Solved trojan / "Object is inaccessible."

No worries. Did you manage to run fixme.reg?

 

Yes i did still get message at start up about combo fix and still get redirected in opera

 

No other browser being re-directed?
Have you emptied Opera's cache?
Are you running through a Proxy using Opera?

Go here and download then run Silent Runners.vbs. Right click on the download link and select Save Target As. Save it to the desktop or to a folder in a permanent directory. It generates a log which will be created in the same folder you are running it from. Please post the information back in this thread.
If you have a script blocking program, please allow the file to run. It is not malicious.

 

ok i cleared cache and did some random google searches and got no redirects but i had emptied it earlier but not after a few of the processes we have done . IE didnt apper to get redirected earlier in the day or previous, the proxy thing i went into preferences in opera and clicked on proxy servers there is a HTTp # there and a port # is that what u mean ?? and here is log from silent runners
"Silent Runners.vbs ", revision 61, http://www.silentrunners.org/
Operating System: Windows XP SP3
Output limited to non-default values, except where indicated by "{++} "


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SUPERAntiSpyware" = "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ "SUPERAntiSpyware.com"]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ "Safer-Networking Ltd."]
"swg" = " "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" " [ "Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AVG9_TRAY" = "C:\PROGRA~1\AVG\AVG9\avgtray.exe" [ "AVG Technologies CZ, s.r.o."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\1428\ {++}
"rdghixrd" = " "C:\ComboFix\CF19866.cfxxe" /c "C:\ComboFix\Combobatch.bat" " [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub "
-> {HKLM...CLSID} = "Adobe PDF Link Helper "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" [ "Adobe Systems Incorporated"]

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = "WormRadar.com IESiteBlocker.NavFilter "
-> {HKLM...CLSID} = "AVG Safe Search "
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgssie.dll" [ "AVG Technologies CZ, s.r.o."]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection "
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" [ "Safer Networking Limited"]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO "
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll" [ "Google Inc."]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper "
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" [ "Oracle"]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl "
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class "
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" [ "Oracle"]

{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}\(Default) = "Cooliris Plug-In for Internet Explorer "
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\PicLensIE\cooliris.dll" [ "Cooliris Inc."]

{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}\(Default) = "Cooliris Plug-In for Internet Explorer "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\PicLensIE\cooliris.dll" [ "Cooliris Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension "
-> {HKLM...CLSID} = "Display Panning CPL Extension "
\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext "
-> {HKLM...CLSID} = "HyperTerminal Icon Ext "
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [ "Hilgraeve, Inc."]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG Shell Extension "
-> {HKLM...CLSID} = "AVG Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgse.dll" [ "AVG Technologies CZ, s.r.o."]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser "
-> {HKLM...CLSID} = "Nokia Phone Browser "
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" [ "Nokia"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler "
-> {HKLM...CLSID} = "Outlook File Icon Extension "
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension "
-> {HKLM...CLSID} = "SimpleShlExt Class "
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [ "Advanced Micro Devices, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "
-> {HKLM...CLSID} = "WPDShServiceObj Class "
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "GinaDLL" = "MrvGINA.dll" [ "Marvell(R)"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL" [ "SUPERAntiSpyware.com"]
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" [ "ATI Technologies Inc."]
<<!>> avgrsstarter\DLLName = "avgrsstx.dll" [ "AVG Technologies CZ, s.r.o."]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> linkscanner\CLSID = "{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "
-> {HKLM...CLSID} = "XPLPPFilter Class "
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgpp.dll" [ "AVG Technologies CZ, s.r.o."]

<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F} "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F} "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> mso-offdap\CLSID = "{3D9F03FA-7A94-11D3-BE81-0050048385D1} "
-> {HKLM...CLSID} = "Data Page Pluggable Protocol mso-offdap Handler "
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

AVG9 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgse.dll" [ "AVG Technologies CZ, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = "SUPERAntiSpyware Context Menu "
-> {HKLM...CLSID} = "SASContextMenu Class "
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL" [ "SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3} "
-> {HKLM...CLSID} = "MBAMShlExt Class "
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" [ "Malwarebytes Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = "SUPERAntiSpyware Context Menu "
-> {HKLM...CLSID} = "SASContextMenu Class "
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL" [ "SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Nokia\(Default) = "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "
-> {HKLM...CLSID} = "Nokia Phone Browser "
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" [ "Nokia"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

WinZip\(Default) = "{E0D79305-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000} "
-> {HKLM...CLSID} = "SimpleShlExt Class "
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [ "Advanced Micro Devices, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info "
-> {HKLM...CLSID} = "PDF Shell Extension "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" [ "Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

AVG9 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgse.dll" [ "AVG Technologies CZ, s.r.o."]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3} "
-> {HKLM...CLSID} = "MBAMShlExt Class "
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" [ "Malwarebytes Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

WinZip\(Default) = "{E0D79305-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\

"SaveZoneInformation" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Windows Components|Attachment Manager|
Do not preserve zone information in file attachments}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"disableregistrytools" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Windows\System\

"disablecmd" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Disable the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp "

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp "


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

DVDFab5OnDVDArrival\
"Provider" = "DVDFab 5 "
"InvokeProgID" = "DVDFab5Open "
"InvokeVerb" = "Open "
HKLM\SOFTWARE\Classes\DVDFab5Open\shell\Open\command\(Default) = "C:\PROGRA~1\DVDFAB~1\DVDFab.exe" [ "Fengtao Software Inc."]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501 "
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24} "
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay "
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay2CDAudio\
"Provider" = "Nero Express "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" [ "Ahead Software AG"]

NeroAutoPlay2CopyCD\
"Provider" = "Nero Express "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /DialogiscCopy /Drive:%L" [ "Ahead Software AG"]

NeroAutoPlay2DataDisc\
"Provider" = "Nero Express "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" [ "Ahead Software AG"]

NeroAutoPlay2LaunchNeroStartSmart\
"Provider" = "Nero StartSmart "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" [ "Ahead Software AG"]

NeroAutoPlay2PlayAudioCD\
"Provider" = "Nero Media Player "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "PlayMusicFilesOnArrival_PlayAudioCD "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayMusicFilesOnArrival_PlayAudioCD\command\(Default) = "C:\Program Files\Ahead\NeroMediaPlayer\NeroMediaPlayer.exe /Play %L" [ "Ahead software"]

NeroAutoPlay2VideoCapture\
"Provider" = "NeroVision Express "
"ProgID" = "Shell.HWEventHandlerShellExecute "
"InitCmdLine" = " "C:\Program Files\Ahead\NeroVision\NeroVision.exe" /New:VideoCapture "
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} "
-> {HKLM...CLSID} = "ShellExecute HW Event Handler "
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay2ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "ShowPicturesOnArrival_ViewPhotos "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\ShowPicturesOnArrival_ViewPhotos\command\(Default) = "C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnapViewer.exe /Drive:%L" [ "Ahead Software AG"]

NMMPlayCDAudioOnArrival\
"Provider" = "Nokia Music Manager "
"InvokeProgID" = "NokiaMusicManager "
"InvokeVerb" = "NMMPlayCD "
HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /playCD "%L" " [ "Nokia"]

NMMRipCDAudioOnArrival\
"Provider" = "Nokia Music Manager "
"InvokeProgID" = "NokiaMusicManager "
"InvokeVerb" = "NMMRipCD "
HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /ripCD "%L" " [ "Nokia"]

PDVDPlayCDAudioOnArrival\
"Provider" = "PowerDVD "
"InvokeProgID" = "AudioCD "
"InvokeVerb" = "PlayWithPowerDVD "
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = " "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L" " [ "CyberLink Corp."]

PDVDPlayDVDMovieOnArrival\
"Provider" = "PowerDVD "
"InvokeProgID" = "DVD "
"InvokeVerb" = "PlayWithPowerDVD "
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = " "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L" " [ "CyberLink Corp."]

PDVDPlayVCDMovieOnArrival\
"Provider" = "PowerDVD "
"InvokeProgID" = "VCD "
"InvokeVerb" = "PlayWithPowerDVD "
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = " "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l" " [ "CyberLink Corp."]

WinampMTPHandler\
"Provider" = "Winamp "
"ProgID" = "Shell.HWEventHandlerShellExecute "
"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe "
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} "
-> {HKLM...CLSID} = "ShellExecute HW Event Handler "
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\
"Provider" = "Winamp "
"InvokeProgID" = "Winamp.File "
"InvokeVerb" = "Play "
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = " "C:\Program Files\Winamp\winamp.exe" "%1" " [ "Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E} "
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = " "C:\Program Files\Winamp\winamp.exe" " [ "Nullsoft"]

ZunePlayCDAudioOnArrival\
"Provider" = "@c:\Program Files\Zune\en-US\ZuneResources.dll.mui,-603 "
"InvokeProgID" = "Microsoft.Zune.2.AudioCD "
"InvokeVerb" = "Play "
HKLM\SOFTWARE\Classes\Microsoft.Zune.2.AudioCD\shell\Play\Command\(Default) = " "c:\Program Files\Zune\Zune.exe" /PlayCD: "%L" " [MS]

ZunePlayMediaOnArrival\
"Provider" = "@c:\Program Files\Zune\en-US\ZuneResources.dll.mui,-603 "
"InvokeProgID" = "Microsoft.Zune.2.PlayMedia "
"InvokeVerb" = "Play "
HKLM\SOFTWARE\Classes\Microsoft.Zune.2.PlayMedia\shell\Play\Command\(Default) = " "c:\Program Files\Zune\Zune.exe" /PlayMedia: "%L" " [MS]

ZuneRipCDAudioOnArrival\
"Provider" = "@c:\Program Files\Zune\en-US\ZuneResources.dll.mui,-603 "
"InvokeProgID" = "Microsoft.Zune.2.RipCD "
"InvokeVerb" = "Rip "
HKLM\SOFTWARE\Classes\Microsoft.Zune.2.RipCD\shell\Rip\Command\(Default) = " "c:\Program Files\Zune\Zune.exe" /RipCD: "%L" " [MS]


Startup items in "Dave" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"NETGEAR WG311v3 Smart Wizard" -> shortcut to: "C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe /HIDE" [empty string]


Enabled Scheduled Tasks:
------------------------

"Google Software Updater" -> launches: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start" [ "Google"]
"GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" [ "Google Inc."]
"GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" [ "Google Inc."]
"RegCure Program Check" -> launches: "C:\Program Files\RegCure\RegCure.exe ShowReminders" [null data]
"RegCure" -> launches: "C:\Program Files\RegCure\RegCure.exe -t" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{3437D640-C91A-458F-89F5-B9095EA4C28B}\
"ButtonText" = "Launch Cooliris "
"CLSIDExtension" = "{04F93351-81D2-4484-9982-0D55DEFFFAE6} "
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\PicLensIE\cooliris.dll" [ "Cooliris Inc."]
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\PicLensIE\cooliris.dll" [ "Cooliris Inc."]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration "
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F} "
-> {HKLM...CLSID} = "Spybot-S&D IE Protection "
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" [ "Safer Networking Limited"]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001 "
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger "
"MenuText" = "Windows Messenger "
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" [ "ATI Technologies Inc."]
AVG Free E-mail Scanner, avg9emc, " "C:\Program Files\AVG\AVG9\avgemc.exe" " [ "AVG Technologies CZ, s.r.o."]
AVG Free WatchDog, avg9wd, " "C:\Program Files\AVG\AVG9\avgwdsvc.exe" " [ "AVG Technologies CZ, s.r.o."]
Java Quick Starter, JavaQuickStarterService, " "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" " [ "Oracle"]
Logical Disk Manager Administrative Service, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" [ "Microsoft Corp., Veritas Software"]
ServiceLayer, ServiceLayer, " "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" " [ "Nokia"]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" { "C:\WINDOWS\System32\WUDFSvc.dll" [MS]}
Zune Bus Enumerator, ZuneBusEnum, "C:\WINDOWS\system32\ZuneBusEnum.exe" [MS]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> PEVSystemStart, (null value)
<<!>> procexp90.Sys, (null value)

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> PEVSystemStart, (null value)
<<!>> procexp90.Sys, (null value)


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor PIXMA iP1000\Driver = "CNMLM6e.DLL" [ "CANON INC."]


---------- (launch time: 2010-08-01 17:39:15)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 68 seconds, including 21 seconds for message boxes)

 

How long have you had regcure? You do realise that they do more damage than good?

When you have run the fixme.reg files, have there been any messages regarding them? Have you had problems running them?
They should have removed the entry, but haven't.
Do you run any programs there that will block any registry changes?
If you do, please disable them and run another fix.

Download the attached zip file and unzip fixme.reg. Close all browser windows. Double click the file to run it and when asked if you want to merge with your registry, answer yes.
Reboot when done and check if the error message has gone.

 

hi ive had regcure for over a year i guess i didnt know shall i remove it ? i dont get any messages regarding fixme i dont think i have any programs that would block any reg changes , also when reading this i got a new tab pop up again so i guess that problem still hangs around

 

Did you run fixme again?

If you have, reboot and run silentrunners again please and post the log.

 

yes ran fixme again then rebooted and got combofix message again . here is log from silentrunners
"Silent Runners.vbs ", revision 61, http://www.silentrunners.org/
Operating System: Windows XP SP3
Output limited to non-default values, except where indicated by "{++} "


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SUPERAntiSpyware" = "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ "SUPERAntiSpyware.com"]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ "Safer-Networking Ltd."]
"swg" = " "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" " [ "Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AVG9_TRAY" = "C:\PROGRA~1\AVG\AVG9\avgtray.exe" [ "AVG Technologies CZ, s.r.o."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\1428\ {++}
"rdghixrd" = " "C:\ComboFix\CF19866.cfxxe" /c "C:\ComboFix\Combobatch.bat" " [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub "
-> {HKLM...CLSID} = "Adobe PDF Link Helper "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" [ "Adobe Systems Incorporated"]

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = "WormRadar.com IESiteBlocker.NavFilter "
-> {HKLM...CLSID} = "AVG Safe Search "
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgssie.dll" [ "AVG Technologies CZ, s.r.o."]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection "
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" [ "Safer Networking Limited"]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO "
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll" [ "Google Inc."]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper "
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" [ "Oracle"]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl "
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class "
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" [ "Oracle"]

{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}\(Default) = "Cooliris Plug-In for Internet Explorer "
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\PicLensIE\cooliris.dll" [ "Cooliris Inc."]

{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}\(Default) = "Cooliris Plug-In for Internet Explorer "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\PicLensIE\cooliris.dll" [ "Cooliris Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension "
-> {HKLM...CLSID} = "Display Panning CPL Extension "
\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext "
-> {HKLM...CLSID} = "HyperTerminal Icon Ext "
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [ "Hilgraeve, Inc."]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG Shell Extension "
-> {HKLM...CLSID} = "AVG Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgse.dll" [ "AVG Technologies CZ, s.r.o."]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser "
-> {HKLM...CLSID} = "Nokia Phone Browser "
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" [ "Nokia"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler "
-> {HKLM...CLSID} = "Outlook File Icon Extension "
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension "
-> {HKLM...CLSID} = "SimpleShlExt Class "
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [ "Advanced Micro Devices, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "
-> {HKLM...CLSID} = "WPDShServiceObj Class "
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "GinaDLL" = "MrvGINA.dll" [ "Marvell(R)"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL" [ "SUPERAntiSpyware.com"]
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" [ "ATI Technologies Inc."]
<<!>> avgrsstarter\DLLName = "avgrsstx.dll" [ "AVG Technologies CZ, s.r.o."]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> linkscanner\CLSID = "{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "
-> {HKLM...CLSID} = "XPLPPFilter Class "
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgpp.dll" [ "AVG Technologies CZ, s.r.o."]

<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F} "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F} "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> mso-offdap\CLSID = "{3D9F03FA-7A94-11D3-BE81-0050048385D1} "
-> {HKLM...CLSID} = "Data Page Pluggable Protocol mso-offdap Handler "
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

AVG9 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgse.dll" [ "AVG Technologies CZ, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = "SUPERAntiSpyware Context Menu "
-> {HKLM...CLSID} = "SASContextMenu Class "
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL" [ "SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3} "
-> {HKLM...CLSID} = "MBAMShlExt Class "
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" [ "Malwarebytes Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = "SUPERAntiSpyware Context Menu "
-> {HKLM...CLSID} = "SASContextMenu Class "
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL" [ "SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Nokia\(Default) = "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "
-> {HKLM...CLSID} = "Nokia Phone Browser "
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" [ "Nokia"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

WinZip\(Default) = "{E0D79305-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000} "
-> {HKLM...CLSID} = "SimpleShlExt Class "
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [ "Advanced Micro Devices, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info "
-> {HKLM...CLSID} = "PDF Shell Extension "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" [ "Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

AVG9 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgse.dll" [ "AVG Technologies CZ, s.r.o."]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3} "
-> {HKLM...CLSID} = "MBAMShlExt Class "
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" [ "Malwarebytes Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

WinZip\(Default) = "{E0D79305-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\

"SaveZoneInformation" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Windows Components|Attachment Manager|
Do not preserve zone information in file attachments}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"disableregistrytools" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Windows\System\

"disablecmd" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Disable the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp "

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp "


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

DVDFab5OnDVDArrival\
"Provider" = "DVDFab 5 "
"InvokeProgID" = "DVDFab5Open "
"InvokeVerb" = "Open "
HKLM\SOFTWARE\Classes\DVDFab5Open\shell\Open\command\(Default) = "C:\PROGRA~1\DVDFAB~1\DVDFab.exe" [ "Fengtao Software Inc."]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501 "
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24} "
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay "
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay2CDAudio\
"Provider" = "Nero Express "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" [ "Ahead Software AG"]

NeroAutoPlay2CopyCD\
"Provider" = "Nero Express "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /DialogiscCopy /Drive:%L" [ "Ahead Software AG"]

NeroAutoPlay2DataDisc\
"Provider" = "Nero Express "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" [ "Ahead Software AG"]

NeroAutoPlay2LaunchNeroStartSmart\
"Provider" = "Nero StartSmart "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" [ "Ahead Software AG"]

NeroAutoPlay2PlayAudioCD\
"Provider" = "Nero Media Player "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "PlayMusicFilesOnArrival_PlayAudioCD "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayMusicFilesOnArrival_PlayAudioCD\command\(Default) = "C:\Program Files\Ahead\NeroMediaPlayer\NeroMediaPlayer.exe /Play %L" [ "Ahead software"]

NeroAutoPlay2VideoCapture\
"Provider" = "NeroVision Express "
"ProgID" = "Shell.HWEventHandlerShellExecute "
"InitCmdLine" = " "C:\Program Files\Ahead\NeroVision\NeroVision.exe" /New:VideoCapture "
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} "
-> {HKLM...CLSID} = "ShellExecute HW Event Handler "
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay2ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "ShowPicturesOnArrival_ViewPhotos "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\ShowPicturesOnArrival_ViewPhotos\command\(Default) = "C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnapViewer.exe /Drive:%L" [ "Ahead Software AG"]

NMMPlayCDAudioOnArrival\
"Provider" = "Nokia Music Manager "
"InvokeProgID" = "NokiaMusicManager "
"InvokeVerb" = "NMMPlayCD "
HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /playCD "%L" " [ "Nokia"]

NMMRipCDAudioOnArrival\
"Provider" = "Nokia Music Manager "
"InvokeProgID" = "NokiaMusicManager "
"InvokeVerb" = "NMMRipCD "
HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /ripCD "%L" " [ "Nokia"]

PDVDPlayCDAudioOnArrival\
"Provider" = "PowerDVD "
"InvokeProgID" = "AudioCD "
"InvokeVerb" = "PlayWithPowerDVD "
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = " "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L" " [ "CyberLink Corp."]

PDVDPlayDVDMovieOnArrival\
"Provider" = "PowerDVD "
"InvokeProgID" = "DVD "
"InvokeVerb" = "PlayWithPowerDVD "
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = " "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L" " [ "CyberLink Corp."]

PDVDPlayVCDMovieOnArrival\
"Provider" = "PowerDVD "
"InvokeProgID" = "VCD "
"InvokeVerb" = "PlayWithPowerDVD "
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = " "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l" " [ "CyberLink Corp."]

WinampMTPHandler\
"Provider" = "Winamp "
"ProgID" = "Shell.HWEventHandlerShellExecute "
"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe "
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} "
-> {HKLM...CLSID} = "ShellExecute HW Event Handler "
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\
"Provider" = "Winamp "
"InvokeProgID" = "Winamp.File "
"InvokeVerb" = "Play "
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = " "C:\Program Files\Winamp\winamp.exe" "%1" " [ "Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E} "
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = " "C:\Program Files\Winamp\winamp.exe" " [ "Nullsoft"]

ZunePlayCDAudioOnArrival\
"Provider" = "@c:\Program Files\Zune\en-US\ZuneResources.dll.mui,-603 "
"InvokeProgID" = "Microsoft.Zune.2.AudioCD "
"InvokeVerb" = "Play "
HKLM\SOFTWARE\Classes\Microsoft.Zune.2.AudioCD\shell\Play\Command\(Default) = " "c:\Program Files\Zune\Zune.exe" /PlayCD: "%L" " [MS]

ZunePlayMediaOnArrival\
"Provider" = "@c:\Program Files\Zune\en-US\ZuneResources.dll.mui,-603 "
"InvokeProgID" = "Microsoft.Zune.2.PlayMedia "
"InvokeVerb" = "Play "
HKLM\SOFTWARE\Classes\Microsoft.Zune.2.PlayMedia\shell\Play\Command\(Default) = " "c:\Program Files\Zune\Zune.exe" /PlayMedia: "%L" " [MS]

ZuneRipCDAudioOnArrival\
"Provider" = "@c:\Program Files\Zune\en-US\ZuneResources.dll.mui,-603 "
"InvokeProgID" = "Microsoft.Zune.2.RipCD "
"InvokeVerb" = "Rip "
HKLM\SOFTWARE\Classes\Microsoft.Zune.2.RipCD\shell\Rip\Command\(Default) = " "c:\Program Files\Zune\Zune.exe" /RipCD: "%L" " [MS]


Startup items in "Dave" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"NETGEAR WG311v3 Smart Wizard" -> shortcut to: "C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe /HIDE" [empty string]


Enabled Scheduled Tasks:
------------------------

"Google Software Updater" -> launches: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start" [ "Google"]
"GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" [ "Google Inc."]
"GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" [ "Google Inc."]
"RegCure Program Check" -> launches: "C:\Program Files\RegCure\RegCure.exe ShowReminders" [null data]
"RegCure" -> launches: "C:\Program Files\RegCure\RegCure.exe -t" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{3437D640-C91A-458F-89F5-B9095EA4C28B}\
"ButtonText" = "Launch Cooliris "
"CLSIDExtension" = "{04F93351-81D2-4484-9982-0D55DEFFFAE6} "
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\PicLensIE\cooliris.dll" [ "Cooliris Inc."]
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\PicLensIE\cooliris.dll" [ "Cooliris Inc."]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration "
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F} "
-> {HKLM...CLSID} = "Spybot-S&D IE Protection "
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" [ "Safer Networking Limited"]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001 "
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger "
"MenuText" = "Windows Messenger "
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" [ "ATI Technologies Inc."]
AVG Free E-mail Scanner, avg9emc, " "C:\Program Files\AVG\AVG9\avgemc.exe" " [ "AVG Technologies CZ, s.r.o."]
AVG Free WatchDog, avg9wd, " "C:\Program Files\AVG\AVG9\avgwdsvc.exe" " [ "AVG Technologies CZ, s.r.o."]
Java Quick Starter, JavaQuickStarterService, " "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" " [ "Oracle"]
Logical Disk Manager Administrative Service, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" [ "Microsoft Corp., Veritas Software"]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" { "C:\WINDOWS\System32\WUDFSvc.dll" [MS]}
Zune Bus Enumerator, ZuneBusEnum, "C:\WINDOWS\system32\ZuneBusEnum.exe" [MS]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> PEVSystemStart, (null value)
<<!>> procexp90.Sys, (null value)

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> PEVSystemStart, (null value)
<<!>> procexp90.Sys, (null value)


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor PIXMA iP1000\Driver = "CNMLM6e.DLL" [ "CANON INC."]


---------- (launch time: 2010-08-01 20:10:22)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 52 seconds, including 7 seconds for message boxes)

 

Well, something is stopping it from working, as that entry should not still be there if the fixme.reg file ran ok.
Only thing I can suggest ith it is to either run the fixme in safe mode, or manually delete the entry by going in to the registry.
Which one do you want to try ?

 

lol ill go the easy way first that is to try in safe mode . well that sounds the easy way to me

 

Ok. After you have done it, boot to normal mode and run SR again.

 

Ok did it safe mode when rbooting got message still here Sr log
"Silent Runners.vbs ", revision 61, http://www.silentrunners.org/
Operating System: Windows XP SP3
Output limited to non-default values, except where indicated by "{++} "


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SUPERAntiSpyware" = "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ "SUPERAntiSpyware.com"]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ "Safer-Networking Ltd."]
"swg" = " "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" " [ "Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AVG9_TRAY" = "C:\PROGRA~1\AVG\AVG9\avgtray.exe" [ "AVG Technologies CZ, s.r.o."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\1428\ {++}
"rdghixrd" = " "C:\ComboFix\CF19866.cfxxe" /c "C:\ComboFix\Combobatch.bat" " [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub "
-> {HKLM...CLSID} = "Adobe PDF Link Helper "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" [ "Adobe Systems Incorporated"]

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = "WormRadar.com IESiteBlocker.NavFilter "
-> {HKLM...CLSID} = "AVG Safe Search "
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgssie.dll" [ "AVG Technologies CZ, s.r.o."]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection "
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" [ "Safer Networking Limited"]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO "
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll" [ "Google Inc."]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper "
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" [ "Oracle"]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl "
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class "
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" [ "Oracle"]

{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}\(Default) = "Cooliris Plug-In for Internet Explorer "
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\PicLensIE\cooliris.dll" [ "Cooliris Inc."]

{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}\(Default) = "Cooliris Plug-In for Internet Explorer "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\PicLensIE\cooliris.dll" [ "Cooliris Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension "
-> {HKLM...CLSID} = "Display Panning CPL Extension "
\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext "
-> {HKLM...CLSID} = "HyperTerminal Icon Ext "
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [ "Hilgraeve, Inc."]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG Shell Extension "
-> {HKLM...CLSID} = "AVG Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgse.dll" [ "AVG Technologies CZ, s.r.o."]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser "
-> {HKLM...CLSID} = "Nokia Phone Browser "
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" [ "Nokia"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler "
-> {HKLM...CLSID} = "Outlook File Icon Extension "
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension "
-> {HKLM...CLSID} = "SimpleShlExt Class "
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [ "Advanced Micro Devices, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "
-> {HKLM...CLSID} = "WPDShServiceObj Class "
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "GinaDLL" = "MrvGINA.dll" [ "Marvell(R)"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL" [ "SUPERAntiSpyware.com"]
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" [ "ATI Technologies Inc."]
<<!>> avgrsstarter\DLLName = "avgrsstx.dll" [ "AVG Technologies CZ, s.r.o."]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> linkscanner\CLSID = "{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "
-> {HKLM...CLSID} = "XPLPPFilter Class "
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgpp.dll" [ "AVG Technologies CZ, s.r.o."]

<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F} "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F} "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> mso-offdap\CLSID = "{3D9F03FA-7A94-11D3-BE81-0050048385D1} "
-> {HKLM...CLSID} = "Data Page Pluggable Protocol mso-offdap Handler "
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

AVG9 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgse.dll" [ "AVG Technologies CZ, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = "SUPERAntiSpyware Context Menu "
-> {HKLM...CLSID} = "SASContextMenu Class "
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL" [ "SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3} "
-> {HKLM...CLSID} = "MBAMShlExt Class "
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" [ "Malwarebytes Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = "SUPERAntiSpyware Context Menu "
-> {HKLM...CLSID} = "SASContextMenu Class "
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL" [ "SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Nokia\(Default) = "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "
-> {HKLM...CLSID} = "Nokia Phone Browser "
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" [ "Nokia"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

WinZip\(Default) = "{E0D79305-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000} "
-> {HKLM...CLSID} = "SimpleShlExt Class "
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [ "Advanced Micro Devices, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info "
-> {HKLM...CLSID} = "PDF Shell Extension "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" [ "Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

AVG9 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgse.dll" [ "AVG Technologies CZ, s.r.o."]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3} "
-> {HKLM...CLSID} = "MBAMShlExt Class "
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" [ "Malwarebytes Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [ "Alexander Roshal"]

WinZip\(Default) = "{E0D79305-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\

"SaveZoneInformation" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Windows Components|Attachment Manager|
Do not preserve zone information in file attachments}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"disableregistrytools" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Windows\System\

"disablecmd" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Disable the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp "

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp "


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

DVDFab5OnDVDArrival\
"Provider" = "DVDFab 5 "
"InvokeProgID" = "DVDFab5Open "
"InvokeVerb" = "Open "
HKLM\SOFTWARE\Classes\DVDFab5Open\shell\Open\command\(Default) = "C:\PROGRA~1\DVDFAB~1\DVDFab.exe" [ "Fengtao Software Inc."]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501 "
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24} "
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay "
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay2CDAudio\
"Provider" = "Nero Express "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" [ "Ahead Software AG"]

NeroAutoPlay2CopyCD\
"Provider" = "Nero Express "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /DialogiscCopy /Drive:%L" [ "Ahead Software AG"]

NeroAutoPlay2DataDisc\
"Provider" = "Nero Express "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" [ "Ahead Software AG"]

NeroAutoPlay2LaunchNeroStartSmart\
"Provider" = "Nero StartSmart "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" [ "Ahead Software AG"]

NeroAutoPlay2PlayAudioCD\
"Provider" = "Nero Media Player "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "PlayMusicFilesOnArrival_PlayAudioCD "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayMusicFilesOnArrival_PlayAudioCD\command\(Default) = "C:\Program Files\Ahead\NeroMediaPlayer\NeroMediaPlayer.exe /Play %L" [ "Ahead software"]

NeroAutoPlay2VideoCapture\
"Provider" = "NeroVision Express "
"ProgID" = "Shell.HWEventHandlerShellExecute "
"InitCmdLine" = " "C:\Program Files\Ahead\NeroVision\NeroVision.exe" /New:VideoCapture "
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} "
-> {HKLM...CLSID} = "ShellExecute HW Event Handler "
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay2ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer "
"InvokeProgID" = "Nero.AutoPlay2 "
"InvokeVerb" = "ShowPicturesOnArrival_ViewPhotos "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\ShowPicturesOnArrival_ViewPhotos\command\(Default) = "C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnapViewer.exe /Drive:%L" [ "Ahead Software AG"]

NMMPlayCDAudioOnArrival\
"Provider" = "Nokia Music Manager "
"InvokeProgID" = "NokiaMusicManager "
"InvokeVerb" = "NMMPlayCD "
HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /playCD "%L" " [ "Nokia"]

NMMRipCDAudioOnArrival\
"Provider" = "Nokia Music Manager "
"InvokeProgID" = "NokiaMusicManager "
"InvokeVerb" = "NMMRipCD "
HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /ripCD "%L" " [ "Nokia"]

PDVDPlayCDAudioOnArrival\
"Provider" = "PowerDVD "
"InvokeProgID" = "AudioCD "
"InvokeVerb" = "PlayWithPowerDVD "
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = " "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L" " [ "CyberLink Corp."]

PDVDPlayDVDMovieOnArrival\
"Provider" = "PowerDVD "
"InvokeProgID" = "DVD "
"InvokeVerb" = "PlayWithPowerDVD "
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = " "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L" " [ "CyberLink Corp."]

PDVDPlayVCDMovieOnArrival\
"Provider" = "PowerDVD "
"InvokeProgID" = "VCD "
"InvokeVerb" = "PlayWithPowerDVD "
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = " "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l" " [ "CyberLink Corp."]

WinampMTPHandler\
"Provider" = "Winamp "
"ProgID" = "Shell.HWEventHandlerShellExecute "
"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe "
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} "
-> {HKLM...CLSID} = "ShellExecute HW Event Handler "
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\
"Provider" = "Winamp "
"InvokeProgID" = "Winamp.File "
"InvokeVerb" = "Play "
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = " "C:\Program Files\Winamp\winamp.exe" "%1" " [ "Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E} "
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = " "C:\Program Files\Winamp\winamp.exe" " [ "Nullsoft"]

ZunePlayCDAudioOnArrival\
"Provider" = "@c:\Program Files\Zune\en-US\ZuneResources.dll.mui,-603 "
"InvokeProgID" = "Microsoft.Zune.2.AudioCD "
"InvokeVerb" = "Play "
HKLM\SOFTWARE\Classes\Microsoft.Zune.2.AudioCD\shell\Play\Command\(Default) = " "c:\Program Files\Zune\Zune.exe" /PlayCD: "%L" " [MS]

ZunePlayMediaOnArrival\
"Provider" = "@c:\Program Files\Zune\en-US\ZuneResources.dll.mui,-603 "
"InvokeProgID" = "Microsoft.Zune.2.PlayMedia "
"InvokeVerb" = "Play "
HKLM\SOFTWARE\Classes\Microsoft.Zune.2.PlayMedia\shell\Play\Command\(Default) = " "c:\Program Files\Zune\Zune.exe" /PlayMedia: "%L" " [MS]

ZuneRipCDAudioOnArrival\
"Provider" = "@c:\Program Files\Zune\en-US\ZuneResources.dll.mui,-603 "
"InvokeProgID" = "Microsoft.Zune.2.RipCD "
"InvokeVerb" = "Rip "
HKLM\SOFTWARE\Classes\Microsoft.Zune.2.RipCD\shell\Rip\Command\(Default) = " "c:\Program Files\Zune\Zune.exe" /RipCD: "%L" " [MS]


Startup items in "Dave" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"NETGEAR WG311v3 Smart Wizard" -> shortcut to: "C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe /HIDE" [empty string]


Enabled Scheduled Tasks:
------------------------

"Google Software Updater" -> launches: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start" [ "Google"]
"GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" [ "Google Inc."]
"GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" [ "Google Inc."]
"RegCure Program Check" -> launches: "C:\Program Files\RegCure\RegCure.exe ShowReminders" [null data]
"RegCure" -> launches: "C:\Program Files\RegCure\RegCure.exe -t" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{3437D640-C91A-458F-89F5-B9095EA4C28B}\
"ButtonText" = "Launch Cooliris "
"CLSIDExtension" = "{04F93351-81D2-4484-9982-0D55DEFFFAE6} "
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\PicLensIE\cooliris.dll" [ "Cooliris Inc."]
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\PicLensIE\cooliris.dll" [ "Cooliris Inc."]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration "
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F} "
-> {HKLM...CLSID} = "Spybot-S&D IE Protection "
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" [ "Safer Networking Limited"]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001 "
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger "
"MenuText" = "Windows Messenger "
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" [ "ATI Technologies Inc."]
AVG Free E-mail Scanner, avg9emc, " "C:\Program Files\AVG\AVG9\avgemc.exe" " [ "AVG Technologies CZ, s.r.o."]
AVG Free WatchDog, avg9wd, " "C:\Program Files\AVG\AVG9\avgwdsvc.exe" " [ "AVG Technologies CZ, s.r.o."]
Java Quick Starter, JavaQuickStarterService, " "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" " [ "Oracle"]
Logical Disk Manager Administrative Service, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" [ "Microsoft Corp., Veritas Software"]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" { "C:\WINDOWS\System32\WUDFSvc.dll" [MS]}
Zune Bus Enumerator, ZuneBusEnum, "C:\WINDOWS\system32\ZuneBusEnum.exe" [MS]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> PEVSystemStart, (null value)
<<!>> procexp90.Sys, (null value)

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> PEVSystemStart, (null value)
<<!>> procexp90.Sys, (null value)


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor PIXMA iP1000\Driver = "CNMLM6e.DLL" [ "CANON INC."]


---------- (launch time: 2010-08-01 20:33:30)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 65 seconds, including 18 seconds for message boxes)

 

Time to delete it manually then.
Hit Start | Run and type in regedit and hit OK.
Navigate to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx and in the right pane find the entry for combofix there, right click on it and select delete.

Let me know how you go.

 

ok found it but error came up , error deleting values, unable to delete all specified values i found it where u said but in a folder named 1428

 

Can you delete the 1428 folder?
When you are in the registry. go to the edit Tab and in 'Permissions,' make sure to have full control before trying to delete.
1.
Open Registry Editor

2.
Click the key you want to take ownership of.

3.
On the Edit menu, click Permissions.

4.
Click Advanced, and then click the Owner tab.

5.
Under Change owner to, click the new owner, and then click OK.

 

yes that worked it deleted

 

i just did a reboot and all is clear there , i guess now we tackle the random redirect problem now ? thnx again for ur help

 

Can you try resetting your router/modem to see if that has been affected. See if it still re-directs after.

Are you able to post an OTL log?

 

yes i can do another otl log . just a ? about resetting modem do mean just turning it off then on or actually doing a reset by pushing that tiny button at back and if so does doing that effect the settings in the modem/router . i have a billion voip adsl router that i use for voip

 

here is otl log i ran quick scan is that what you wanted ?
OTL logfile created on: 8/1/2010 9:54:34 PM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 17.46 Gb Free Space | 44.71% Space Free | Partition Type: NTFS
Drive D: | 109.99 Gb Total Space | 39.67 Gb Free Space | 36.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-8WI9D3OO4Q
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/23 18:10:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
PRC - [2010/07/22 17:18:09 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/07/21 18:59:20 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/17 09:29:21 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/17 09:29:17 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 09:29:17 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 09:29:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 09:28:18 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 09:28:17 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/30 14:52:22 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/26 17:55:04 | 001,486,848 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe


========== Modules (SafeList) ==========

MOD - [2010/07/23 18:10:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
MOD - [2008/04/14 10:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - [2010/07/21 18:59:20 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/17 09:29:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/01/07 13:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 13:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/11/06 08:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/07/17 09:29:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 09:28:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 10:05:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/26 17:02:31 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/24 02:31:01 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/19 13:04:28 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 13:04:27 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/11 17:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/07 13:22:02 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2010/01/02 03:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/13 14:22:54 | 000,095,576 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/14 04:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/10/06 15:17:34 | 000,280,576 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2005/05/18 19:50:30 | 002,319,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/04 13:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/04 15:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/10/15 17:52:50 | 000,174,530 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2003/07/02 06:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/webhp?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/06/26 14:00:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/06/26 14:00:13 | 000,000,000 | ---D | M]

[2009/11/22 09:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2009/11/22 09:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/07/30 20:28:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {81fdd779-57e9-0539-b8cd-d06cb867e3fd} - No CLSID value found.
O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - C:\WINDOWS\System32\MrvGINA.dll (Marvell(R))
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/10 11:24:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/31 22:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\DoctorWeb
[2010/07/31 21:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/31 13:35:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/30 20:27:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/07/29 21:03:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dave\Recent
[2010/07/27 20:51:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/26 16:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2010/07/25 10:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/07/23 22:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/23 22:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/23 22:48:04 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/23 22:48:04 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/23 22:48:04 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/23 22:48:04 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/23 21:05:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/23 18:10:38 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2010/07/22 19:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Malwarebytes
[2010/07/22 19:16:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/22 19:16:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/22 19:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/22 19:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/21 21:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\uealgoipr
[2010/07/21 21:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/21 21:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/21 20:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\xetblruxy
[2010/07/21 20:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\8926D9C51CB41E81AD43AAED097E3035
[2010/07/21 19:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/17 17:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\videos
[2010/07/17 09:29:17 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/16 15:37:41 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\Pcdlib32.dll
[2010/07/16 15:29:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\_ISTMP2.DIR
[2010/07/16 15:29:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\_ISTMP1.DIR
[2010/07/11 16:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\hl
[2010/07/06 19:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\New Folder
[2010/07/03 16:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\etax2010
[2010/06/26 13:59:32 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/06/26 13:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/06/26 13:58:52 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010/06/26 13:58:51 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010/06/26 13:58:49 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010/06/26 13:58:48 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010/06/26 13:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/06/06 11:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/06/06 11:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/05/20 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/05/18 19:53:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/05/18 19:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\E52
[2010/05/18 18:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\Nokia
[2010/05/18 18:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\NokiaAccount

========== Files - Modified Within 90 Days ==========

[2010/08/01 21:40:19 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/01 21:40:02 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/08/01 21:40:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/01 21:39:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/01 21:39:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/01 21:39:03 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Dave\NTUSER.DAT
[2010/08/01 21:39:03 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dave\ntuser.ini
[2010/08/01 21:38:57 | 004,312,184 | -H-- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\IconCache.db
[2010/08/01 21:34:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/01 19:50:07 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/01 18:31:01 | 000,000,212 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\fixme.zip
[2010/08/01 17:38:27 | 000,111,115 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Silent Runners.zip
[2010/08/01 16:22:40 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\fixme.reg
[2010/08/01 14:23:04 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/08/01 14:18:12 | 000,000,481 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\DrWeb.csv
[2010/08/01 09:43:28 | 062,815,507 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/31 22:19:59 | 048,022,216 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\drweb-cureit.exe
[2010/07/31 19:34:52 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\gmer.zip
[2010/07/31 15:38:07 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\to use.inf
[2010/07/31 10:16:08 | 000,001,383 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\RegSrch.zip
[2010/07/30 20:30:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/30 20:28:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/27 20:51:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/26 18:15:26 | 000,051,334 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\29856_1412723292538_1666219019_995475_2027858_n.jpg
[2010/07/26 16:57:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/25 13:55:50 | 000,109,184 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.TAX
[2010/07/25 13:50:37 | 000,108,120 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.BAK
[2010/07/25 13:03:41 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\e-tax 2010.lnk
[2010/07/23 22:17:42 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SystemLook.exe
[2010/07/23 18:10:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2010/07/23 16:46:42 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2010/07/22 21:24:58 | 000,001,165 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/22 21:24:58 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/07/19 21:48:49 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\vso_ts_preview.xml
[2010/07/19 14:58:04 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/19 12:39:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/17 13:11:18 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/17 09:29:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/17 09:29:17 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/17 09:28:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/16 16:07:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MSPublisher_Quark Converter.INI
[2010/07/16 15:57:08 | 000,001,901 | ---- | M] () -- C:\WINDOWS\panose.bin
[2010/07/15 16:18:27 | 001,778,547 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\DemolitionCall1.wmv
[2010/07/08 16:27:49 | 004,054,198 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Mitre 10 Advert.wmv
[2010/07/05 13:02:21 | 000,058,257 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9055.jpg
[2010/07/05 12:59:28 | 000,097,912 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9-1.jpg
[2010/07/05 12:41:36 | 000,064,813 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_905554_8123457_n.jpg
[2010/07/05 12:08:43 | 000,074,169 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31856_1416476466365_1666219019_1004698_8228200_n.jpg
[2010/07/05 11:48:23 | 000,181,419 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535677844_1666219019_1010374_2621558_n.jpg
[2010/07/05 11:48:18 | 000,170,467 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535597842_1666219019_1010373_3420771_n.jpg
[2010/07/04 16:18:41 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010/07/04 13:43:13 | 004,744,640 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\TEXASFLASHLIGHT_.WMV
[2010/07/03 14:59:56 | 006,778,880 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\etax2010_1.msi
[2010/07/02 14:13:11 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/06/26 14:29:51 | 000,506,580 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/26 14:29:51 | 000,425,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/26 14:29:51 | 000,071,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/26 14:28:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010/06/22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/06/22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/06/22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/06/22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/22 02:24:28 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/12 13:39:49 | 000,173,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/06 11:50:20 | 000,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/06/03 11:27:34 | 000,032,397 | ---- | M] () -- C:\WINDOWS\SGTBox.INI
[2010/06/03 10:05:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/30 09:58:30 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/05/14 15:38:45 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/08 10:20:02 | 000,242,897 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Superannuation Information Kit.pdf

========== Files Created - No Company Name ==========

[2010/08/01 18:31:15 | 000,000,161 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\fixme.reg
[2010/08/01 18:31:01 | 000,000,212 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\fixme.zip
[2010/08/01 17:38:44 | 000,462,445 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Silent Runners.vbs
[2010/08/01 17:38:27 | 000,111,115 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Silent Runners.zip
[2010/08/01 14:18:12 | 000,000,481 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\DrWeb.csv
[2010/07/31 22:14:12 | 048,022,216 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\drweb-cureit.exe
[2010/07/31 19:35:24 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\gmer.exe
[2010/07/31 19:34:52 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\gmer.zip
[2010/07/31 15:38:26 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\to use.inf
[2010/07/31 10:16:45 | 000,003,254 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\RegSrch.vbs
[2010/07/31 10:16:08 | 000,001,383 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\RegSrch.zip
[2010/07/26 18:15:33 | 000,051,334 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\29856_1412723292538_1666219019_995475_2027858_n.jpg
[2010/07/23 22:17:42 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SystemLook.exe
[2010/07/23 16:46:42 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2010/07/20 21:50:54 | 000,002,235 | ---- | C] () -- C:\Documents and Settings\Dave\avgrep.txt
[2010/07/20 20:45:14 | 000,012,395 | ---- | C] () -- C:\Documents and Settings\Dave\hs_err_pid3200.log
[2010/07/19 20:10:44 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\vso_ts_preview.xml
[2010/07/17 13:11:18 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/16 16:07:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSPublisher_Quark Converter.INI
[2010/07/16 15:45:35 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2010/07/16 15:37:42 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2010/07/15 16:18:17 | 001,778,547 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\DemolitionCall1.wmv
[2010/07/08 16:27:26 | 004,054,198 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Mitre 10 Advert.wmv
[2010/07/05 13:02:21 | 000,058,257 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9055.jpg
[2010/07/05 12:59:28 | 000,097,912 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9-1.jpg
[2010/07/05 12:41:36 | 000,064,813 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_905554_8123457_n.jpg
[2010/07/05 12:08:43 | 000,074,169 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31856_1416476466365_1666219019_1004698_8228200_n.jpg
[2010/07/05 11:48:23 | 000,181,419 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535677844_1666219019_1010374_2621558_n.jpg
[2010/07/05 11:48:18 | 000,170,467 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535597842_1666219019_1010373_3420771_n.jpg
[2010/07/04 16:18:41 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash
[2010/07/04 13:42:35 | 004,744,640 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\TEXASFLASHLIGHT_.WMV
[2010/07/03 16:08:06 | 000,109,184 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.TAX
[2010/07/03 16:08:06 | 000,108,120 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.BAK
[2010/07/03 16:07:13 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\e-tax 2010.lnk
[2010/07/03 14:59:16 | 006,778,880 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\etax2010_1.msi
[2010/06/26 14:28:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010/06/06 11:50:20 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/05/14 15:38:45 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/08 10:20:02 | 000,242,897 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Superannuation Information Kit.pdf
[2010/02/15 16:54:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/30 14:44:55 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2009/12/01 17:42:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6e.DLL
[2009/10/19 20:06:48 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/07/04 14:14:28 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2009/07/04 14:09:29 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2009/05/04 17:00:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/28 07:39:51 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/04/18 13:59:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/10 15:05:45 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/04/10 13:16:51 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/04/10 13:16:39 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2009/04/10 12:15:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

========== LOP Check ==========

[2009/11/07 11:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/06 18:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/05/18 19:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/06/26 13:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009/07/04 12:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/06/06 11:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/07/26 16:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2010/07/26 17:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/25 10:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/07/21 20:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\8926D9C51CB41E81AD43AAED097E3035
[2009/09/23 16:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/19 16:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DVDFab
[2009/12/13 20:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\IrfanView
[2010/07/25 17:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\LimeWire
[2009/08/03 18:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MoveFab
[2010/05/18 18:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nokia
[2010/06/06 10:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nokia Multimedia Player
[2010/04/01 18:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Opera
[2010/05/18 18:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PC Suite
[2010/07/21 18:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Vso
[2010/08/01 21:40:02 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/08/01 14:23:04 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
< End of report >