\Windows\system32\DRIVERS\CIR.sys [2006-10-05 03:26]

R3 kbd;Keyboard;C:\Windows\system32\DRIVERS\kbd.sys [2006-10-05 03:25]

R3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 01:42]

R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2006-12-20 18:12]

R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 03:13]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]

S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 17:04]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient

LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ec74bea-3de0-11dc-a6e3-0040d0a94343}]

\shell\AutoRun\command - D:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50fdec7b-6243-11dc-985d-0040d0a94343}]

\shell\Auto\command - MicrosoftPowerPoint.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cb7afee-e74f-11db-8600-806e6f6e6963}]

\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8482a04-4656-11dc-828e-0040d0a94343}]

\shell\Auto\command - F:\Cn911.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Cn911.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - COMHOST

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

"2007-12-14 20:31:08 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - User.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-21 14:39:01

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-12-21 14:40:16

.

2007-12-12 02:40:53 --- E O F ---

---------------HijackThis----------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:02:23 PM, on 21/12/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Creative\MediaSource5\MtdAcqu.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\User\HJT\HJTInstall.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014} - C:\Program Files\Video Add-on\isfmdl.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: IE Custom Tools - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - C:\Program Files\Video Add-on\ictmdl.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE

O4 - HKLM\..\Run: [startCCC] "C:\ATI\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9522 bytes

Look forward to hearing back from you

Thanks in advance

Link to post
Share on other sites

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

F:\Cn911.exe

Folder::

C:\Program Files\Video Add-on

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{F2BADA0D-FD61-45EF-A994-64A073FD6613}"=-

[-HKEY_CLASSES_ROOT\clsid\{f2bada0d-fd61-45ef-a994-64a073fd6613}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{F2BADA0D-FD61-45EF-A994-64A073FD6613}"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.

Link to post
Share on other sites

Hi, again sorry to take so long.

Here are the logs oyu requested:

COMBOFIX -------

ComboFix 07-12-21.4 - User 2007-12-26 14:18:52.3 - NTFSx86

Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.1091 [GMT 0:00]

Running from: C:\Users\User\Desktop\ComboFix.exe

Command switches used :: C:\Users\User\Desktop\CFScript.txt

* Created a new restore point

FILE

F:\Cn911.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\Video Add-on

C:\Program Files\Video Add-on\ictun.exe

C:\Program Files\Video Add-on\isfmm.exe

C:\Program Files\Video Add-on\isfun.exe

C:\Program Files\Video Add-on\ot.ico

C:\Program Files\Video Add-on\ts.ico

.

((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))

.

2007-12-21 21:38 . 2007-12-21 22:36 <DIR> d-------- C:\Program Files\Norton AntiVirus

2007-12-21 21:36 . 2007-12-21 22:00 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS

2007-12-21 21:34 . 2007-12-21 22:00 <DIR> d-------- C:\Program Files\Symantec

2007-12-21 19:15 . 2007-12-21 19:15 <DIR> d-------- C:\Users\User\AppData\Roaming\skypePM

2007-12-21 19:15 . 2007-12-21 19:15 <DIR> d-------- C:\Program Files\Common Files\Skype

2007-12-21 19:01 . 2007-12-21 22:36 <DIR> d-------- C:\Users\All Users\Kaspersky Lab

2007-12-21 19:01 . 2007-12-21 20:37 <DIR> d-------- C:\Program Files\Kaspersky Lab

2007-12-21 19:01 . 2007-12-21 22:36 <DIR> d-------- C:\PROGRA~2\Kaspersky Lab

2007-12-16 19:57 . 2007-12-21 17:02 <DIR> d-------- C:\Users\User\HJT

2007-12-16 19:24 . 1999-12-13 09:01 44,032 --a------ C:\Windows\System32\CTSVCCDA.EXE

2007-12-16 18:35 . 2007-12-16 18:35 <DIR> d-------- C:\Users\All Users\Lavasoft

2007-12-16 18:35 . 2007-12-16 18:35 <DIR> d-------- C:\Program Files\Lavasoft

2007-12-16 18:35 . 2007-12-16 18:35 <DIR> d-------- C:\PROGRA~2\Lavasoft

2007-12-16 18:34 . 2007-12-16 18:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-12-13 16:12 . 2007-12-16 20:29 <DIR> d-------- C:\Users\User\AppData\Roaming\Creative

2007-12-13 15:54 . 1999-10-11 01:00 41,984 --------- C:\Windows\Ctregrun.exe

2007-12-13 15:51 . 1999-11-18 09:00 25,088 --------- C:\Windows\System32\CTSVCCTL.EXE

2007-12-13 15:50 . 2007-12-16 20:05 <DIR> d--h----- C:\Program Files\Creative Installation Information

2007-12-13 15:50 . 2007-12-13 15:50 <DIR> d-------- C:\Program Files\Common Files\Creative

2007-12-13 15:45 . 2007-12-16 20:23 <DIR> d-------- C:\Program Files\Creative

2007-12-12 18:46 . 1999-05-10 01:00 1,384,448 --a------ C:\Windows\System32\temp.000

2007-12-12 02:40 . 2007-12-12 02:40 1,327,104 --a------ C:\Windows\System32\quartz.dll

2007-12-12 02:40 . 2007-12-12 02:40 223,232 --a------ C:\Windows\System32\WMASF.DLL

2007-12-12 02:40 . 2007-12-12 02:40 9,728 --a------ C:\Windows\System32\LAPRXY.DLL

2007-12-12 02:40 . 2007-12-12 02:40 2,048 --a------ C:\Windows\System32\asferror.dll

2007-12-12 02:38 . 2007-12-12 02:38 130,048 --a------ C:\Windows\System32\drivers\srv2.sys

2007-12-12 02:38 . 2007-12-12 02:38 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys

2007-12-12 02:38 . 2007-12-12 02:38 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys

2007-12-12 02:38 . 2007-12-12 02:38 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys

2007-12-12 02:37 . 2007-12-12 02:37 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe

2007-12-12 02:37 . 2007-12-12 02:37 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe

2007-12-12 02:36 . 2007-12-12 02:36 2,048 --a------ C:\Windows\System32\tzres.dll

2007-12-11 23:27 . 2007-12-11 23:29 <DIR> d-------- C:\Users\All Users\DVD Shrink

2007-12-11 23:27 . 2007-12-11 23:27 <DIR> d-------- C:\Program Files\DVD Shrink

2007-12-11 23:27 . 2007-12-11 23:29 <DIR> d-------- C:\PROGRA~2\DVD Shrink

2007-12-11 20:25 . 2007-12-11 20:25 <DIR> d-------- C:\Program Files\BearShare

2007-12-10 22:26 . 2007-12-21 18:26 <DIR> d-------- C:\Program Files\BearShare Test

2007-12-10 21:56 . 2007-12-10 21:56 2,560 --a------ C:\Windows\_MSRSTRT.EXE

2007-12-10 20:33 . 2007-12-10 20:33 <DIR> d-------- C:\My Downloads

2007-12-10 18:52 . 2007-12-16 22:40 58 --a------ C:\Windows\nfsc_patch.ini

2007-12-04 01:33 . 2007-12-04 01:33 823,296 --a------ C:\Windows\System32\divx_xx0c.dll

2007-12-04 01:33 . 2007-12-04 01:33 823,296 --a------ C:\Windows\System32\divx_xx07.dll

2007-12-04 01:33 . 2007-12-04 01:33 802,816 --a------ C:\Windows\System32\divx_xx11.dll

2007-12-04 01:33 . 2007-12-04 01:33 682,496 --a------ C:\Windows\System32\DivX.dll

2007-12-04 01:33 . 2007-12-04 01:33 630,784 --a------ C:\Windows\System32\divxdec.ax

2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\Windows\System32\drivers\srtspl.sys

2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\Windows\System32\drivers\srtsp.sys

2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\Windows\System32\drivers\srtspx.sys

2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\Windows\System32\drivers\srtspx.cat

2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\Windows\System32\drivers\srtspl.cat

2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\Windows\System32\drivers\srtsp.cat

2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\Windows\System32\drivers\srtspl.inf

2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\Windows\System32\drivers\srtspx.inf

2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\Windows\System32\drivers\srtsp.inf

2007-11-30 17:47 . 2007-11-30 17:47 <DIR> dr-h----- C:\Users\User\AppData\Roaming\SecuROM

2007-11-30 17:47 . 2007-11-30 17:47 108,144 --a------ C:\Windows\System32\CmdLineExt.dll

2007-11-29 22:30 . 2007-11-29 22:30 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll

2007-11-29 22:30 . 2007-11-29 22:30 1,044,480 --a------ C:\Windows\System32\libdivx.dll

2007-11-29 22:30 . 2007-11-29 22:30 524,288 --a------ C:\Windows\System32\DivXsm.exe

2007-11-29 22:30 . 2007-11-29 22:30 200,704 --a------ C:\Windows\System32\ssldivx.dll

2007-11-29 22:30 . 2007-11-29 22:30 4,816 --a------ C:\Windows\System32\divxsm.tlb

2007-11-29 22:28 . 2007-11-29 22:28 196,608 --a------ C:\Windows\System32\dtu100.dll

2007-11-29 22:28 . 2007-11-29 22:28 81,920 --a------ C:\Windows\System32\dpl100.dll

2007-11-29 22:28 . 2007-11-29 22:28 416 --a------ C:\Windows\System32\dtu100.dll.manifest

2007-11-29 22:28 . 2007-11-29 22:28 416 --a------ C:\Windows\System32\dpl100.dll.manifest

2007-11-28 23:26 . 2007-11-28 23:26 <DIR> d-------- C:\temp

2007-11-28 23:20 . 2007-11-28 23:20 <DIR> d-------- C:\Users\All Users\Media Center Programs

2007-11-28 23:20 . 2007-11-28 23:20 <DIR> d-------- C:\PROGRA~2\Media Center Programs

2007-11-28 22:59 . 2007-11-28 22:59 <DIR> d-------- C:\Program Files\THQ

2007-11-28 22:59 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll

2007-11-28 22:59 . 2006-09-28 16:05 237,848 --a------ C:\Windows\System32\xactengine2_4.dll

2007-11-28 22:59 . 2006-07-28 09:30 236,824 --a------ C:\Windows\System32\xactengine2_3.dll

2007-11-28 22:59 . 2006-09-28 16:04 68,888 --a------ C:\Windows\System32\xinput1_3.dll

2007-11-28 22:59 . 2006-07-28 09:30 62,744 --a------ C:\Windows\System32\xinput1_2.dll

2007-11-28 22:59 . 2006-09-28 16:03 15,128 --a------ C:\Windows\System32\x3daudio1_1.dll

2007-11-28 22:08 . 2007-11-28 22:08 <DIR> d-------- C:\Users\User\AppData\Roaming\InstallShield

2007-11-28 21:55 . 2007-11-28 21:55 156,992 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe

2007-11-28 21:53 . 2007-11-28 21:53 593,920 --a------ C:\Windows\System32\dpuGUI11.dll

2007-11-28 21:53 . 2007-11-28 21:53 344,064 --a------ C:\Windows\System32\dpus11.dll

2007-11-28 21:53 . 2007-11-28 21:53 294,912 --a------ C:\Windows\System32\dpu11.dll

2007-11-28 21:53 . 2007-11-28 21:53 294,912 --a------ C:\Windows\System32\dpu10.dll

2007-11-28 21:53 . 2007-11-28 21:53 57,344 --a------ C:\Windows\System32\dpv11.dll

2007-11-28 21:53 . 2007-11-28 21:53 53,248 --a------ C:\Windows\System32\dpuGUI10.dll

2007-11-28 21:52 . 2007-11-28 21:52 12,288 --a------ C:\Windows\System32\DivXWMPExtType.dll

2007-11-26 14:01 . 2007-11-26 14:01 <DIR> d-------- C:\Users\All Users\Electronic Arts

2007-11-26 14:01 . 2007-11-26 14:01 <DIR> d-------- C:\PROGRA~2\Electronic Arts

2007-11-26 13:59 . 2007-11-26 13:59 22,009,600 --a------ C:\Users\User\eadm-installer.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-21 22:35 --------- d-----w C:\Users\User\AppData\Roaming\uTorrent

2007-12-21 22:00 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF

2007-12-21 22:00 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT

2007-12-21 21:58 --------- d-----w C:\PROGRA~2\Symantec

2007-12-21 21:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-12-21 19:37 --------- d-----w C:\Program Files\ATI

2007-12-21 19:24 --------- d-----w C:\Users\User\AppData\Roaming\Skype

2007-12-21 18:22 --------- d-----w C:\Program Files\Steam

2007-12-21 18:22 --------- d-----w C:\Program Files\Common Files\Steam

2007-12-16 20:04 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-12 02:39 56,320 ----a-w C:\Windows\System32\iesetup.dll

2007-12-12 02:39 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-12-12 02:39 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2007-12-12 00:11 --------- d-----w C:\Program Files\DivX

2007-12-05 16:12 --------- d-----w C:\PROGRA~2\Roxio

2007-12-04 15:54 --------- d-----w C:\Program Files\VideoLAN

2007-11-26 22:57 --------- d-----w C:\Program Files\Windows Mail

2007-11-26 14:01 --------- d-----w C:\Program Files\Electronic Arts

2007-11-21 12:46 --------- d-----w C:\Users\User\AppData\Roaming\Earthsim

2007-11-18 17:02 25,406,752 ----a-w C:\Users\User\earthsim_ati.exe

2007-11-10 20:00 --------- d-----w C:\Program Files\Intel

2007-11-06 17:05 --------- d-----w C:\Program Files\Common Files\xing shared

2007-11-06 17:05 --------- d-----w C:\Program Files\Common Files\Real

2007-10-30 19:55 39,856 ----a-w C:\Windows\system32\drivers\symids.sys

2007-10-30 19:55 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys

2007-10-30 19:55 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys

2007-10-30 19:55 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys

2007-10-30 19:55 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys

2007-10-30 19:55 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys

2007-10-30 19:24 12,963 ----a-w C:\Windows\system32\drivers\SymRedir.cat

2007-10-30 19:24 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf

2007-10-19 09:55 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe

2007-10-15 01:00 22,328 ----a-w C:\Users\User\AppData\Roaming\PnkBstrK.sys

2007-10-15 00:59 674,600 ----a-w C:\Windows\System32\pbsvc.exe

2007-10-15 00:59 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe

2007-10-14 20:16 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2007-10-14 20:16 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2007-10-14 20:16 542,720 ----a-w C:\Windows\System32\sysmain.dll

2007-10-14 20:16 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2007-10-14 20:16 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2007-10-14 20:16 297,984 ----a-w C:\Windows\System32\wlansec.dll

2007-10-14 20:16 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2007-10-14 20:16 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2007-10-14 20:16 2,923,520 ----a-w C:\Windows\explorer.exe

2007-10-14 20:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2007-10-10 02:09 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2007-10-10 02:09 7,680 ----a-w C:\Windows\System32\spwmp.dll

2007-10-10 02:09 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2007-10-10 02:09 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2007-10-10 02:07 84,480 ----a-w C:\Windows\System32\INETRES.dll

2007-10-10 02:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll

2007-10-10 02:01 788,992 ----a-w C:\Windows\System32\rpcrt4.dll

2007-10-09 07:44 110,592 ----a-w C:\Windows\System32\SynTPCo4.dll

2007-10-09 07:16 147,456 ----a-w C:\Windows\System32\SynTPAPI.dll

2007-10-09 07:08 196,608 ----a-w C:\Windows\System32\SynCtrl.dll

2007-10-09 07:07 163,840 ----a-w C:\Windows\System32\SynCOM.dll

2007-09-29 03:03 9,850,880 ----a-w C:\Windows\System32\atioglxx.dll

2007-09-29 03:02 356,352 ----a-w C:\Windows\System32\ATIDEMGX.dll

2007-09-29 03:02 237,568 ----a-w C:\Windows\System32\Oemdspif.dll

2007-09-29 02:54 1,429,504 ----a-w C:\Windows\System32\atidxx32.dll

2007-09-29 02:27 48,128 ----a-w C:\Windows\System32\amdpcom32.dll

2007-09-28 16:07 129,784 ------w C:\Windows\System32\PxAFS.DLL

2007-09-28 16:07 120,056 ------w C:\Windows\System32\pxcpyi64.exe

2007-09-28 16:07 118,520 ------w C:\Windows\System32\pxinsi64.exe

2007-08-30 02:11 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((( snapshot@2007-12-21_14.39.22.08 )))))))))))))))))))))))))))))))))))))))))

.

- 2007-12-20 00:35:54 135,168 ----a-w C:\Windows\assembly\GAC\AxInterop.MSComctlLib\2.0.0.0__90ba9c70f846762e\AxInterop.MSComctlLib.DLL

+ 2007-12-21 17:23:56 135,168 ----a-w C:\Windows\assembly\GAC\AxInterop.MSComctlLib\2.0.0.0__90ba9c70f846762e\AxInterop.MSComctlLib.DLL

- 2007-12-20 00:35:54 212,992 ----a-w C:\Windows\assembly\GAC\AxInterop.MSForms\2.0.0.0__90ba9c70f846762e\AxInterop.MSForms.DLL

+ 2007-12-21 17:23:57 212,992 ----a-w C:\Windows\assembly\GAC\AxInterop.MSForms\2.0.0.0__90ba9c70f846762e\AxInterop.MSForms.DLL

- 2007-12-20 00:35:54 225,280 ----a-w C:\Windows\assembly\GAC\Interop.MSComctlLib\2.0.0.0__90ba9c70f846762e\Interop.MSComctlLib.DLL

+ 2007-12-21 17:23:57 225,280 ----a-w C:\Windows\assembly\GAC\Interop.MSComctlLib\2.0.0.0__90ba9c70f846762e\Interop.MSComctlLib.DLL

- 2007-12-20 00:35:54 360,448 ----a-w C:\Windows\assembly\GAC\Interop.MSForms\2.0.0.0__90ba9c70f846762e\Interop.MSForms.DLL

+ 2007-12-21 17:23:57 360,448 ----a-w C:\Windows\assembly\GAC\Interop.MSForms\2.0.0.0__90ba9c70f846762e\Interop.MSForms.DLL

- 2007-12-20 00:35:54 49,152 ----a-w C:\Windows\assembly\GAC\Interop.NewIWshRuntimeLibrary\1.0.0.0__90ba9c70f846762e\Interop.NewIWshRuntimeLibrary.DLL

+ 2007-12-21 17:23:57 49,152 ----a-w C:\Windows\assembly\GAC\Interop.NewIWshRuntimeLibrary\1.0.0.0__90ba9c70f846762e\Interop.NewIWshRuntimeLibrary.DLL

- 2007-12-20 00:35:48 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.DLL

+ 2007-12-21 17:23:50 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.DLL

- 2007-12-20 00:35:55 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2791.31999__90ba9c70f846762e\AEM.Actions.CCAA.Shared.DLL

+ 2007-12-21 17:23:58 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2791.31999__90ba9c70f846762e\AEM.Actions.CCAA.Shared.DLL

- 2007-12-20 00:35:48 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2791.31987__90ba9c70f846762e\AEM.Foundation.DLL

+ 2007-12-21 17:23:50 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2791.31987__90ba9c70f846762e\AEM.Foundation.DLL

- 2007-12-20 00:35:55 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2791.32025__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.DLL

+ 2007-12-21 17:23:58 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2791.32025__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.DLL

- 2007-12-20 00:35:55 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2791.32011__90ba9c70f846762e\AEM.Plugin.EEU.Shared.DLL

+ 2007-12-21 17:23:58 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2791.32011__90ba9c70f846762e\AEM.Plugin.EEU.Shared.DLL

- 2007-12-20 00:35:55 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2791.32024__90ba9c70f846762e\AEM.Plugin.GD.Shared.DLL

+ 2007-12-21 17:23:58 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2791.32024__90ba9c70f846762e\AEM.Plugin.GD.Shared.DLL

- 2007-12-20 00:35:56 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2791.32000__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.DLL

+ 2007-12-21 17:23:58 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2791.32000__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.DLL

- 2007-12-20 00:35:55 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.2791.32040__90ba9c70f846762e\AEM.Plugin.REG.Shared.DLL

+ 2007-12-21 17:23:58 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.2791.32040__90ba9c70f846762e\AEM.Plugin.REG.Shared.DLL

- 2007-12-20 00:35:55 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.EEU.Shared\2.0.2791.32028__90ba9c70f846762e\AEM.Plugin.Source.EEU.Shared.DLL

+ 2007-12-21 17:23:58 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.EEU.Shared\2.0.2791.32028__90ba9c70f846762e\AEM.Plugin.Source.EEU.Shared.DLL

- 2007-12-20 00:35:55 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.GD.Shared\2.0.2791.32027__90ba9c70f846762e\AEM.Plugin.Source.GD.Shared.DLL

+ 2007-12-21 17:23:58 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.GD.Shared\2.0.2791.32027__90ba9c70f846762e\AEM.Plugin.Source.GD.Shared.DLL

- 2007-12-20 00:35:48 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2791.32001__90ba9c70f846762e\AEM.Server.Shared.DLL

+ 2007-12-21 17:23:50 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2791.32001__90ba9c70f846762e\AEM.Server.Shared.DLL

- 2007-12-20 00:35:48 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.UI.Shared\2.0.2791.32038__90ba9c70f846762e\AEM.UI.Shared.DLL

+ 2007-12-21 17:23:50 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\AEM.UI.Shared\2.0.2791.32038__90ba9c70f846762e\AEM.UI.Shared.DLL

- 2007-12-20 00:35:49 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2791.32006__90ba9c70f846762e\APM.Foundation.DLL

+ 2007-12-21 17:23:50 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2791.32006__90ba9c70f846762e\APM.Foundation.DLL

- 2007-12-20 00:35:55 6,656 ----a-w C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.DLL

+ 2007-12-21 17:23:57 6,656 ----a-w C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.DLL

- 2007-12-20 00:35:54 45,056 ----a-w C:\Windows\assembly\GAC_MSIL\AxInterop.SHDocVw\1.1.0.0__90ba9c70f846762e\AxInterop.SHDocVw.DLL

+ 2007-12-21 17:23:57 45,056 ----a-w C:\Windows\assembly\GAC_MSIL\AxInterop.SHDocVw\1.1.0.0__90ba9c70f846762e\AxInterop.SHDocVw.DLL

- 2007-12-20 00:35:54 49,152 ----a-w C:\Windows\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e\CCC.EXE

+ 2007-12-21 17:23:56 49,152 ----a-w C:\Windows\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e\CCC.EXE

- 2007-12-20 00:35:49 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Shared\2.0.2791.32026__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Shared.DLL

+ 2007-12-21 17:23:50 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Shared\2.0.2791.32026__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Shared.DLL

- 2007-12-20 00:35:49 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2791.32011__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.DLL

+ 2007-12-21 17:23:50 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2791.32011__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.DLL

- 2007-12-20 00:35:49 53,248 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2791.32014__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.DLL

+ 2007-12-21 17:23:50 53,248 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2791.32014__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.DLL

- 2007-12-20 00:35:49 40,960 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2791.32026__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.DLL

+ 2007-12-21 17:23:50 40,960 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2791.32026__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.DLL

- 2007-12-20 00:35:49 40,960 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2791.32014__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.DLL

+ 2007-12-21 17:23:51 40,960 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2791.32014__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.DLL

- 2007-12-20 00:35:49 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2791.32039__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.DLL

+ 2007-12-21 17:23:51 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2791.32039__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.DLL

- 2007-12-20 00:35:49 32,768 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2791.32007__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.DLL

+ 2007-12-21 17:23:51 32,768 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2791.32007__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.DLL

- 2007-12-20 00:35:49 65,536 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2791.32027__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.DLL

+ 2007-12-21 17:23:51 65,536 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2791.32027__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.DLL

- 2007-12-20 00:35:49 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2791.32014__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL

+ 2007-12-21 17:23:51 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2791.32014__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL

- 2007-12-20 00:35:50 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2791.32039__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL

+ 2007-12-21 17:23:51 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2791.32039__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL

- 2007-12-20 00:35:50 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2791.32029__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL

+ 2007-12-21 17:23:52 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2791.32029__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL

- 2007-12-20 00:35:50 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared\2.0.2791.32012__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.DLL

+ 2007-12-21 17:23:52 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared\2.0.2791.32012__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.DLL

- 2007-12-20 00:35:50 45,056 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2791.32015__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.DLL

+ 2007-12-21 17:23:52 45,056 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2791.32015__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.DLL

- 2007-12-20 00:35:50 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Shared\2.0.2791.32013__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Shared.DLL

+ 2007-12-21 17:23:52 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Shared\2.0.2791.32013__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Shared.DLL

- 2007-12-20 00:35:50 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.2791.32040__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.DLL

+ 2007-12-21 17:23:52 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.2791.32040__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.DLL

- 2007-12-20 00:35:50 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Shared\2.0.2791.32041__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Shared.DLL

+ 2007-12-21 17:23:52 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Shared\2.0.2791.32041__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Shared.DLL

- 2007-12-20 00:35:50 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Shared\2.0.2791.32012__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Shared.DLL

+ 2007-12-21 17:23:53 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Shared\2.0.2791.32012__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Shared.DLL

- 2007-12-20 00:35:50 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.2791.32012__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.DLL

+ 2007-12-21 17:23:53 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.2791.32012__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.DLL

- 2007-12-20 00:35:50 57,344 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2791.32025__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.DLL

+ 2007-12-21 17:23:53 57,344 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2791.32025__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.DLL

- 2007-12-20 00:35:50 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.2791.32026__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.DLL

+ 2007-12-21 17:23:53 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.2791.32026__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.DLL

- 2007-12-20 00:35:51 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.2791.32042__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.DLL

+ 2007-12-21 17:23:53 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.2791.32042__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.DLL

- 2007-12-20 00:35:51 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2791.32041__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL

+ 2007-12-21 17:23:53 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2791.32041__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL

- 2007-12-20 00:35:51 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.2791.32013__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.DLL

+ 2007-12-21 17:23:53 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.2791.32013__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.DLL

- 2007-12-20 00:35:51 53,248 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2791.32027__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.DLL

+ 2007-12-21 17:23:54 53,248 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2791.32027__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.DLL

- 2007-12-20 00:35:51 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.2791.32011__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.DLL

+ 2007-12-21 17:23:54 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.2791.32011__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.DLL

- 2007-12-20 00:35:51 40,960 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2791.32041__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.DLL

+ 2007-12-21 17:23:54 40,960 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2791.32041__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.DLL

- 2007-12-20 00:35:51 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Shared\2.0.2791.32025__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.DLL

+ 2007-12-21 17:23:54 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Shared\2.0.2791.32025__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.DLL

- 2007-12-20 00:35:51 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2791.32028__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.DLL

+ 2007-12-21 17:23:54 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2791.32028__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.DLL

- 2007-12-20 00:35:51 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig.Graphics.Shared\2.0.2791.32026__90ba9c70f846762e\CLI.Aspect.WorkstationConfig.Graphics.Shared.DLL

+ 2007-12-21 17:23:54 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig.Graphics.Shared\2.0.2791.32026__90ba9c70f846762e\CLI.Aspect.WorkstationConfig.Graphics.Shared.DLL

- 2007-12-20 00:35:51 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2791.32040__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.DLL

+ 2007-12-21 17:23:54 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2791.32040__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.DLL

- 2007-12-20 00:35:51 57,344 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2791.32002__90ba9c70f846762e\CLI.Caste.Graphics.Shared.DLL

+ 2007-12-21 17:23:54 57,344 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2791.32002__90ba9c70f846762e\CLI.Caste.Graphics.Shared.DLL

- 2007-12-20 00:35:51 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2791.32029__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.DLL

+ 2007-12-21 17:23:54 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2791.32029__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.DLL

- 2007-12-20 00:35:51 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2791.31995__90ba9c70f846762e\CLI.Component.Client.Shared.DLL

+ 2007-12-21 17:23:54 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2791.31995__90ba9c70f846762e\CLI.Component.Client.Shared.DLL

- 2007-12-20 00:35:51 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2791.31999__90ba9c70f846762e\CLI.Component.Dashboard.Shared.DLL

+ 2007-12-21 17:23:55 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2791.31999__90ba9c70f846762e\CLI.Component.Dashboard.Shared.DLL

- 2007-12-20 00:35:51 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2791.32001__90ba9c70f846762e\CLI.Component.Runtime.Shared.DLL

+ 2007-12-21 17:23:55 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2791.32001__90ba9c70f846762e\CLI.Component.Runtime.Shared.DLL

- 2007-12-20 00:35:51 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2791.32007__90ba9c70f846762e\CLI.Component.Wizard.Shared.DLL

+ 2007-12-21 17:23:55 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2791.32007__90ba9c70f846762e\CLI.Component.Wizard.Shared.DLL

- 2007-12-20 00:35:51 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2791.32434__90ba9c70f846762e\CLI.Foundation.XManifest.DLL

+ 2007-12-21 17:23:55 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2791.32434__90ba9c70f846762e\CLI.Foundation.XManifest.DLL

- 2007-12-20 00:35:51 49,152 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2791.31988__90ba9c70f846762e\CLI.Foundation.DLL

+ 2007-12-21 17:23:55 49,152 ----a-w C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2791.31988__90ba9c70f846762e\CLI.Foundation.DLL

- 2007-12-20 00:35:54 49,152 ----a-w C:\Windows\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e\CLI.EXE

+ 2007-12-21 17:23:56 49,152 ----a-w C:\Windows\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e\CLI.EXE

- 2007-12-20 00:35:51 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.DLL

+ 2007-12-21 17:23:55 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.DLL

- 2007-12-20 00:35:52 45,056 ----a-w C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.DLL

+ 2007-12-21 17:23:55 45,056 ----a-w C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.DLL

- 2007-12-20 00:35:52 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.DLL

+ 2007-12-21 17:23:55 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.DLL

- 2007-12-20 00:35:52 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.DLL

+ 2007-12-21 17:23:55 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.DLL

- 2007-12-20 00:35:52 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.DLL

+ 2007-12-21 17:23:56 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.DLL

- 2007-12-20 00:35:52 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2791.32015__90ba9c70f846762e\DEM.Graphics.DLL

+ 2007-12-21 17:23:55 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2791.32015__90ba9c70f846762e\DEM.Graphics.DLL

- 2007-12-20 00:35:52 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2791.32016__90ba9c70f846762e\DEM.OS.I0602.DLL

+ 2007-12-21 17:23:56 20,480 ----a-w C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2791.32016__90ba9c70f846762e\DEM.OS.I0602.DLL

- 2007-12-20 00:35:52 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2791.32016__90ba9c70f846762e\DEM.OS.DLL

+ 2007-12-21 17:23:56 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2791.32016__90ba9c70f846762e\DEM.OS.DLL

- 2007-12-20 00:35:55 131,072 ----a-w C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__90ba9c70f846762e\Interop.SHDocVw.DLL

+ 2007-12-21 17:23:57 131,072 ----a-w C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__90ba9c70f846762e\Interop.SHDocVw.DLL

- 2007-12-20 00:35:52 32,768 ----a-w C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2791.31986__90ba9c70f846762e\LOG.Foundation.DLL

+ 2007-12-21 17:23:56 32,768 ----a-w C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2791.31986__90ba9c70f846762e\LOG.Foundation.DLL

- 2007-12-20 00:35:54 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2791.32006__90ba9c70f846762e\MOM.Foundation.DLL

+ 2007-12-21 17:23:56 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2791.32006__90ba9c70f846762e\MOM.Foundation.DLL

- 2007-12-20 00:35:54 49,152 ----a-w C:\Windows\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e\MOM.EXE

+ 2007-12-21 17:23:56 49,152 ----a-w C:\Windows\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e\MOM.EXE

- 2007-12-20 00:35:54 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2791.31992__90ba9c70f846762e\NEWAEM.Foundation.DLL

+ 2007-12-21 17:23:56 24,576 ----a-w C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2791.31992__90ba9c70f846762e\NEWAEM.Foundation.DLL

- 2007-12-21 14:20:09 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2007-12-26 13:55:50 67,584 --s-a-w C:\Windows\bootstat.dat

- 2007-12-20 00:33:22 51,200 ----a-w C:\Windows\inf\infpub.dat

+ 2007-12-21 21:23:04 51,200 ----a-w C:\Windows\inf\infpub.dat

- 2007-12-20 00:33:15 86,016 ----a-w C:\Windows\inf\infstor.dat

+ 2007-12-21 21:23:04 86,016 ----a-w C:\Windows\inf\infstor.dat

- 2007-12-20 00:33:22 143,360 ----a-w C:\Windows\inf\infstrng.dat

+ 2007-12-21 21:23:04 143,360 ----a-w C:\Windows\inf\infstrng.dat

- 2007-12-20 00:31:36 9,158 ----a-r C:\Windows\Installer\{8FC509C3-1663-6E22-66B2-C67FE46B2B4B}\NewShortcut21_880D4BF9C80E4DBEBF92A042AA41DD87.exe

+ 2007-12-21 17:20:07 9,158 ----a-r C:\Windows\Installer\{8FC509C3-1663-6E22-66B2-C67FE46B2B4B}\NewShortcut21_880D4BF9C80E4DBEBF92A042AA41DD87.exe

- 2007-12-20 00:31:37 9,158 ----a-r C:\Windows\Installer\{8FC509C3-1663-6E22-66B2-C67FE46B2B4B}\NewShortcut5_880D4BF9C80E4DBEBF92A042AA41DD87.exe

+ 2007-12-21 17:20:07 9,158 ----a-r C:\Windows\Installer\{8FC509C3-1663-6E22-66B2-C67FE46B2B4B}\NewShortcut5_880D4BF9C80E4DBEBF92A042AA41DD87.exe

- 2007-12-20 00:35:45 10,134 ----a-r C:\Windows\Installer\{A8D331E4-5D9C-7ACE-A7A3-C9CD234A3112}\ARPPRODUCTICON.exe

+ 2007-12-21 17:23:45 10,134 ----a-r C:\Windows\Installer\{A8D331E4-5D9C-7ACE-A7A3-C9CD234A3112}\ARPPRODUCTICON.exe

- 2007-12-20 00:35:45 9,158 ----a-r C:\Windows\Installer\{A8D331E4-5D9C-7ACE-A7A3-C9CD234A3112}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe

+ 2007-12-21 17:23:46 9,158 ----a-r C:\Windows\Installer\{A8D331E4-5D9C-7ACE-A7A3-C9CD234A3112}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe

- 2007-12-21 14:21:56 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2007-12-24 16:16:18 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2007-12-24 16:16:18 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2007-12-21 14:38:32 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2007-12-26 14:20:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2007-09-29 03:02:16 43,520 ----a-w C:\Windows\System32\ati2edxx.dll

+ 2006-11-24 13:37:08 42,496 ----a-w C:\Windows\System32\ati2edxx.dll

- 2007-09-29 03:02:06 245,760 ----a-w C:\Windows\System32\Ati2evxx.dll

+ 2006-11-24 13:37:00 229,376 ----a-w C:\Windows\System32\Ati2evxx.dll

- 2007-09-29 03:01:02 610,304 ----a-w C:\Windows\System32\Ati2evxx.exe

+ 2006-11-24 13:36:02 557,056 ----a-w C:\Windows\System32\Ati2evxx.exe

- 2007-07-16 15:37:39 154,206 ----a-w C:\Windows\System32\atiicdxx.dat

+ 2006-10-19 02:16:06 138,101 ----a-w C:\Windows\System32\atiicdxx.dat

- 2007-09-29 03:02:36 266,240 ----a-w C:\Windows\System32\atipdlxx.dll

+ 2006-11-24 13:37:28 237,568 ----a-w C:\Windows\System32\atipdlxx.dll

- 2007-09-29 03:02:46 159,744 ----a-w C:\Windows\System32\atitmmxx.dll

+ 2006-11-24 13:37:38 159,744 ----a-w C:\Windows\System32\atitmmxx.dll

- 2007-09-29 02:50:24 3,071,488 ----a-w C:\Windows\System32\atiumdag.dll

+ 2006-11-24 13:34:34 2,494,464 ----a-w C:\Windows\System32\atiumdag.dll

- 2007-09-29 02:37:10 3,887,104 ----a-w C:\Windows\System32\atiumdva.dll

+ 2006-11-24 13:24:54 659,968 ----a-w C:\Windows\System32\atiumdva.dll

- 2007-12-21 14:35:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2007-12-26 14:01:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2007-12-21 14:35:29 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2007-12-26 14:01:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2007-12-21 14:35:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2007-12-26 14:01:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2007-12-21 14:34:44 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2007-12-26 14:06:07 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

- 2007-09-29 02:16:42 49,152 ----a-w C:\Windows\System32\drivers\ati2erec.dll

+ 2006-11-24 13:09:56 49,152 ----a-w C:\Windows\System32\drivers\ati2erec.dll

- 2007-09-29 03:13:56 3,154,944 ----a-w C:\Windows\System32\drivers\atikmdag.sys

+ 2006-11-24 13:46:38 2,085,888 ----a-w C:\Windows\System32\drivers\atikmdag.sys

- 2007-12-17 16:21:24 108,526 ----a-w C:\Windows\System32\perfc009.dat

+ 2007-12-25 18:56:24 108,526 ----a-w C:\Windows\System32\perfc009.dat

- 2007-12-17 16:21:24 623,342 ----a-w C:\Windows\System32\perfh009.dat

+ 2007-12-25 18:56:24 623,342 ----a-w C:\Windows\System32\perfh009.dat

- 2007-12-21 14:20:05 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2007-12-24 16:14:30 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2007-12-21 14:22:16 12,082 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-883708958-20311004-2147769154-1003_UserData.bin

+ 2007-12-24 16:16:31 12,982 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-883708958-20311004-2147769154-1003_UserData.bin

- 2007-12-21 14:22:15 81,778 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2007-12-24 16:16:30 84,136 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2007-12-21 14:22:08 45,552 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2007-12-24 16:16:27 47,556 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2007-12-12 00:17:57 250,286 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2007-12-26 13:55:55 255,884 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36]

"MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 08:56]

"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2006-11-02 12:35]

"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-03-07 17:47]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-30 02:17]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-09 07:44]

"RtHDVCpl"="RtHDVCpl.exe" [2007-08-07 03:59 C:\Windows\RtHDVCpl.exe]

"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-11-08 19:36]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-14 19:23]

"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 11:03]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 11:03 C:\Windows\KHALMNPR.Exe]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-06 17:04]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-10-09 07:23]

"Skytel"="Skytel.exe" [2007-08-03 05:22 C:\Windows\SkyTel.exe]

"CTRegRun"="C:\Windows\CTRegRun.EXE" [1999-10-11 01:00]

"StartCCC"="C:\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 08:48:20]

Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 07:01:50]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-18 14:09:02]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 15:23]

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2006-11-20 22:14]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20071220.001\IDSvix86.sys [2007-12-04 18:19]

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 21:40]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 08:39]

R3 CIR;Hid Device;C:\Windows\system32\DRIVERS\CIR.sys [2006-10-05 03:26]

R3 kbd;Keyboard;C:\Windows\system32\DRIVERS\kbd.sys [2006-10-05 03:25]

R3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 01:42]

R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2006-12-20 18:12]

R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 13:46]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]

S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 17:04]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient

LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50fdec7b-6243-11dc-985d-0040d0a94343}]

\shell\Auto\command - MicrosoftPowerPoint.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8482a04-4656-11dc-828e-0040d0a94343}]

\shell\Auto\command - F:\Cn911.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Cn911.exe

.

Contents of the 'Scheduled Tasks' folder

"2007-12-21 22:37:23 C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - User.job"

- C:\Program Files\Norton AntiVirus\Navw32.exeB/TASK:

"2007-12-14 20:31:08 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - User.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-26 14:20:56

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-12-26 14:21:44

C:\ComboFix2.txt ... 2007-12-21 14:40

.

2007-12-12 02:40:53 --- E O F ---

HijackThis--------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:24:01 PM, on 26/12/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Creative\MediaSource5\MtdAcqu.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Windows\system32\taskeng.exe

C:\Windows\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Users\User\HJT\HJTInstall.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE

O4 - HKLM\..\Run: [startCCC] "C:\ATI\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8047 bytes

Thankyou

Link to post
Share on other sites

Im not getting the pop-ups any more, i think its because i updated my antivirus and it picked something up. but i still get an error message when i first open Internet explorer, and i still get diverted from webpages im trying to view on random occasions.

The error message im getting is:

"Cannot find {bunch of random numbers}. Make sure path or internet address is correct.

I also no longer have the the IE Custom Tools/IE saftey features in my add/remove programs list.

I guess maybe my antivirus has delt with most of it?

still an odd error? otherwise it seems to work okay.

Link to post
Share on other sites
The error message im getting is:

"Cannot find {bunch of random numbers}. Make sure path or internet address is correct.

Can you please tell me the exact message.

Including the clsid (the numbers).

:)

Link to post
Share on other sites

Hi, again sorry to take so long.

The exact message is as follows:

"Cannot find '::{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}'. Make sure the path or internet address is correct."

I have also noticed one other little issue. When i open a new internet explorer browser my default homepage comes up (a blank page) then when i type an address in the address bar it opens the new page in a completely new internet explorer (ie i have 2 internet explorer's on my taskbar), but then every adresss i type in this new internet explorer window just changes the site without opening a new internet explorer?

Not a huge problem but kinda anoying

Look forward tohearing from you :)

Link to post
Share on other sites

Hi,

Thats an odd issue you have. Malware might have corrupted a few things.

Click Start, then Run. Copy the following line below into the Run box and press enter.

regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"

Open My Computer and navigate to C:\

Open look.txt in notepad then copy and paste the contents into a reply.

Link to post
Share on other sites
Hi,

Thats an odd issue you have. Malware might have corrupted a few things.

Click Start, then Run. Copy the following line below into the Run box and press enter.

regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"

Open My Computer and navigate to C:\

Open look.txt in notepad then copy and paste the contents into a reply.

Hi again

This is the text you asked for:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"

"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"="Computers and Devices"

"{E7DE9B1A-7533-4556-9484-B26FB486475E}"=""

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"

"{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486}"="IGD Property Sheet Handler"

"{92dbad9f-5025-49b0-9078-2d78f935e341}"="Microsoft Windows Mail Html Preview Handler"

"{b9815375-5d7f-4ce2-9245-c9d4da436930}"="Microsoft Windows Mail Html Preview Handler"

"{f8b8412b-dea3-4130-b36c-5e8be73106ac}"="Microsoft Windows Mail Html Preview Handler"

"{5FA29220-36A1-40f9-89C6-F4B384B7642E}"="Shell Message Handler"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}"="Microsoft Browser Architecture"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"

"{73CFD649-CD48-4fd8-A272-2070EA56526B}"="IE BandProxy"

"{07C45BB1-4A8C-4642-A1F5-237E7215FF66}"="IE Microsoft BrowserBand"

"{43886CD5-6529-41c4-A707-7B3C92C05E68}"="IE Navigation Bar"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"

"{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}"="IE Registry Tree Options Utility"

"{3028902F-6374-48b2-8DC6-9725E775B926}"="IE AutoComplete"

"{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}"="IE MRU AutoComplete List"

"{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}"="IE Custom MRU AutoCompleted List"

"{6038EF75-ABFC-4e59-AB6F-12D397F6568D}"="IE Microsoft History AutoComplete List"

"{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}"="IE Microsoft Shell Folder AutoComplete List"

"{B31C5FAE-961F-415b-BAF0-E697A5178B94}"="IE Microsoft Multiple AutoComplete List Container"

"{E6EE9AAC-F76B-4947-8260-A9F136138E11}"="IE Shell Band Site Menu"

"{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}"="IE Shell Rebar BandSite"

"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}"="IE User Assist"

"{4B78D326-D922-44f9-AF2A-07805C2A3560}"="IE Menu Band"

"{6CF48EF8-44CD-45d2-8832-A16EA016311B}"="IE IShellFolderBand"

"{F2CF5485-4E02-4f68-819C-B92DE9277049}"="&Links"

"{1C1EDB47-CE22-4bbb-B608-77B48F83C823}"="IE Fade Task"

"{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}"="IE Tracking Shell Menu"

"{44C76ECD-F7FA-411c-9929-1B77BA77F524}"="IE Menu Site"

"{205D7A97-F16D-4691-86EF-F3075DCCA57D}"="IE Menu Desk Bar"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}"="IE RSS Feeder Folder"

"{8856f961-340a-11d0-a96b-00c04fd705a2}"="Microsoft Web Browser"

"{3050f3d9-98b5-11cf-bb82-00aa00bdce0b}"="MSHTML Document"

"{25336920-03f9-11cf-8fd0-00aa00686f13}"="HTML Document"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Mail Service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Desktop Shortcut"

"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"

"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"

"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"

"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"

"{b2c761c6-29bc-4f19-9251-e6195265baf1}"="Color Control Panel Applet"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"

"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

"{36eef7db-88ad-4e81-ad49-0e313f0c35f8}"="Windows Update"

"{74246bfc-4c96-11d0-abef-0020af6b0b7a}"="Device Manager"

"{7A979262-40CE-46ff-AEEE-7884AC3B6136}"="Add New Hardware"

"{7b81be6a-ce2b-4676-a29e-eb907a5126c5}"="Programs and Features"

"{15eae92e-f17a-4431-9f28-805e482dafd4}"="Install New Programs"

"{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}"="Installed Updates"

"{ceefea1b-3e29-4ef1-b34c-fec79c4f70af}"="New Shortcut Wizard"

"{0BFCF7B7-E7B6-433a-B205-2904FCF040DD}"="New Shortcut Wizard Modal"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"

"{3e7efb4c-faf1-453d-89eb-56026875ef90}"="Get Programs Online"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyFolder Properties"

"{44f3dab6-4392-4186-bb7b-6282ccb7a9f6}"="MyDocuments menu and properties"

"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"

"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"

"{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}"="Start Menu OEM Command"

"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"

"{3080F90D-D7AD-11D9-BD98-0000947B0257}"="Show Desktop"

"{3080F90E-D7AD-11D9-BD98-0000947B0257}"="Window Switcher"

"{eb124705-128b-40d4-8dd8-d93ed12589a4}"="WPL property store"

"{3c2654c6-7372-4f6b-b310-55d6128f49d2}"="Alphabetical Categorizer"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"

"{708e1662-b832-42a8-bbe1-0a77121e3908}"="Tree property value folder"

"{71f96385-ddd6-48d3-a0c1-ae06e8b055fb}"="Explorer Browser"

"{b2952b16-0e07-4e5a-b993-58c52cb94cae}"="Search Folders"

"{437ff9c0-a07f-4fa0-af80-84b6c6440a16}"="Command Folder"

"{90f8c90b-04e0-4e92-a186-e6e9c125d664}"="Property Labels"

"{1b24a030-9b20-49bc-97ac-1be4426f9e59}"="ActiveDirectory Folder"

"{34449847-FD14-4fc8-A75A-7432F5181EFB}"="ActiveDirectory Folder"

"{C8494E42-ACDD-4739-B0FB-217361E4894F}"="Sam Account Folder"

"{E29F9716-5C08-4FCD-955A-119FDB5A522D}"="Sam Account Folder"

"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"

"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"

"{b155bdf8-02f0-451e-9a26-ae317cfd7779}"="nethood delegate folder"

"{DFFACDC5-679F-4156-8947-C5C76BC0B67F}"="users files delegate folder"

"{ed50fc29-b964-48a9-afb3-15ebb9b97f36}"="printhood delegate folder"

"{328B0346-7EAF-4BBE-A479-7CB88A095F5B}"="Layout Folder"

"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"="Control Panel command object for Start menu"

"{E44E5D18-0652-4508-A4E2-8A090067BCB0}"="Default Programs command object for Start menu"

"{4336a54d-038b-4685-ab02-99bb52d3fb8b}"="Public Folder"

"{00021401-0000-0000-C000-000000000046}"="Shortcut"

"{C73F6F30-97A0-4AD1-A08F-540D4E9BC7B9}"="Search Folder"

"{0AFCCBA6-BF90-4A4E-8482-0AC960981F5B}"=".fon, .otf, .ttc or .ttf files"

"{66742402-F9B9-11D1-A202-0000F81FEDEE}"=".cpl, .dll, .exe, .ocx, .rll or .sys files"

"{D34A6CA6-62C2-4C34-8A7C-14709C1AD938}"="Common Places Folder"

"{865e5e76-ad83-4dca-a109-50dc2113ce9a}"="Programs Folder and Fast Items"

"{21ec2020-3aea-1069-a2dd-08002b30309d}"="Control Panel"

"{25585dc7-4da0-438d-ad04-e42c8d2d64b9}"="Client application shell extension"

"{6dfd7c5c-2451-11d3-a299-00c04f8ef6af}"="Folder Options"

"{a42c2ccb-67d3-46fa-abe6-7d2f3488c7a3}"="Microsoft Windows RTF Preview Handler"

"{1531d583-8375-4d3f-b5fb-d23bbd169f22}"="Window TXT Preview Handler"

"{97e467b4-98c6-4f19-9588-161b7773d6f6}"="Office Document Property Handler"

"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"

"{056440FD-8568-48e7-A632-72157243B55B}"="Explorer Navigation Bar"

"{C4EC38BD-4E9E-4b5e-935A-D1BFF237D980}"="Explorer Travel Band"

"{6D8BB3D3-9D87-4a91-AB56-4F30CFFEFE9F}"="Explorer Search Band"

"{2C2577C2-63A7-40e3-9B7F-586602617ECB}"="Explorer Query Band"

"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Search Band"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"

"{a542e116-8088-4146-a352-b0d06e7f6af6}"="Address EditBox"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"

"{596742A5-1393-4e13-8765-AE1DF71ACAFB}"="Microsoft Breadcrumb Bar"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"

"{fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}"="Search Control"

"{4d5c8c2a-d075-11d0-b416-00c04fb90376}"="Microsoft CommBand"

"{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}"="File Open Dialog"

"{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B}"="File Save Dialog"

"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"

"{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"

"{92337A8C-E11D-11D0-BE48-00C04FC30DF6}"="OlePrn.PrinterURL"

"{45670FA8-ED97-4F44-BC93-305082590BFB}"="Microsoft XPS Properties"

"{44121072-A222-48f2-A58A-6D9AD51EBBE9}"="Microsoft XPS Thumbnail"

"{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b}"="View Available Networks"

"{13D3C4B8-B179-4ebb-BF62-F704173E7448}"="Windows Contact Preview Handler"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."

"{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}"="Contacts folder"

"{4F58F63F-244B-4c07-B29F-210BE59BE9B4}"=".group shell extension handler"

"{8082C5E6-4C27-48ec-A809-B8E1122E8F97}"=".contact shell extension handler"

"{16C2C29D-0E5F-45f3-A445-03E03F587B7D}"="group_wab_auto_file"

"{CF67796C-F57F-45F8-92FB-AD698826C602}"="contact_wab_auto_file"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"

"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Property Page"

"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"

"{4026492f-2f69-46b8-b9bf-5654fc07e423}"="Windows Firewall"

"{D555645E-D4F8-4c29-A827-D93C859C4F2A}"=""

"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"

"{fcfeecae-ee1b-4849-ae50-685dcf7717ec}"="Problem Reports and Solutions"

"{a304259d-52b8-4526-8b1a-a1d6cecc8243}"="iSCSI Initiator"

"{8E908FC9-BECC-40f6-915B-F4CA0E70D03D}"=""

"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"

"{025A5937-A6BE-4686-A844-36FE4BEC8B6D}"="Microsoft Power Options"

"{BB06C0E4-D293-4f75-8A90-CB05B6477EEE}"=""

"{ED834ED6-4B5A-4bfe-8F11-A626DCB6A921}"=""

"{17cd9488-1228-4b2f-88ce-4298e93e0966}"=""

"{60632754-c523-4b62-b45c-4172da012619}"=""

"{9C60DE1E-E5FC-40f4-A487-460851A8D915}"=""

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"

"{11dbb47c-a525-400b-9e80-a54615a090c0}"="Execute Folder"

"{90b9bce2-b6db-4fd3-8451-35917ea1081b}"="Search Execute Command"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Microsoft Windows Font Folder"

"{2BC0DA0E-F1BC-43AB-B4B5-738EB6B51E7E}"="Microsoft Windows Font File Icon Handler"

"{1a184871-359e-4f67-aad9-5b9905d62232}"="Microsoft Windows Font File Context Menu Handler"

"{8a7cae0e-5951-49cb-bf20-ab3fa1e44b01}"="Microsoft Windows Font Previewer"

"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"

"{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}"="Compressed (zipped) Folder"

"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"

"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

"{b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af}"="Compressed (zipped) Folder Context Menu"

"{ed9d80b9-d157-457b-9192-0e7280313bf0}"="Compressed (zipped) Folder Drop Handler"

"{911051fa-c21c-4246-b470-070cd8df6dc4}"=".cab or .zip files"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"

"{da67b8ad-e81b-4c70-9b91b417b5e33527}"="Windows Search Shell Service"

"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell.DfsShell Property Sheet"

"{a38b883c-1682-497e-97b0-0a3a9e801682}"="IPropertyStore Handler for Images"

"{C7657C4A-9F68-40fa-A4DF-96BC08EB3551}"="Photo Thumbnail Provider"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Photo Thumbnail Extractor"

"{BC65FB43-1958-4349-971A-210290480130}"="Network Explorer Property Sheet Handler"

"{d3e34b21-9d75-101a-8c3d-00aa001a1652}"="Bitmap Image"

"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"

"{E598560B-28D5-46aa-A14A-8A3BEA34B576}"="Windows Photo Gallery Viewer Video Verbs"

"{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3}"="Microsoft.ScannersAndCameras"

"{0a4286ea-e355-44fb-8086-af3df7645bd9}"="Windows Media Player"

"{BB6B2374-3D79-41DB-87F4-896C91846510}"="EMDFileProperties"

"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"

"{E95A4861-D57A-4be1-AD0F-35267E261739}"=""

"{89D83576-6BD1-4c86-9454-BEB04E94C819}"="MAPI Search Namespace Extension"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"

"{7A0F6AB7-ED84-46B6-B47E-02AA159A152B}"="Sync Center Simple Conflict Presenter"

"{9D687A4C-1404-41ef-A089-883B6FBECDE6}"="Windows Photo Gallery Viewer Autoplay Handler"

"{BE122A0E-4503-11DA-8BDE-F66BAD1E3F3A}"=""

"{60fd46de-f830-4894-a628-6fa81bc0190d}"="DropTarget Object for Photo Printing Wizard"

"{37efd44d-ef8d-41b1-940d-96973a50e9e0}"="Windows Sidebar Properties"

"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"

"{00f20eb5-8fd6-4d9d-b75e-36801766c8f1}"="PhotoAcqDropTarget"

"{BC48B32F-5910-47F5-8570-5074A8A5636A}"="Sync Results Delegate Folder"

"{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}"="Games Folder"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{4E77131D-3629-431c-9818-C5679DC83E81}"="Offline Files Icon Overlay Handler"

"{E413D040-6788-4C22-957E-175D1C513A34}"="Sync Center Conflict Delegate Folder"

"{67718415-c450-4f3c-bf8a-b487642dc39b}"="Windows Features"

"{335a31dd-f04b-4d76-a925-d6b47cf360df}"=""

"{91ADC906-6722-4B05-A12B-471ADDCCE132}"="Touch Band"

"{7D4734E6-047E-41e2-AEAA-E763B4739DC4}"="Windows Media Player Play as Playlist Context Menu Handler"

"{2781761E-28E0-4109-99FE-B9D127C57AFE}"="Windows Defender IOfficeAntiVirus implementation"

"{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"="Windows Photo Gallery Viewer Image Verbs"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Play as Playlist Context Menu Handler"

"{4B534112-3AF6-4697-A77C-D62CE9B9E7CF}"="Sync Center Event Properties Extension"

"{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C}"="Sync Setup Delegate Folder"

"{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}"="Offline Files Context Menu"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"

"{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A}"="GameUX.RichGameMediaThumbnail"

"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"

"{7EFA68C6-086B-43e1-A2D2-55A113531240}"="Offline Files Property Sheet Extension"

"{d8559eb9-20c0-410e-beda-7ed416aecc2a}"="Windows Defender"

"{576C9E85-1300-4EF5-BF6B-D00509F4EDCD}"="Sync Center Handler Properties Extension"

"{5ea4f148-308c-46d7-98a9-49041b1dd468}"="Mobility Center Control Panel"

"{289978AC-A101-4341-A817-21EBA7FD046D}"="Sync Center Conflict Folder"

"{877ca5ac-cb41-4842-9c69-9136e42d47e2}"="File Backup Index"

"{71D99464-3B6B-475C-B241-E15883207529}"="Sync Results Folder"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

"{B32D3949-ED98-4DBB-B347-17A144969BBA}"="Sync Center Item Properties Extension"

"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{2E9E59C0-B437-4981-A647-9C34B9B90891}"="Sync Setup Folder"

"{58E3C745-D971-4081-9034-86E34B30836A}"=""

"{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}"="Sync Center Folder"

"{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1}"="Welcome Center"

"{78F3955E-3B90-4184-BD14-5397C15F1EFC}"=""

"{F04CC277-03A2-4277-96A9-77967471BDFF}"="Sync Center Conflict Properties Extension"

"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"

"{53BEDF0B-4E5B-4183-8DC9-B844344FA104}"="Microsoft Windows MAPI Preview Handler"

"{6b9228da-9c15-419e-856c-19e768a13bdc}"="Windows gadget DropTarget"

"{8E25992B-373E-486E-80E5-BD23AE417E66}"="Sync Center Device Notification Sink"

"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"

"{031EE060-67BC-460d-8847-E4A7C5E45A27}"="Windows Media Player Rich Preview Handler"

"{1FA9085F-25A2-489B-85D4-86326EEDCD87}"="Manage Wireless Networks"

"{7dda204b-2097-47c9-8323-c40bb840ae44}"="XPS document"

"{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60}"="RichGameMediaPropertyStore Class"

"{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}"="Client Side Cache Namespace Extension"

"{8A734961-C4AA-4741-AC1E-791ACEBF5B39}"="Windows Media Player Shop Music Context Menu Handler"

"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"

"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"

"{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel"

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"

"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"

"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"

"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"

"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

"{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}"="Logitech Setpoint Extension"

"{B9B9F083-2B04-452A-8691-83694AC1037B}"="Logitech Setpoint Extension"

"{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"

"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"="PowerISO"

Link to post
Share on other sites

Hi,

Download RegSearch by Bobbi Flekman to your desktop. Extract the zip file.

Once it is extracted to your desktop, doubleclick the icon to run it.

In the top box, paste the information in the quote box below:

2559A1F4-21D7-11D4-BDAF-00C04F60B9F0

Under "Search", make sure all boxes are ticked.

Click OK.

The results are also saved to a file named RegSearch.txt in the same location as the program.

Paste those results into your next post.

:)

Edited by sarahw
Link to post
Share on other sites

Nice quick reply :thumbsup: cheers!

Here is the results you asked for

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005

; Version: 2.0.5.0

; Results at 4/01/2008 5:11:48 PM for strings:

; '2559a1f4-21d7-11d4-bdaf-00c04f60b9f0'

; Strings excluded from search:

; (None)

; Search in:

; Registry Keys Registry Values Registry Data

; HKEY_LOCAL_MACHINE HKEY_USERS

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\InProcServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance\InitPropertyBag]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\IconHandler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\IconHandler]

@="{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\MayChangeDefaultMenu]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]

; Contents of value:

; Ãœâ€wÌ Ç

"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\

00,00,00,00,00,00,00,dc,94,07,77,cc,a0,c7,01

; Contents of value:

; œWwÌ Ç

"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214FA-0000-0000-C000-000000000046} 0x401"=hex:01,\

00,00,00,00,00,00,00,9c,57,0c,77,cc,a0,c7,01

; Contents of value:

; àó‹YªÇ

"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E4-0000-0000-C000-000000000046} 0x401"=hex:01,\

00,00,00,00,00,00,00,e0,f3,8b,59,0f,aa,c7,01

; End Of The Log...

Link to post
Share on other sites

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Link to post
Share on other sites

Hi,

I have had a few people look at your thread and we think it would be better to reinstall Internet Explorer.

All the problems are most likely linked, most likely your infections have screwed something up.

Link to post
Share on other sites

Hi, im just having problems uninstalling IE 7, i have done this before with IE 6 and Windows XP but alot of Vista is still new to me, i think probably its best if you step me through this so i do it properly and dont stuff something else up :rolleyes: I used Firefox for a while but i really just prefer IE.

Also i found out why when i open IE the first time and typed an address in the bar it opened a new Internet Explorer page, it was something to do with opening a page in different security zone which IE automaticaly opens in a new window. Any idea how to turn that off? or maybe it is best just left like that?

thanks

Look forward to hearing from you

Link to post
Share on other sites
Guest
This topic is now closed to further replies.