A message that says can’t find c://WINDOWS\system32.exe problem after scan everytime i boot up my pc. This came out after I scanned the pc and avast removed a lot of viruses. How can i fix this? Thnx avast guys!
Easy enough - all I need to do is locate the associated registry entry for you
[*]Download OTL to your desktop.
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]When the window appears, underneath Output at the top change it to Minimal Output.
[*]Check the boxes beside LOP Check and Purity Check.
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
[*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Thank you so much sir!.. By the way, why is my avast
does not appear in my taskbar?.. and I have to click desktop icon twice to open?.. the first click will give me the splash screen but it will not run. I have to click the desktop icon of avast again for it to run?
OTL logfile created on: 8/13/2009 8:09:24 PM - Run 1
OTL by OldTimer - Version 3.0.10.6 Folder = F:
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.05 Mb Total Physical Memory | 136.91 Mb Available Physical Memory | 27.27% Memory free
1.20 Gb Paging File | 0.83 Gb Available in Paging File | 69.15% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 4.81 Gb Free Space | 16.42% Space Free | Partition Type: NTFS
Drive D: | 26.59 Gb Total Space | 21.27 Gb Free Space | 79.99% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 963.72 Mb Total Space | 220.55 Mb Free Space | 22.88% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: END-B7483B79B7E
Current User Name: End User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\windows\System32\PSIService.exe ()
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\windows\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\vsnp2std.exe (Sonix)
PRC - C:\windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\windows\AGRSMMSG.exe (Agere Systems)
PRC - C:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\windows\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (Yahoo! Inc.)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (Yahoo! Inc.)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (Yahoo! Inc.)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (Yahoo! Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\windows\System32\uWDF.exe (Microsoft Corporation)
PRC - F:\gphone.exe ()
PRC - F:\New Folder.exe ()
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
========== Win32 Services (SafeList) ==========
SRV - (aspnet_state [On_Demand | Stopped]) – C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (ATMsrvc [Disabled | Stopped]) – C:\windows\System32\ATMsrvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus [Auto | Running]) – C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Block Level Filtering Service [Disabled | Stopped]) – File not found
SRV - (btwdins [Auto | Running]) – C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) – C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EvtEng [Auto | Running]) – C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (helpsvc [Auto | Running]) – C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) – C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) – C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) – C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) – C:\windows\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (odserv [On_Demand | Stopped]) – C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) – C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) – C:\windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (ProtexisLicensing [Auto | Running]) – C:\windows\System32\PSIService.exe ()
SRV - (RegSrvc [Auto | Running]) – C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (RFCyberOne [Auto | Stopped]) – C:\Program Files\RFCyber\bin\rfcreader.exe (RFCyber Corp.)
SRV - (S24EventMonitor [Auto | Running]) – C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (ServiceLayer [On_Demand | Stopped]) – C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (Nokia.)
SRV - (UMWdf [Auto | Running]) – C:\windows\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (UxTuneUp [Auto | Stopped]) – C:\windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (YahooAUService [Auto | Running]) – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Driver Services (SafeList) ==========
DRV - (Aavmker4 [System | Running]) – C:\windows\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AegisP [Auto | Running]) – C:\windows\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AFS2K [System | Running]) – C:\windows\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (AgereSoftModem [On_Demand | Stopped]) – C:\windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aswFsBlk [Auto | Running]) – C:\windows\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) – C:\windows\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) – C:\windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) – C:\windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) – C:\windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (btaudio [On_Demand | Running]) – C:\windows\System32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver [On_Demand | Stopped]) – C:\windows\System32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL [On_Demand | Running]) – C:\windows\System32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWDNDIS [On_Demand | Stopped]) – C:\windows\System32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid [On_Demand | Stopped]) – C:\windows\System32\DRIVERS\btwhid.sys (Broadcom Corporation.)
DRV - (CPEb [System | Running]) – C:\windows\System32\drivers\CPEb.sys (Compal)
DRV - (EMSCR [On_Demand | Running]) – C:\windows\System32\DRIVERS\EMS7SK.sys (ENE Technology Inc.)
DRV - (ESDCR [On_Demand | Running]) – C:\windows\System32\DRIVERS\ESD7SK.sys (ENE Technology Inc.)
DRV - (HDAudBus [On_Demand | Running]) – C:\windows\System32\DRIVERS\HDAudBus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) – C:\windows\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) – C:\windows\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) – C:\windows\System32\DRIVERS\HPZius12.sys (HP)
DRV - (hwdatacard [On_Demand | Stopped]) – C:\windows\System32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ialm [On_Demand | Running]) – C:\windows\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Stopped]) – C:\windows\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Ktp [On_Demand | Running]) – C:\windows\System32\DRIVERS\Ktp.sys (ELANTECH Devices Corp.)
DRV - (Nokia USB Generic [On_Demand | Stopped]) – C:\windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (Nokia USB Modem [On_Demand | Stopped]) – C:\windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Phone Parent [On_Demand | Stopped]) – C:\windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port [On_Demand | Stopped]) – C:\windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (Ptilink [On_Demand | Running]) – C:\windows\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) – C:\windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTLE8023xp [On_Demand | Running]) – C:\windows\System32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (s24trans [Auto | Running]) – C:\windows\System32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (Secdrv [Auto | Running]) – C:\windows\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SNP2STD [On_Demand | Running]) – C:\windows\System32\DRIVERS\snp2sxp.sys ()
DRV - (w39n51 [On_Demand | Running]) – C:\windows\System32\DRIVERS\w39n51.sys (Intel® Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rnd009.googlepages.com/google.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rnd009.googlepages.com/google.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://rnd009.googlepages.com/google.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rnd009.googlepages.com/google.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rnd009.googlepages.com/google.html
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
========== FireFox ==========
FF - prefs.js…browser.search.defaultenginename: “Yahoo”
FF - prefs.js…browser.search.defaulturl: “http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=”
FF - prefs.js…browser.search.param.yahoo-fr: “moz2-ytff-msgr”
FF - prefs.js…browser.search.param.yahoo-fr-cjkt: “moz2-ytff-msgr”
FF - prefs.js…browser.search.selectedEngine: “Yahoo”
FF - prefs.js…browser.startup.homepage: “http://www.yahoo.com/”
FF - prefs.js…extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:2.02
FF - prefs.js…extensions.enabledItems: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}:6.0
FF - prefs.js…extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.0
FF - prefs.js…extensions.enabledItems: searchme@searchme.com:1.7
FF - prefs.js…extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js…extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js…extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\Components: C:\Program Files\Mozilla Firefox\components [2009/07/31 08:56:22 | 00,000,000 | —D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/02 20:47:10 | 00,000,000 | —D | M]
[2008/09/19 09:53:09 | 00,000,000 | —D | M] – C:\Documents and Settings\End User\Application Data\mozilla\Extensions
[2008/09/19 09:53:09 | 00,000,000 | —D | M] – C:\Documents and Settings\End User\Application Data\mozilla\Extensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/09 12:40:38 | 00,000,000 | —D | M] – C:\Documents and Settings\End User\Application Data\mozilla\Firefox\Profiles\g01klyzj.default\extensions
[2009/05/23 12:37:40 | 00,000,000 | —D | M] – C:\Documents and Settings\End User\Application Data\mozilla\Firefox\Profiles\g01klyzj.default\extensions{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/05/23 12:37:44 | 00,000,000 | —D | M] – C:\Documents and Settings\End User\Application Data\mozilla\Firefox\Profiles\g01klyzj.default\extensions{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/20 17:13:27 | 00,000,000 | —D | M] – C:\Documents and Settings\End User\Application Data\mozilla\Firefox\Profiles\g01klyzj.default\extensions{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009/08/09 11:46:34 | 00,000,000 | —D | M] – C:\Program Files\mozilla firefox\extensions
[2009/07/31 08:59:14 | 00,000,000 | —D | M] – C:\Program Files\mozilla firefox\extensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/08 21:35:59 | 00,000,000 | —D | M] – C:\Program Files\mozilla firefox\extensions{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2009/07/31 08:59:14 | 00,000,000 | —D | M] – C:\Program Files\mozilla firefox\extensions\searchme@searchme.com
[2009/06/07 09:56:15 | 00,023,032 | ---- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/07 09:56:16 | 00,134,648 | ---- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2003/02/11 06:02:56 | 00,032,768 | ---- | M] (Macromedia, Inc.) – C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2002/02/21 09:19:06 | 00,049,245 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) – C:\Program Files\mozilla firefox\plugins\NPJava11.dll
[2002/02/21 09:19:06 | 00,053,341 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) – C:\Program Files\mozilla firefox\plugins\NPJava12.dll
[2002/02/21 09:19:06 | 00,053,338 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) – C:\Program Files\mozilla firefox\plugins\NPJava131_03.dll
[2002/02/21 09:19:06 | 00,049,245 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) – C:\Program Files\mozilla firefox\plugins\NPJava32.dll
[2009/06/07 09:56:28 | 00,065,528 | ---- | M] (mozilla.org) – C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) – C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2002/02/21 09:19:06 | 00,045,150 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) – C:\Program Files\mozilla firefox\plugins\NPOJI600.dll
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) – C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) – C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) – C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) – C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) – C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) – C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) – C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) – C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) – C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) – C:\Program Files\mozilla firefox\plugins\npqtplugin9.dll
[2008/03/24 20:21:00 | 02,889,088 | ---- | M] () – C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2007/03/10 07:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) – C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2009/06/07 09:56:31 | 00,001,394 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/07 09:56:31 | 00,002,193 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/07 09:56:32 | 00,001,534 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/07 09:56:32 | 00,002,343 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/07 09:56:32 | 00,001,706 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/13 17:39:56 | 00,002,494 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\searchme.xml
[2009/06/07 09:56:32 | 00,001,178 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/07 09:56:32 | 00,000,792 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (734 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKCU…\Run: [Yahoo Messengger] C:\windows\System32\gphone.exe ()
O4 - Startup: C:\Documents and Settings\End User\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Download All Links with IDM - E:\IDM_5_11_5_REA\IEGetAll.htm File not found
O8 - Extra context menu item: Download FLV video content with IDM - E:\IDM_5_11_5_REA\IEGetVL.htm File not found
O8 - Extra context menu item: Download with IDM - E:\IDM_5_11_5_REA\IEExt.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra ‘Tools’ menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra ‘Tools’ menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 - C:\windows\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Download All Links with IDM - E:\IDM_5_11_5_REA\IEGetAll.htm File not found
O8 - Extra context menu item: Download FLV video content with IDM - E:\IDM_5_11_5_REA\IEGetVL.htm File not found
O8 - Extra context menu item: Download with IDM - E:\IDM_5_11_5_REA\IEExt.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra ‘Tools’ menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra ‘Tools’ menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 - C:\windows\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/jinstall-131_03-win.cab (Java Plug-in 1.3.1_03)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (gphone.exe) - C:\windows\System32\gphone.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:
O32 - AutoRun File - [2009/08/13 19:59:32 | 00,000,096 | RHS- | M] () - F:\autorun.inf – [ FAT ]
O33 - MountPoints2{0c119736-860f-11dd-92ac-0016d4db201c}\Shell\AutoRun\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{0c119736-860f-11dd-92ac-0016d4db201c}\Shell\Explore\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{0c119736-860f-11dd-92ac-0016d4db201c}\Shell\Open\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{0c11973a-860f-11dd-92ac-0016d4db201c}\Shell - “” = AutoRun
O33 - MountPoints2{0c11973a-860f-11dd-92ac-0016d4db201c}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{0c11973a-860f-11dd-92ac-0016d4db201c}\Shell\AutoRun\command - “” = F:\LaunchU3.exe – File not found
O33 - MountPoints2{12aec0c2-bea1-11dd-947e-0016d4db201c}\Shell\AutoRun\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{12aec0c2-bea1-11dd-947e-0016d4db201c}\Shell\Explore\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{12aec0c2-bea1-11dd-947e-0016d4db201c}\Shell\Open\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{1f166964-3ebb-11de-a3c1-0016d4db201c}\Shell - “” = AutoRun
O33 - MountPoints2{1f166964-3ebb-11de-a3c1-0016d4db201c}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{1f166964-3ebb-11de-a3c1-0016d4db201c}\Shell\AutoRun\command - “” = F:\EMP_UDSe.exe – File not found
O33 - MountPoints2{3a78f16c-308e-11de-a356-0016d4db201c}\Shell\AutoRun\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{3a78f16c-308e-11de-a356-0016d4db201c}\Shell\Explore\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{3a78f16c-308e-11de-a356-0016d4db201c}\Shell\Open\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{44d645c1-e141-11dd-953c-0016d4db201c}\Shell\AutoRun\command - “” = F:\gvsqikes.cmd – File not found
O33 - MountPoints2{44d645c1-e141-11dd-953c-0016d4db201c}\Shell\explore\Command - “” = F:\gvsqikes.cmd – File not found
O33 - MountPoints2{44d645c1-e141-11dd-953c-0016d4db201c}\Shell\open\Command - “” = F:\gvsqikes.cmd – File not found
O33 - MountPoints2{47318857-ffd3-11dd-95ea-0016d4db201c}\Shell\AutoRun\command - “” = 2u.com
O33 - MountPoints2{47318857-ffd3-11dd-95ea-0016d4db201c}\Shell\explore\Command - “” = 2u.com
O33 - MountPoints2{47318857-ffd3-11dd-95ea-0016d4db201c}\Shell\open\Command - “” = 2u.com
O33 - MountPoints2{5436272e-c0cc-11dc-8f32-0016d4db201c}\Shell\AutoRun\command - “” = 3j2h0tf.bat
O33 - MountPoints2{5436272e-c0cc-11dc-8f32-0016d4db201c}\Shell\open\Command - “” = 3j2h0tf.bat
O33 - MountPoints2{580711d8-6625-11de-a4ad-0016d4db201c}\Shell - “” = AutoRun
O33 - MountPoints2{580711d8-6625-11de-a4ad-0016d4db201c}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{590e3b4f-5191-11de-a42e-0016d4db201c}\Shell - “” = AutoRun
O33 - MountPoints2{590e3b4f-5191-11de-a42e-0016d4db201c}\Shell\1\Command - “” = Recycle.exe
O33 - MountPoints2{590e3b4f-5191-11de-a42e-0016d4db201c}\Shell\2\Command - “” = Recycle.exe
O33 - MountPoints2{590e3b4f-5191-11de-a42e-0016d4db201c}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{5c5eee65-bf4e-11dd-9481-0016d4db201c}\Shell\AutoRun\command - “” = password_viewer.exe %1
O33 - MountPoints2{5c5eee65-bf4e-11dd-9481-0016d4db201c}\Shell\Explore\command - “” = password_viewer.exe %1
O33 - MountPoints2{5c5eee65-bf4e-11dd-9481-0016d4db201c}\Shell\Open\command - “” = password_viewer.exe %1
O33 - MountPoints2{6db980ca-a496-11dd-936f-0016d4db201c}\Shell\AutoRun\command - “” = F:\password_viewer.exe – File not found
O33 - MountPoints2{6db980ca-a496-11dd-936f-0016d4db201c}\Shell\Explore\command - “” = F:\password_viewer.exe – File not found
O33 - MountPoints2{6db980ca-a496-11dd-936f-0016d4db201c}\Shell\Open\command - “” = F:\password_viewer.exe – File not found
O33 - MountPoints2{7957dc9e-312f-11de-a360-0016d4db201c}\Shell\AutoRun\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{7957dc9e-312f-11de-a360-0016d4db201c}\Shell\Explore\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{7957dc9e-312f-11de-a360-0016d4db201c}\Shell\Open\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{7957dca2-312f-11de-a360-0016d4db201c}\Shell\AutoRun\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{7957dca2-312f-11de-a360-0016d4db201c}\Shell\Explore\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{7957dca2-312f-11de-a360-0016d4db201c}\Shell\Open\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{7c64cc78-ee6b-11dd-957e-0016d4db201c}\Shell - “” = AutoRun
O33 - MountPoints2{7c64cc78-ee6b-11dd-957e-0016d4db201c}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{7c64cc78-ee6b-11dd-957e-0016d4db201c}\Shell\AutoRun\command - “” = F:\LaunchU3.exe – File not found
O33 - MountPoints2{7c64cc79-ee6b-11dd-957e-0016d4db201c}\Shell - “” = AutoRun
O33 - MountPoints2{7c64cc79-ee6b-11dd-957e-0016d4db201c}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{7c64cc79-ee6b-11dd-957e-0016d4db201c}\Shell\Explore\command - “” = G:\MS-DOS.com – File not found
O33 - MountPoints2{7c64cc79-ee6b-11dd-957e-0016d4db201c}\Shell\Open\command - “” = G:\MS-DOS.com – File not found
O33 - MountPoints2{7cac4701-5be8-11de-a471-0016d4db201c}\Shell\AutoRun\command - “” = G:\PMB_P.exe – File not found
O33 - MountPoints2{82160f7b-6a02-11de-a4c6-0016d4db201c}\Shell\AutoRun\command - “” = F:\hl80c6b1.com – File not found
O33 - MountPoints2{82160f7b-6a02-11de-a4c6-0016d4db201c}\Shell\open\Command - “” = F:\hl80c6b1.com – File not found
O33 - MountPoints2{87da821a-997e-11dd-9325-0016d4db201c}\Shell - “” = AutoRun
O33 - MountPoints2{87da821a-997e-11dd-9325-0016d4db201c}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{87da821a-997e-11dd-9325-0016d4db201c}\Shell\Explore\command - “” = F:\MS-DOS.com – File not found
O33 - MountPoints2{87da821a-997e-11dd-9325-0016d4db201c}\Shell\Open\command - “” = F:\MS-DOS.com – File not found
O33 - MountPoints2{8a3021b5-3078-11de-a354-0016d4db201c}\Shell\AutoRun\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{8a3021b5-3078-11de-a354-0016d4db201c}\Shell\Explore\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{8a3021b5-3078-11de-a354-0016d4db201c}\Shell\Open\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{8a3021b6-3078-11de-a354-0016d4db201c}\Shell\AutoRun\command - “” = wscript.exe auto.vbs
O33 - MountPoints2{8a3021b6-3078-11de-a354-0016d4db201c}\Shell\Open\Command - “” = wscript.exe auto.vbs
O33 - MountPoints2{8a3021b9-3078-11de-a354-0016d4db201c}\Shell - “” = AutoRun
O33 - MountPoints2{8a3021b9-3078-11de-a354-0016d4db201c}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{8a3021b9-3078-11de-a354-0016d4db201c}\Shell\AutoRun\command - “” = F:\LaunchU3.exe – File not found
O33 - MountPoints2{8ac2480c-8085-11de-a557-0016d4db201c}\Shell - “” = AutoRun
O33 - MountPoints2{8ac2480c-8085-11de-a557-0016d4db201c}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{8ac2480c-8085-11de-a557-0016d4db201c}\Shell\AutoRun\command - “” = F:\AutoRun.exe – File not found
O33 - MountPoints2{8ac2480f-8085-11de-a557-0016d4db201c}\Shell - “” = AutoRun
O33 - MountPoints2{8ac2480f-8085-11de-a557-0016d4db201c}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{8ac2480f-8085-11de-a557-0016d4db201c}\Shell\AutoRun\command - “” = F:\AutoRun.exe – File not found
O33 - MountPoints2{8b291a2e-92a5-11dd-930a-0016d4db201c}\Shell - “” = AutoRun
O33 - MountPoints2{8b291a2e-92a5-11dd-930a-0016d4db201c}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{8b291a2e-92a5-11dd-930a-0016d4db201c}\Shell\Explore\command - “” = F:\MS-DOS.com – File not found
O33 - MountPoints2{8b291a2e-92a5-11dd-930a-0016d4db201c}\Shell\Open\command - “” = F:\MS-DOS.com – File not found
O33 - MountPoints2{8b291a2f-92a5-11dd-930a-0016d4db201c}\Shell\AutoRun\command - “” = f.bat
O33 - MountPoints2{8b291a2f-92a5-11dd-930a-0016d4db201c}\Shell\explore\Command - “” = f.bat
O33 - MountPoints2{8b291a2f-92a5-11dd-930a-0016d4db201c}\Shell\open\Command - “” = f.bat
O33 - MountPoints2{8d0e0715-5163-11de-a42d-0016d4db201c}\Shell\AutoRun\command - “” = wscript.exe auto.vbs
O33 - MountPoints2{8d0e0715-5163-11de-a42d-0016d4db201c}\Shell\Open\Command - “” = wscript.exe auto.vbs
O33 - MountPoints2{90b09116-12cc-11de-a286-0016d4db201c}\Shell\AutoRun\command - “” = F:\gvsqikes.cmd – File not found
O33 - MountPoints2{90b09116-12cc-11de-a286-0016d4db201c}\Shell\explore\Command - “” = F:\gvsqikes.cmd – File not found
O33 - MountPoints2{90b09116-12cc-11de-a286-0016d4db201c}\Shell\open\Command - “” = F:\gvsqikes.cmd – File not found
O33 - MountPoints2{93a30c0c-9a73-11dc-8e4d-0016d4db201c}\Shell\AutoRun\command - “” = F:\32agsg.exe – File not found
O33 - MountPoints2{93a30c0c-9a73-11dc-8e4d-0016d4db201c}\Shell\open\Command - “” = F:\32agsg.exe – File not found
O33 - MountPoints2{971b0af6-0fbc-11de-a274-0016d4db201c}\Shell\AutoRun\command - “” = G:.exe – File not found
O33 - MountPoints2{974c31b4-1cc1-11de-a2d9-0016d4db201c}\Shell\AutoRun\command - “” = F:\2u.com – File not found
O33 - MountPoints2{974c31b4-1cc1-11de-a2d9-0016d4db201c}\Shell\explore\Command - “” = F:\2u.com – File not found
O33 - MountPoints2{974c31b4-1cc1-11de-a2d9-0016d4db201c}\Shell\open\Command - “” = F:\2u.com – File not found
O33 - MountPoints2{99f9354e-bdc4-11dd-93f3-0016d4db201c}\Shell\AutoRun\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{99f9354e-bdc4-11dd-93f3-0016d4db201c}\Shell\Explore\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{99f9354e-bdc4-11dd-93f3-0016d4db201c}\Shell\Open\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{9e43fe16-3064-11de-a352-0016d4db201c}\Shell\AutoRun\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{9e43fe16-3064-11de-a352-0016d4db201c}\Shell\Explore\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{9e43fe16-3064-11de-a352-0016d4db201c}\Shell\Open\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{9e43fe1b-3064-11de-a352-0016d4db201c}\Shell\AutoRun\command - “” = F:\br8ym2l.bat – File not found
O33 - MountPoints2{9e43fe1b-3064-11de-a352-0016d4db201c}\Shell\open\Command - “” = F:\br8ym2l.bat – File not found
O33 - MountPoints2{9e43fe1f-3064-11de-a352-0016d4db201c}\Shell\AutoRun\command - “” = bar311.exe %1
O33 - MountPoints2{9e43fe1f-3064-11de-a352-0016d4db201c}\Shell\Explore\command - “” = bar311.exe %1
O33 - MountPoints2{9e43fe1f-3064-11de-a352-0016d4db201c}\Shell\Open\command - “” = bar311.exe %1
O33 - MountPoints2{aa44b6a2-4e5c-11de-a412-0016d4db201c}\Shell\AutoRun\command - “” = F:\hl80c6b1.com – File not found
O33 - MountPoints2{aa44b6a2-4e5c-11de-a412-0016d4db201c}\Shell\open\Command - “” = F:\hl80c6b1.com – File not found
O33 - MountPoints2{ab505c6c-ac5a-11dd-939d-0016d4db201c}\Shell\AutoRun\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{ab505c6c-ac5a-11dd-939d-0016d4db201c}\Shell\Explore\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{ab505c6c-ac5a-11dd-939d-0016d4db201c}\Shell\Open\command - “” = F:\bar311.exe – File not found
O33 - MountPoints2{b3f04944-2308-11dd-90ed-0016d4db201c}\Shell\AutoRun\command - “” = F:\bicsxk03.com – File not found
O33 - MountPoints2{b3f04944-2308-11dd-90ed-0016d4db201c}\Shell\explore\Command - “” = F:\bicsxk03.com – File not found
O33 - MountPoints2{b3f04944-2308-11dd-90ed-0016d4db201c}\Shell\open\Command - “” = F:\bicsxk03.com – File not found
O33 - MountPoints2{bcd655ce-8b97-11dd-92d9-0016d4db201c}\Shell\AutoRun\command - “” = F:.exe – File not found
O33 - MountPoints2{c3801446-c1ed-11dd-9490-0016d4db201c}\Shell\AutoRun\command - “” = F:\password_viewer.exe – File not found
O33 - MountPoints2{c3801446-c1ed-11dd-9490-0016d4db201c}\Shell\Explore\command - “” = F:\password_viewer.exe – File not found
O33 - MountPoints2{c3801446-c1ed-11dd-9490-0016d4db201c}\Shell\Open\command - “” = F:\password_viewer.exe – File not found
O33 - MountPoints2{cb2b7f94-009b-11de-95ed-0016d4db201c}\Shell - “” = AutoRun
O33 - MountPoints2{cb2b7f94-009b-11de-95ed-0016d4db201c}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{cb2b7f94-009b-11de-95ed-0016d4db201c}\Shell\Explore\command - “” = F:\MS-DOS.com – File not found
O33 - MountPoints2{cb2b7f94-009b-11de-95ed-0016d4db201c}\Shell\Open\command - “” = F:\MS-DOS.com – File not found
O33 - MountPoints2{cb2b7f96-009b-11de-95ed-0016d4db201c}\Shell\AutoRun\command - “” = F:\f6cavn.bat – File not found
O33 - MountPoints2{cb2b7f96-009b-11de-95ed-0016d4db201c}\Shell\explore\Command - “” = F:\f6cavn.bat – File not found
O33 - MountPoints2{cb2b7f96-009b-11de-95ed-0016d4db201c}\Shell\open\Command - “” = F:\f6cavn.bat – File not found
O33 - MountPoints2{cb2b7f98-009b-11de-95ed-0016d4db201c}\Shell - “” = AutoRun
O33 - MountPoints2{cb2b7f98-009b-11de-95ed-0016d4db201c}\Shell\1\Command - “” = F:\Recycled.exe – File not found
O33 - MountPoints2{cb2b7f98-009b-11de-95ed-0016d4db201c}\Shell\2\Command - “” = F:\Recycled.exe – File not found
O33 - MountPoints2{cb2b7f98-009b-11de-95ed-0016d4db201c}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{cb2b7f99-009b-11de-95ed-0016d4db201c}\Shell - “” = AutoRun
O33 - MountPoints2{cb2b7f99-009b-11de-95ed-0016d4db201c}\Shell\1\Command - “” = G:\Recycled.exe – File not found
O33 - MountPoints2{cb2b7f99-009b-11de-95ed-0016d4db201c}\Shell\2\Command - “” = G:\Recycled.exe – File not found
O33 - MountPoints2{cb2b7f99-009b-11de-95ed-0016d4db201c}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{cb2b7f9a-009b-11de-95ed-0016d4db201c}\Shell\AutoRun\command - “” = bar311.exe %1
O33 - MountPoints2{cb2b7f9a-009b-11de-95ed-0016d4db201c}\Shell\Explore\command - “” = bar311.exe %1
O33 - MountPoints2{cb2b7f9a-009b-11de-95ed-0016d4db201c}\Shell\Open\command - “” = bar311.exe %1
O33 - MountPoints2{e07a061a-2016-11de-a303-0016d4db201c}\Shell - “” = AutoRun
O33 - MountPoints2{e07a061a-2016-11de-a303-0016d4db201c}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{e07a061a-2016-11de-a303-0016d4db201c}\Shell\AutoRun\command - “” = F:\LaunchU3.exe – File not found
O33 - MountPoints2{e07a061b-2016-11de-a303-0016d4db201c}\Shell\AutoRun\command - “” = G:\g068vy6.cmd – File not found
O33 - MountPoints2{e07a061b-2016-11de-a303-0016d4db201c}\Shell\open\Command - “” = G:\g068vy6.cmd – File not found
O33 - MountPoints2{e4a5ae81-6c52-11de-a4d5-0016d4db201c}\Shell\AutoRun\command - “” = F:\ysep1.exe – File not found
O33 - MountPoints2{e4a5ae81-6c52-11de-a4d5-0016d4db201c}\Shell\open\Command - “” = F:\ysep1.exe – File not found
O33 - MountPoints2{e7146870-3a07-11de-a3a5-0016d4db201c}\Shell\AutoRun\command - “” = F:\ku.bat – File not found
O33 - MountPoints2{e7146870-3a07-11de-a3a5-0016d4db201c}\Shell\open\Command - “” = F:\ku.bat – File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2 C:\Documents and Settings\End User\My Documents*.tmp files]
[2009/08/13 19:59:31 | 00,000,346 | ---- | C] () – C:\windows\tasks\At1.job
[2009/08/13 19:59:31 | 00,000,096 | RHS- | C] () – C:\windows\System32\autorun.ini
[2009/08/13 19:59:30 | 00,267,264 | RHS- | C] () – C:\windows\System32\gphone.exe
[2009/08/13 19:59:30 | 00,267,264 | ---- | C] () – C:\windows\gphone.exe
[2009/08/11 20:21:16 | 00,025,741 | ---- | C] () – C:\Documents and Settings\End User\My Documents\Doc1.docx
[2009/08/11 16:51:50 | 00,018,987 | ---- | C] () – C:\Documents and Settings\End User\My Documents\spider mancharac tct.docx
[2009/08/11 12:21:31 | 00,014,570 | ---- | C] () – C:\Documents and Settings\End User\My Documents\Malakas at Maganda ni Chieney.docx
[2009/08/11 12:04:20 | 00,014,908 | ---- | C] () – C:\Documents and Settings\End User\My Documents\RESIBO.cdr
[2009/08/09 13:43:36 | 00,000,759 | ---- | C] () – C:\Documents and Settings\End User\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
[2009/08/09 13:41:44 | 00,022,703 | ---- | C] () – C:\Documents and Settings\End User\My Documents\First Periodical Examination for Science III.docx
[2009/08/08 21:35:59 | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) – C:\windows\System32\javaws.exe
[2009/08/08 21:35:59 | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) – C:\windows\System32\javaw.exe
[2009/08/08 21:35:59 | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) – C:\windows\System32\java.exe
[2009/08/08 21:35:59 | 00,069,632 | ---- | C] (Sun Microsystems, Inc.) – C:\windows\System32\javacpl.cpl
[2009/08/08 21:31:16 | 00,147,456 | ---- | C] () – C:\windows\System32\RFCyberCommNative.dll
[2009/08/08 21:31:10 | 00,000,000 | —D | C] – C:\RFCyber
[2009/08/08 21:31:10 | 00,000,000 | —D | C] – C:\Program Files\RFCyber
[2009/08/08 21:29:21 | 00,000,000 | —D | C] – C:\Documents and Settings\End User\My Documents\New Folder
[2009/08/08 19:36:38 | 00,001,709 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/08 19:36:36 | 00,023,152 | ---- | C] (ALWIL Software) – C:\windows\System32\drivers\aswRdr.sys
[2009/08/08 19:36:35 | 00,051,376 | ---- | C] (ALWIL Software) – C:\windows\System32\drivers\aswTdi.sys
[2009/08/08 19:36:34 | 00,026,944 | ---- | C] (ALWIL Software) – C:\windows\System32\drivers\aavmker4.sys
[2009/08/08 19:36:31 | 00,097,480 | ---- | C] (ALWIL Software) – C:\windows\System32\AvastSS.scr
[2009/08/08 19:36:30 | 00,020,560 | ---- | C] (ALWIL Software) – C:\windows\System32\drivers\aswFsBlk.sys
[2009/08/08 19:36:29 | 00,114,768 | ---- | C] (ALWIL Software) – C:\windows\System32\drivers\aswSP.sys
[2009/08/08 19:36:24 | 00,094,032 | ---- | C] (ALWIL Software) – C:\windows\System32\drivers\aswmon2.sys
[2009/08/08 19:36:24 | 00,093,296 | ---- | C] (ALWIL Software) – C:\windows\System32\drivers\aswmon.sys
[2009/08/08 19:35:40 | 01,256,296 | ---- | C] (ALWIL Software) – C:\windows\System32\aswBoot.exe
[2009/08/08 19:35:40 | 00,380,928 | ---- | C] () – C:\windows\System32\actskin4.ocx
[2009/08/08 19:35:36 | 00,000,000 | —D | C] – C:\Program Files\Alwil Software
[2009/08/08 19:35:06 | 00,000,000 | —D | C] – C:\Documents and Settings\End User\My Documents\Avast
[2009/08/08 11:42:56 | 16,940,787 | ---- | C] () – C:\Documents and Settings\End User\Desktop\GSIS_RFID_Installer.rar
[2009/08/08 11:33:24 | 00,029,360 | ---- | C] () – C:\windows_SETUPD_.EXE
[2009/08/08 11:33:24 | 00,000,000 | —D | C] – C:\Protector Plus
[2009/08/08 10:57:22 | 00,000,000 | —D | C] – C:\Documents and Settings\End User\Local Settings\Application Data\Downloaded Installations
[2009/08/07 19:43:53 | 00,000,000 | —D | C] – C:\Documents and Settings\End User\My Documents\remittance GSIS12345
[2009/08/07 18:40:32 | 00,000,000 | —D | C] – C:\Documents and Settings\End User\Local Settings\Application Data\Sophos
[2009/08/07 18:38:29 | 00,000,000 | —D | C] – C:\Program Files\Common Files\Cisco Systems
[2009/08/07 18:38:06 | 00,000,000 | —D | C] – C:\Program Files\Sophos
[2009/08/07 18:38:06 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Sophos
[2009/08/07 18:37:17 | 00,000,000 | —D | C] – C:\stdtsa
[2009/08/07 18:26:58 | 00,002,231 | ---- | C] () – C:\Documents and Settings\End User\My Documents\sohpos antivirus.rtf
[2009/08/05 19:19:14 | 00,000,000 | —D | C] – C:\Program Files\Kawasaki Superbike Challenge
[2009/08/04 19:19:35 | 00,024,576 | RH-- | C] (Microsoft Corporation) – C:\windows\wmplayer.exe
[2009/08/04 17:15:55 | 00,011,960 | ---- | C] () – C:\Documents and Settings\End User\My Documents\remove Hello Philippines.docx
[2009/08/04 07:33:22 | 00,000,766 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\Globe Broadband.lnk
[2009/08/04 07:32:40 | 00,621,056 | R— | C] (DiBcom SA) – C:\windows\System32\drivers\mod7700.sys
[2009/08/04 07:32:40 | 00,113,664 | R— | C] (Huawei Technologies Co., Ltd.) – C:\windows\System32\drivers\ewusbnet.sys
[2009/08/04 07:32:40 | 00,101,376 | R— | C] (Huawei Technologies Co., Ltd.) – C:\windows\System32\drivers\ewusbmdm.sys
[2009/08/04 07:32:40 | 00,024,448 | R— | C] (Huawei Tech. Co., Ltd.) – C:\windows\System32\drivers\ewdcsc.sys
[2009/08/04 07:31:47 | 00,000,000 | —D | C] – C:\Program Files\Globe Broadband
[2009/08/03 20:42:49 | 00,014,181 | ---- | C] () – C:\Documents and Settings\End User\My Documents\gladen declaim GIFTS.docx
[2009/08/02 20:47:13 | 00,001,729 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/08/02 16:41:52 | 00,191,103 | ---- | C] () – C:\Documents and Settings\End User\My Documents\Table skirting.docx
[2009/08/01 08:06:36 | 00,000,162 | -H-- | C] () – C:\Documents and Settings\End User\My Documents~$UC 18A.docx
[2009/08/01 08:06:35 | 00,015,322 | ---- | C] () – C:\Documents and Settings\End User\My Documents\EDUC 18A.docx
[2009/07/31 15:14:37 | 00,011,073 | ---- | C] () – C:\Documents and Settings\End User\My Documents\I’m a teacher.docx
[2009/07/25 22:37:35 | 00,107,515 | ---- | C] () – C:\Documents and Settings\End User\Desktop\Clea.pptx
[2009/07/25 14:06:14 | 00,021,962 | ---- | C] () – C:\Documents and Settings\End User\My Documents\clea.docx
[2009/07/23 19:09:09 | 00,049,298 | ---- | C] () – C:\Documents and Settings\End User\My Documents\PROYEKTO NI GLADEN.docx
[2009/07/21 12:01:09 | 00,000,000 | —D | C] – C:\Documents and Settings\End User\Local Settings\Application Data\Stardock
[2009/07/21 07:41:05 | 00,011,668 | ---- | C] () – C:\Documents and Settings\End User\My Documents\Matrix on Assembly.docx
[2009/07/21 07:31:41 | 00,012,605 | ---- | C] () – C:\Documents and Settings\End User\My Documents\Solid waste Management Schedule.docx
[2009/07/19 19:32:07 | 00,013,133 | ---- | C] () – C:\Documents and Settings\End User\My Documents\Speed & Comprehension.docx
[2009/07/17 19:40:59 | 00,012,471 | ---- | C] () – C:\Documents and Settings\End User\My Documents\Mai-mai navitas past brgy capts.docx
[2009/07/17 19:18:52 | 00,011,774 | ---- | C] () – C:\Documents and Settings\End User\My Documents\navitas NHS.docx
[2009/07/15 21:32:24 | 00,012,685 | ---- | C] () – C:\Documents and Settings\End User\My Documents\lynwen.docx
[2009/06/30 18:04:18 | 00,065,536 | ---- | C] () – C:\windows\System32\adistres.dll
[2008/11/23 12:17:15 | 00,000,074 | ---- | C] () – C:\windows\entpack.ini
[2008/10/12 17:27:34 | 00,000,097 | ---- | C] () – C:\windows\System32\PICSDK.ini
[2008/10/12 17:25:37 | 00,000,025 | ---- | C] () – C:\windows\CDET10.ini
[2008/09/13 20:31:08 | 00,086,304 | ---- | C] () – C:\windows\System32\rhvideo.dll
[2008/09/13 20:27:46 | 00,029,536 | ---- | C] () – C:\windows\dib.drv
Hi due to the size of this fix I will attach the commands in a text file, download this to your desktop then open the text file. Copy and paste the entire contents into OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the contents of the attached text file
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then post a new OTL2 log ( don’t check the boxes beside LOP Check or Purity this time )
Hi!
I have the similar problem as nailbite3 and here is mine OTL.txt and Extras.txt
Thank you for your help in advance.
Sorry for my English grammar
OTL.txt:
OTL logfile created on: 19.8.2011 8:05:24 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\darko i natasa\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy
1023,48 Mb Total Physical Memory | 313,06 Mb Available Physical Memory | 30,59% Memory free
2,40 Gb Paging File | 1,71 Gb Available in Paging File | 71,11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 35,09 Gb Free Space | 44,92% Space Free | Partition Type: NTFS
Drive D: | 154,76 Gb Total Space | 77,22 Gb Free Space | 49,90% Space Free | Partition Type: NTFS
Computer Name: DARKO | User Name: darko i natasa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\darko i natasa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
PRC - C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe (Pinnacle Systems GmbH.)
PRC - C:\WINDOWS\system32\UStorSrv.exe (OTi)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\defs\11081801\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11081801\aswRep.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\Maps Service API.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtWebKit4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtNetwork4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtGui4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtCore4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtDeclarative4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtScript4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtOpenGL4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtXml4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\phonon4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtSql4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QxtCore.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QxtWeb.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\qjson.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\ssoengine.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\OviShareLib.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\securestorage.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5b3d048d8c003d743ea5e72caf07773a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3736ba3ecac186f9c5d85f01bda2be98\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll ()
MOD - C:\Program Files\RALINK\Common\acAuth.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\zlib1.dll ()
MOD - C:\WINDOWS\system32\OPDSL.DLL ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
========== Win32 Services (SafeList) ==========
SRV - (sp_clamsrv) – File not found
SRV - (NMSAccess) – File not found
SRV - (MsaSvc) – File not found
SRV - (HidServ) – File not found
SRV - (avast! Antivirus) – C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (ServiceLayer) – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (vsmon) – C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) – C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (nosGetPlusHelper) getPlus(R) – C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (IJPLMSVC) – C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (FLEXnet Licensing Service) – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WDDMService) – C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) – C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (sp_rssrv) – C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (RalinkRegistryWriter) – C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
SRV - (CCALib8) – C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (UStorage Server Service) – C:\WINDOWS\System32\UStorSrv.exe (OTi)
========== Driver Services (SafeList) ==========
DRV - (aswSnx) – C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) – C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) – C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) – C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) – C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) – C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) – C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (UsbserFilt) – C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) – C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) – C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) – C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) – C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) – C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (ISWKL) – C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (vsdatant) – C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (s1018mdm) – C:\WINDOWS\system32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) – C:\WINDOWS\system32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) – C:\WINDOWS\system32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) – C:\WINDOWS\system32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) – C:\WINDOWS\system32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) – C:\WINDOWS\system32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) – C:\WINDOWS\system32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (WDC_SAM) – C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (RT61) – C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology, Corp.)
DRV - (s0017mdm) – C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) – C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) – C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) – C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) – C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) – C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) – C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (pccsmcfd) – C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) – C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) – C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) – C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) – C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) – C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) – C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) – C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (sp_rsdrv2) – C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ()
DRV - (seehcri) – C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ati2mtag) – C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) – C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (nvata) – C:\WINDOWS\System32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (MarvinBus) – C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (nvnetbus) – C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) – C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AmdK8) – C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (cdrdrv) – C:\WINDOWS\system32\drivers\Cdrdrv.sys (Pinnacle Systems GmbH)
DRV - (PCLEPCI) – C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (vobiw) – C:\WINDOWS\System32\drivers\vobIW.sys (Pinnacle Systems GmbH)
DRV - (ASAPIW2K) – C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default = DE 18 2B 8D 5C E1 28 4C 92 A1 90 7E 78 D0 A7 53 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2645238
IE - HKCU..\URLSearchHook: {2bae58c2-79f9-45d1-a286-81f911301c3a} - Reg Error: Key error. File not found
IE - HKCU..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKCU..\URLSearchHook: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - Reg Error: Key error. File not found
IE - HKCU..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = *.local
========== FireFox ==========
FF - prefs.js…browser.search.defaultengine: “Ask.com”
FF - prefs.js…browser.search.defaultenginename: “Ask.com”
FF - prefs.js…browser.search.defaultthis.engineName: “ZoneAlarm Security Customized Web Search”
FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}”
FF - prefs.js…browser.search.order.1: “Ask.com”
FF - prefs.js…browser.search.selectedEngine: “ZoneAlarm Security Customized Web Search”
FF - prefs.js…browser.search.suggest.enabled: false
FF - prefs.js…browser.search.useDBForOrder: true
FF - prefs.js…browser.startup.homepage: “http://google.com”
FF - prefs.js…extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js…extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js…extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js…extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js…extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48
FF - prefs.js…extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.260.0
FF - prefs.js…extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js…extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js…extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js…extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js…extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js…extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js…extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js…extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js…keyword.URL: “http://search.avg.com/route/?d=4d5031e3&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=”
FF - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010.10.08 13:19:17 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011.08.05 12:06:28 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.08.12 12:55:30 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\Components: C:\Program Files\Mozilla Firefox\components [2011.08.17 10:39:13 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.05 10:03:50 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.08.10 13:41:05 | 000,000,000 | —D | M]
[2011.02.13 09:23:27 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\darko i natasa\Application Data\Mozilla\Extensions
[2011.08.19 07:00:38 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\darko i natasa\Application Data\Mozilla\Firefox\Profiles\xy5qdr68.default\extensions
[2011.08.02 11:17:48 | 000,000,000 | —D | M] (Forecastfox) – C:\Documents and Settings\darko i natasa\Application Data\Mozilla\Firefox\Profiles\xy5qdr68.default\extensions{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011.03.03 14:40:51 | 000,000,000 | —D | M] (PDF Download) – C:\Documents and Settings\darko i natasa\Application Data\Mozilla\Firefox\Profiles\xy5qdr68.default\extensions{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011.08.17 07:35:14 | 000,000,000 | —D | M] (ZoneAlarm Security Community Toolbar) – C:\Documents and Settings\darko i natasa\Application Data\Mozilla\Firefox\Profiles\xy5qdr68.default\extensions{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2011.08.19 07:00:38 | 000,000,000 | —D | M] (DownloadHelper) – C:\Documents and Settings\darko i natasa\Application Data\Mozilla\Firefox\Profiles\xy5qdr68.default\extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.13 10:32:23 | 000,000,000 | —D | M] (Download Statusbar) – C:\Documents and Settings\darko i natasa\Application Data\Mozilla\Firefox\Profiles\xy5qdr68.default\extensions{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.08.02 11:20:45 | 000,000,000 | —D | M] (“SecretHelper”) – C:\Documents and Settings\darko i natasa\Application Data\Mozilla\Firefox\Profiles\xy5qdr68.default\extensions{eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c58}
[2011.02.24 14:53:11 | 000,000,000 | —D | M] (Smart Bookmarks Bar) – C:\Documents and Settings\darko i natasa\Application Data\Mozilla\Firefox\Profiles\xy5qdr68.default\extensions\smartbookmarksbar@remy.juteau
[2011.08.04 10:25:14 | 000,002,394 | ---- | M] () – C:\Documents and Settings\darko i natasa\Application Data\Mozilla\Firefox\Profiles\xy5qdr68.default\searchplugins\askcom.xml
[2011.06.30 21:25:46 | 000,000,939 | ---- | M] () – C:\Documents and Settings\darko i natasa\Application Data\Mozilla\Firefox\Profiles\xy5qdr68.default\searchplugins\conduit.xml
[2011.03.23 21:49:53 | 000,000,000 | —D | M] (No name found) – C:\Program Files\Mozilla Firefox\extensions
[2006.08.24 22:47:08 | 000,000,000 | —D | M] (Google Toolbar for Firefox) – C:\Program Files\Mozilla Firefox\extensions{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.05.02 17:51:29 | 000,000,000 | —D | M] (Java Console) – C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.04 21:30:57 | 000,000,000 | —D | M] (Java Console) – C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.02.04 10:53:30 | 000,000,000 | —D | M] (Java Console) – C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) –
[2011.02.04 10:53:15 | 000,000,000 | —D | M] (Java Quick Starter) – C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.08.17 10:39:12 | 000,134,104 | ---- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.04 10:53:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007.08.31 08:46:24 | 002,436,096 | ---- | M] (My Live Search) – C:\Program Files\mozilla firefox\plugins\NPLiveSearch.dll
[2005.11.26 17:12:08 | 006,739,456 | ---- | M] (VideoLAN Team) – C:\Program Files\mozilla firefox\plugins\npvlc.dll
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) – C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2007.01.15 09:17:35 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - No CLSID value found.
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {54A201AA-3C65-44A8-9A8F-CF1440CC2F86} - Reg Error: Value error. File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (no name) - {8D2B18DE-E15C-4C28-92A1-907E78D0A753} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B40EDE6D-70F6-4E0E-98DA-900D3D71327C} - No CLSID value found.
O3 - HKLM..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM..\Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKLM..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU..\Toolbar\ShellBrowser: (no name) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - No CLSID value found.
O3 - HKCU..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM…\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM…\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM…\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM…\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM…\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM…\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM…\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM…\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM…\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM…\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM…\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM…\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM…\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU…\Run: File not found
O4 - HKCU…\Run: [DW6] File not found
O4 - HKCU…\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe (Pinnacle Systems GmbH.)
O4 - HKCU…\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKLM…\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra ‘Tools’ menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\jkklm: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\opnlijg: DllName - opnlijg.dll - File not found
O20 - Winlogon\Notify\sstqr: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\darko i natasa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\darko i natasa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {182B90A3-F372-438A-800C-6814B4DE417B} - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.07 13:31:27 | 000,000,000 | —D | M] - C:\Autodesk – [ NTFS ]
O32 - AutoRun File - [2006.08.30 19:21:58 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT – [ NTFS ]
O33 - MountPoints2{0b94709e-2166-11df-ae08-000e2eb38f97}\Shell - “” = AutoRun
O33 - MountPoints2{0b94709e-2166-11df-ae08-000e2eb38f97}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{0b94709e-2166-11df-ae08-000e2eb38f97}\Shell\AutoRun\command - “” = “K:\WD SmartWare.exe” autoplay=true
O33 - MountPoints2{e3c4ea88-887a-11df-b40b-001617490425}\Shell - “” = AutoRun
O33 - MountPoints2{e3c4ea88-887a-11df-b40b-001617490425}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{e3c4ea88-887a-11df-b40b-001617490425}\Shell\AutoRun\command - “” = K:\application\Setup.exe
O33 - MountPoints2{e73dfa88-b773-11df-b42b-001617490425}\Shell - “” = AutoRun
O33 - MountPoints2{e73dfa88-b773-11df-b42b-001617490425}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{e73dfa88-b773-11df-b42b-001617490425}\Shell\AutoRun\command - “” = K:\USBAutoRun.exe
O33 - MountPoints2{f49b03cc-f8a8-11de-ade2-001617490425}\Shell - “” = AutoRun
O33 - MountPoints2{f49b03cc-f8a8-11de-ade2-001617490425}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{f49b03cc-f8a8-11de-ade2-001617490425}\Shell\AutoRun\command - “” = G:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk ) - File not found
O35 - HKLM..comfile [open] – “%1” %
O35 - HKLM..exefile [open] – “%1” %*
O37 - HKLM.…com [@ = comfile] – “%1” %*
O37 - HKLM.…exe [@ = exefile] – “%1” %*