Delete that version and download the latest. My original link should still work.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
psuk0110 0 Light Poster
ComboFix 10-05-15.01 - Dosah 05/15/2010 20:17:51.7.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2644 [GMT -7:00]
Running from: c:\users\Dosah\Documents\Downloads\ComboFix.exe
Command switches used :: c:\users\Dosah\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\st325614.dll
.
((((((((((((((((((((((((( Files Created from 2010-04-16 to 2010-05-16 )))))))))))))))))))))))))))))))
.
2010-05-16 03:23 . 2010-05-16 03:25 -------- d-----w- c:\users\Dosah\AppData\Local\temp
2010-05-16 03:23 . 2010-05-16 03:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-16 03:13 . 2010-05-16 03:14 -------- d-----w- C:\32788R22FWJFW
2010-05-15 01:54 . 2010-05-15 01:54 -------- d-----w- c:\users\Dosah\dsc
2010-05-15 01:53 . 2010-05-15 01:54 -------- d-----w- c:\users\Dosah\vw
2010-05-15 01:53 . 2010-05-15 01:53 -------- d-----w- c:\users\Dosah\eMailTrackerPro
2010-05-15 01:53 . 2010-05-15 01:53 -------- d-----w- c:\program files\eMailTrackerPro 2009
2010-05-12 22:00 . 2010-05-12 22:00 -------- d-----w- c:\program files\iPod
2010-05-12 22:00 . 2010-05-12 22:01 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-12 22:00 . 2010-05-12 22:01 -------- d-----w- c:\program files\iTunes
2010-05-12 22:00 . 2010-05-12 22:00 -------- d-----w- c:\users\Dosah\AppData\Local\Apple Computer
2010-05-12 21:59 . 2010-05-12 21:59 -------- d-----w- c:\program files\QuickTime
2010-05-12 21:57 . 2010-05-12 21:57 -------- d-----w- c:\program files\Bonjour
2010-05-12 21:45 . 2010-05-12 21:45 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-12 21:31 . 2010-05-12 21:31 -------- d-----w- c:\users\Dosah\AppData\Local\Apple
2010-05-12 03:56 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 19:02 . 2010-05-14 19:47 -------- d-----w- c:\users\Dosah\AppData\Local\Adobe
2010-05-04 01:25 . 2010-05-04 01:25 -------- d-----w- C:\_OTL
2010-04-29 06:37 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-29 06:37 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-29 06:37 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-24 18:52 . 2010-04-24 18:52 -------- d-----w- c:\program files\CCleaner
2010-04-22 21:04 . 2010-04-22 21:04 -------- d-----w- c:\program files\Trend Micro
2010-04-21 20:10 . 2010-04-21 20:11 -------- d-----w- c:\programdata\SITEguard
2010-04-21 20:09 . 2010-04-24 08:47 -------- d-----w- c:\programdata\STOPzilla!
2010-04-21 20:09 . 2010-04-21 20:09 -------- d-----w- c:\program files\Common Files\iS3
2010-04-21 07:39 . 2010-04-21 07:39 75264 ------w- c:\windows\system32\bbcd.sys
2010-04-21 06:24 . 2010-04-21 06:24 -------- d-----w- c:\windows\Sun
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 23:31 . 2009-12-31 08:45 -------- d-----w- c:\program files\Warcraft III
2010-05-12 22:00 . 2009-12-31 21:40 -------- d-----w- c:\program files\Common Files\Apple
2010-05-12 10:01 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 10:01 . 2009-12-23 19:26 -------- d-----w- c:\programdata\Microsoft Help
2010-05-06 17:36 . 2009-12-22 13:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-29 22:15 . 2010-03-23 02:08 -------- d-----w- c:\program files\DellTPad
2010-04-29 22:15 . 2010-01-09 10:08 -------- d-----w- c:\program files\PowerISO
2010-04-29 22:15 . 2010-01-04 03:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-24 18:53 . 2010-03-02 11:10 -------- d-----w- c:\program files\Cakewalk
2010-04-24 16:21 . 2009-12-28 09:37 -------- d-----w- c:\users\Dosah\AppData\Roaming\uTorrent
2010-04-21 22:36 . 2009-12-23 00:08 194115 ----a-w- c:\users\Dosah\AppData\Roaming\nvModes.dat
2010-04-21 20:22 . 2010-03-02 11:10 -------- d-----w- c:\programdata\Cakewalk
2010-04-12 21:15 . 2010-04-12 21:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-08 06:45 . 2010-04-08 06:45 -------- d-----w- c:\users\Dosah\AppData\Roaming\Publish Providers
2010-04-08 06:45 . 2010-04-08 06:45 -------- d-----w- c:\users\Dosah\AppData\Roaming\NetMedia Providers
2010-04-08 06:20 . 2010-04-08 06:20 -------- d-----w- c:\program files\Sony Setup
2010-04-07 20:42 . 2010-04-01 05:11 -------- d-----w- c:\users\Dosah\AppData\Roaming\PrimoPDF
2010-04-03 21:19 . 2010-04-03 21:19 -------- d-----w- c:\program files\Common Files\Java
2010-04-03 09:31 . 2010-03-22 09:08 -------- d-----w- c:\program files\Java
2010-04-01 21:39 . 2009-12-23 00:37 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-01 05:04 . 2010-04-01 05:04 -------- d-----w- c:\program files\Nitro PDF
2010-03-31 10:17 . 2010-03-03 20:06 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-30 07:46 . 2010-01-04 03:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2010-01-04 03:44 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 18:14 . 2010-01-08 09:59 -------- d-----w- c:\programdata\Research In Motion
2010-03-23 19:33 . 2010-03-23 19:33 -------- d-----w- c:\programdata\Blizzard
2010-03-23 02:08 . 2010-03-23 02:08 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-03-23 02:06 . 2009-12-22 21:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-23 02:05 . 2010-03-23 02:02 -------- d-----w- c:\program files\Broadcom
2010-03-23 02:01 . 2010-03-23 02:01 -------- d-----w- c:\program files\CONEXANT
2010-03-23 02:00 . 2010-03-23 02:00 -------- d-----w- c:\program files\Digital Line Detect
2010-03-22 23:38 . 2010-03-22 23:38 -------- d-----w- c:\program files\Modem Diagnostic Tool
2010-03-22 23:35 . 2010-03-22 23:35 -------- d-----w- c:\users\Dosah\AppData\Roaming\InstallShield
2010-03-22 23:32 . 2010-03-22 23:32 -------- d-----w- c:\program files\WIDCOMM
2010-03-18 04:40 . 2010-03-18 03:45 -------- d-----w- c:\programdata\Webex
2010-03-18 03:45 . 2010-03-18 03:45 99208 ----a-w- c:\programdata\Webex\ieatgpc.dll
2010-03-18 03:45 . 2010-03-18 03:45 95312 ----a-w- c:\programdata\Webex\atgpcexe.dll
2010-03-18 03:45 . 2010-03-18 03:45 28472 ----a-w- c:\programdata\Webex\atgpcdec.dll
2010-03-18 03:45 . 2010-03-18 03:45 185224 ----a-w- c:\programdata\Webex\atgpcext.dll
2010-03-18 03:45 . 2010-03-18 03:45 151 ----a-w- c:\programdata\Webex\reggpc.bat
2010-03-18 03:45 . 2010-03-18 03:45 111928 ----a-w- c:\programdata\Webex\atstart.exe
2010-03-18 03:45 . 2010-03-18 03:45 103736 ----a-w- c:\programdata\Webex\atmgr.exe
2010-03-09 11:28 . 2010-03-22 09:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 21:33 . 2010-04-15 01:36 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-02 11:35 . 2009-12-22 20:33 109216 ----a-w- c:\users\Dosah\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-27 12:07 . 2010-04-15 01:36 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07 . 2010-04-15 01:36 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 07:32 . 2010-04-15 01:36 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-15 01:36 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-15 01:36 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 07:56 . 2010-03-31 00:00 977920 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Google Update"="c:\users\Dosah\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-11 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-07-02 20:29 159744 ----a-w- c:\program files\DellTPad\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2006-01-30 16:00 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.exe
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-28 691696]
S1 bbcd;bbcd;c:\windows\system32\bbcd.sys [2010-04-21 75264]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
.
Contents of the 'Scheduled Tasks' folder
2010-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2582532038-2839803696-2113591094-1001Core.job
- c:\users\Dosah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11 06:19]
2010-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2582532038-2839803696-2113591094-1001UA.job
- c:\users\Dosah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11 06:19]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Dosah\AppData\Roaming\Mozilla\Firefox\Profiles\uxl7anj7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\Dosah\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Dosah\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,fc,83,4e,0c,fe,89,45,8d,a7,48,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,fc,83,4e,0c,fe,89,45,8d,a7,48,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(1380)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-05-15 20:29:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-16 03:29
ComboFix2.txt 2010-05-04 22:09
ComboFix3.txt 2010-05-04 01:12
ComboFix4.txt 2010-05-02 05:48
ComboFix5.txt 2010-05-16 03:14
Pre-Run: 21,302,411,264 bytes free
Post-Run: 21,249,196,032 bytes free
- - End Of File - - E31E4C79C68872F369873711DD4E4488
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Any change?
psuk0110 0 Light Poster
no
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Can you go to C:\windows\system32\drivers\etc\ and post the contents of the Hosts file there.
psuk0110 0 Light Poster
hosts
Imhosts.sam
networks
protocol
services
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
I need the contents of the Hosts file, not the contents of the etc folder.
psuk0110 0 Light Poster
127.0.0.1 localhost
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample LMHOSTS file used by the Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to computernames
# (NetBIOS) names. Each entry should be kept on an individual line.
# The IP address should be placed in the first column followed by the
# corresponding computername. The address and the computername
# should be separated by at least one space or tab. The "#" character
# is generally used to denote the start of a comment (see the exceptions
# below).
#
# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
# files and offers the following extensions:
#
# #PRE
# #DOM:<domain>
# #INCLUDE <filename>
# #BEGIN_ALTERNATE
# #END_ALTERNATE
# \0xnn (non-printing character support)
#
# Following any entry in the file with the characters "#PRE" will cause
# the entry to be preloaded into the name cache. By default, entries are
# not preloaded, but are parsed only after dynamic name resolution fails.
#
# Following an entry with the "#DOM:<domain>" tag will associate the
# entry with the domain specified by <domain>. This affects how the
# browser and logon services behave in TCP/IP environments. To preload
# the host name associated with #DOM entry, it is necessary to also add a
# #PRE to the line. The <domain> is always preloaded although it will not
# be shown when the name cache is viewed.
#
# Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)
# software to seek the specified <filename> and parse it as if it were
# local. <filename> is generally a UNC-based name, allowing a
# centralized lmhosts file to be maintained on a server.
# It is ALWAYS necessary to provide a mapping for the IP address of the
# server prior to the #INCLUDE. This mapping must use the #PRE directive.
# In addtion the share "public" in the example below must be in the
# LanManServer list of "NullSessionShares" in order for client machines to
# be able to read the lmhosts file successfully. This key is under
# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
# in the registry. Simply add "public" to the list found there.
#
# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
# statements to be grouped together. Any single successful include
# will cause the group to succeed.
#
# Finally, non-printing characters can be embedded in mappings by
# first surrounding the NetBIOS name in quotations, then using the
# \0xnn notation to specify a hex value for a non-printing character.
#
# The following example illustrates all of these extensions:
#
# 102.54.94.97 rhino #PRE #DOM:networking #net group's DC
# 102.54.94.102 "appname \0x14" #special app server
# 102.54.94.123 popular #PRE #source server
# 102.54.94.117 localsrv #PRE #needed for the include
#
# #BEGIN_ALTERNATE
# #INCLUDE \\localsrv\public\lmhosts
# #INCLUDE \\rhino\public\lmhosts
# #END_ALTERNATE
#
# In the above example, the "appname" server contains a special
# character in its name, the "popular" and "localsrv" server names are
# preloaded, and the "rhino" server name is specified so it can be used
# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
# system is unavailable.
#
# Note that the whole file is parsed including comments on each lookup,
# so keeping the number of comments to a minimum will improve performance.
# Therefore it is not advisable to simply add lmhosts file entries onto the
# end of this file.
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This file contains network name/network number mappings for
# local networks. Network numbers are recognized in dotted decimal form.
#
# Format:
#
# <network name> <network number> [aliases...] [#<comment>]
#
# For example:
#
# loopback 127
# campus 284.122.107
# london 284.122.108
loopback 127
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This file contains the Internet protocols as defined by various
# RFCs. See http://www.iana.org/assignments/protocol-numbers
#
# Format:
#
# <protocol name> <assigned number> [aliases...] [#<comment>]
ip 0 IP # Internet protocol
icmp 1 ICMP # Internet control message protocol
ggp 3 GGP # Gateway-gateway protocol
tcp 6 TCP # Transmission control protocol
egp 8 EGP # Exterior gateway protocol
pup 12 PUP # PARC universal packet protocol
udp 17 UDP # User datagram protocol
hmp 20 HMP # Host monitoring protocol
xns-idp 22 XNS-IDP # Xerox NS IDP
rdp 27 RDP # "reliable datagram" protocol
ipv6 41 IPv6 # Internet protocol IPv6
ipv6-route 43 IPv6-Route # Routing header for IPv6
ipv6-frag 44 IPv6-Frag # Fragment header for IPv6
esp 50 ESP # Encapsulating security payload
ah 51 AH # Authentication header
ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6
ipv6-nonxt 59 IPv6-NoNxt # No next header for IPv6
ipv6-opts 60 IPv6-Opts # Destination options for IPv6
rvd 66 RVD # MIT remote virtual disk
# Copyright (c) 1993-2004 Microsoft Corp.
#
# This file contains port numbers for well-known services defined by IANA
#
# Format:
#
# <service name> <port number>/<protocol> [aliases...] [#<comment>]
#
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users #Active users
systat 11/udp users #Active users
daytime 13/tcp
daytime 13/udp
qotd 17/tcp quote #Quote of the day
qotd 17/udp quote #Quote of the day
chargen 19/tcp ttytst source #Character generator
chargen 19/udp ttytst source #Character generator
ftp-data 20/tcp #FTP, data
ftp 21/tcp #FTP. control
ssh 22/tcp #SSH Remote Login Protocol
telnet 23/tcp
smtp 25/tcp mail #Simple Mail Transfer Protocol
time 37/tcp timserver
time 37/udp timserver
rlp 39/udp resource #Resource Location Protocol
nameserver 42/tcp name #Host Name Server
nameserver 42/udp name #Host Name Server
nicname 43/tcp whois
domain 53/tcp #Domain Name Server
domain 53/udp #Domain Name Server
bootps 67/udp dhcps #Bootstrap Protocol Server
bootpc 68/udp dhcpc #Bootstrap Protocol Client
tftp 69/udp #Trivial File Transfer
gopher 70/tcp
finger 79/tcp
http 80/tcp www www-http #World Wide Web
hosts2-ns 81/tcp #HOSTS2 Name Server
hosts2-ns 81/udp #HOSTS2 Name Server
kerberos 88/tcp krb5 kerberos-sec #Kerberos
kerberos 88/udp krb5 kerberos-sec #Kerberos
hostname 101/tcp hostnames #NIC Host Name Server
iso-tsap 102/tcp #ISO-TSAP Class 0
rtelnet 107/tcp #Remote Telnet Service
pop2 109/tcp postoffice #Post Office Protocol - Version 2
pop3 110/tcp #Post Office Protocol - Version 3
sunrpc 111/tcp rpcbind portmap #SUN Remote Procedure Call
sunrpc 111/udp rpcbind portmap #SUN Remote Procedure Call
auth 113/tcp ident tap #Identification Protocol
uucp-path 117/tcp
sqlserv 118/tcp #SQL Services
nntp 119/tcp usenet #Network News Transfer Protocol
ntp 123/udp #Network Time Protocol
epmap 135/tcp loc-srv #DCE endpoint resolution
epmap 135/udp loc-srv #DCE endpoint resolution
netbios-ns 137/tcp nbname #NETBIOS Name Service
netbios-ns 137/udp nbname #NETBIOS Name Service
netbios-dgm 138/udp nbdatagram #NETBIOS Datagram Service
netbios-ssn 139/tcp nbsession #NETBIOS Session Service
imap 143/tcp imap4 #Internet Message Access Protocol
sql-net 150/tcp
sqlsrv 156/tcp
pcmail-srv 158/tcp #PCMail Server
snmp 161/udp #SNMP
snmptrap 162/udp snmp-trap #SNMP trap
print-srv 170/tcp #Network PostScript
bgp 179/tcp #Border Gateway Protocol
irc 194/tcp #Internet Relay Chat Protocol
ipx 213/udp #IPX over IP
rtsps 322/tcp
rtsps 322/udp
mftp 349/tcp
mftp 349/udp
ldap 389/tcp #Lightweight Directory Access Protocol
https 443/tcp MCom #HTTP over TLS/SSL
https 443/udp MCom #HTTP over TLS/SSL
microsoft-ds 445/tcp
microsoft-ds 445/udp
kpasswd 464/tcp # Kerberos (v5)
kpasswd 464/udp # Kerberos (v5)
isakmp 500/udp ike #Internet Key Exchange
crs 507/tcp #Content Replication System
crs 507/udp #Content Replication System
exec 512/tcp #Remote Process Execution
biff 512/udp comsat
login 513/tcp #Remote Login
who 513/udp whod
cmd 514/tcp shell
syslog 514/udp
printer 515/tcp spooler
talk 517/udp
ntalk 518/udp
efs 520/tcp #Extended File Name Server
router 520/udp route routed
ulp 522/tcp
ulp 522/udp
timed 525/udp timeserver
tempo 526/tcp newdate
irc-serv 529/tcp
irc-serv 529/udp
courier 530/tcp rpc
conference 531/tcp chat
netnews 532/tcp readnews
netwall 533/udp #For emergency broadcasts
uucp 540/tcp uucpd
klogin 543/tcp #Kerberos login
kshell 544/tcp krcmd #Kerberos remote shell
dhcpv6-client 546/tcp #DHCPv6 Client
dhcpv6-client 546/udp #DHCPv6 Client
dhcpv6-server 547/tcp #DHCPv6 Server
dhcpv6-server 547/udp #DHCPv6 Server
afpovertcp 548/tcp #AFP over TCP
afpovertcp 548/udp #AFP over TCP
new-rwho 550/udp new-who
rtsp 554/tcp #Real Time Stream Control Protocol
rtsp 554/udp #Real Time Stream Control Protocol
remotefs 556/tcp rfs rfs_server
rmonitor 560/udp rmonitord
monitor 561/udp
nntps 563/tcp snntp #NNTP over TLS/SSL
nntps 563/udp snntp #NNTP over TLS/SSL
whoami 565/tcp
whoami 565/udp
ms-shuttle 568/tcp #Microsoft shuttle
ms-shuttle 568/udp #Microsoft shuttle
ms-rome 569/tcp #Microsoft rome
ms-rome 569/udp #Microsoft rome
http-rpc-epmap 593/tcp #HTTP RPC Ep Map
http-rpc-epmap 593/udp #HTTP RPC Ep Map
hmmp-ind 612/tcp #HMMP Indication
hmmp-ind 612/udp #HMMP Indication
hmmp-op 613/tcp #HMMP Operation
hmmp-op 613/udp #HMMP Operation
ldaps 636/tcp sldap #LDAP over TLS/SSL
doom 666/tcp #Doom Id Software
doom 666/udp #Doom Id Software
msexch-routing 691/tcp #MS Exchange Routing
msexch-routing 691/udp #MS Exchange Routing
kerberos-adm 749/tcp #Kerberos administration
kerberos-adm 749/udp #Kerberos administration
kerberos-iv 750/udp #Kerberos version IV
mdbs_daemon 800/tcp
mdbs_daemon 800/udp
ftps-data 989/tcp #FTP data, over TLS/SSL
ftps 990/tcp #FTP control, over TLS/SSL
telnets 992/tcp #Telnet protocol over TLS/SSL
imaps 993/tcp #IMAP4 protocol over TLS/SSL
ircs 994/tcp #IRC protocol over TLS/SSL
pop3s 995/tcp spop3 #pop3 protocol over TLS/SSL (was spop3)
pop3s 995/udp spop3 #pop3 protocol over TLS/SSL (was spop3)
kpop 1109/tcp #Kerberos POP
nfsd-status 1110/tcp #Cluster status info
nfsd-keepalive 1110/udp #Client status info
nfa 1155/tcp #Network File Access
nfa 1155/udp #Network File Access
activesync 1034/tcp #ActiveSync Notifications
phone 1167/udp #Conference calling
opsmgr 1270/tcp #Microsoft Operations Manager
opsmgr 1270/udp #Microsoft Operations Manager
ms-sql-s 1433/tcp #Microsoft-SQL-Server
ms-sql-s 1433/udp #Microsoft-SQL-Server
ms-sql-m 1434/tcp #Microsoft-SQL-Monitor
ms-sql-m 1434/udp #Microsoft-SQL-Monitor
ms-sna-server 1477/tcp
ms-sna-server 1477/udp
ms-sna-base 1478/tcp
ms-sna-base 1478/udp
wins 1512/tcp #Microsoft Windows Internet Name Service
wins 1512/udp #Microsoft Windows Internet Name Service
ingreslock 1524/tcp ingres
stt 1607/tcp
stt 1607/udp
l2tp 1701/udp #Layer Two Tunneling Protocol
pptconference 1711/tcp
pptconference 1711/udp
pptp 1723/tcp #Point-to-point tunnelling protocol
msiccp 1731/tcp
msiccp 1731/udp
remote-winsock 1745/tcp
remote-winsock 1745/udp
ms-streaming 1755/tcp
ms-streaming 1755/udp
msmq 1801/tcp #Microsoft Message Queue
msmq 1801/udp #Microsoft Message Queue
radius 1812/udp #RADIUS authentication protocol
radacct 1813/udp #RADIUS accounting protocol
msnp 1863/tcp
msnp 1863/udp
ssdp 1900/tcp
ssdp 1900/udp
close-combat 1944/tcp
close-combat 1944/udp
nfsd 2049/udp nfs #NFS server
knetd 2053/tcp #Kerberos de-multiplexor
mzap 2106/tcp #Multicast-Scope Zone Announcement Protocol
mzap 2106/udp #Multicast-Scope Zone Announcement Protocol
qwave 2177/tcp #QWAVE
qwave 2177/udp #QWAVE Experiment Port
directplay 2234/tcp #DirectPlay
directplay 2234/udp #DirectPlay
ms-olap3 2382/tcp #Microsoft OLAP 3
ms-olap3 2382/udp #Microsoft OLAP 3
ms-olap4 2383/tcp #Microsoft OLAP 4
ms-olap4 2383/udp #Microsoft OLAP 4
ms-olap1 2393/tcp #Microsoft OLAP 1
ms-olap1 2393/udp #Microsoft OLAP 1
ms-olap2 2394/tcp #Microsoft OLAP 2
ms-olap2 2394/udp #Microsoft OLAP 2
ms-theater 2460/tcp
ms-theater 2460/udp
wlbs 2504/tcp #Microsoft Windows Load Balancing Server
wlbs 2504/udp #Microsoft Windows Load Balancing Server
ms-v-worlds 2525/tcp #Microsoft V-Worlds
ms-v-worlds 2525/udp #Microsoft V-Worlds
sms-rcinfo 2701/tcp #SMS RCINFO
sms-rcinfo 2701/udp #SMS RCINFO
sms-xfer 2702/tcp #SMS XFER
sms-xfer 2702/udp #SMS XFER
sms-chat 2703/tcp #SMS CHAT
sms-chat 2703/udp #SMS CHAT
sms-remctrl 2704/tcp #SMS REMCTRL
sms-remctrl 2704/udp #SMS REMCTRL
msolap-ptp2 2725/tcp #MSOLAP PTP2
msolap-ptp2 2725/udp #MSOLAP PTP2
icslap 2869/tcp
icslap 2869/udp
cifs 3020/tcp
cifs 3020/udp
xbox 3074/tcp #Microsoft Xbox game port
xbox 3074/udp #Microsoft Xbox game port
ms-dotnetster 3126/tcp #Microsoft .NET ster port
ms-dotnetster 3126/udp #Microsoft .NET ster port
ms-rule-engine 3132/tcp #Microsoft Business Rule Engine Update Service
ms-rule-engine 3132/udp #Microsoft Business Rule Engine Update Service
msft-gc 3268/tcp #Microsoft Global Catalog
msft-gc 3268/udp #Microsoft Global Catalog
msft-gc-ssl 3269/tcp #Microsoft Global Catalog with LDAP/SSL
msft-gc-ssl 3269/udp #Microsoft Global Catalog with LDAP/SSL
ms-cluster-net 3343/tcp #Microsoft Cluster Net
ms-cluster-net 3343/udp #Microsoft Cluster Net
ms-wbt-server 3389/tcp #MS WBT Server
ms-wbt-server 3389/udp #MS WBT Server
ms-la 3535/tcp #Microsoft Class Server
ms-la 3535/udp #Microsoft Class Server
pnrp-port 3540/tcp #PNRP User Port
pnrp-port 3540/udp #PNRP User Port
teredo 3544/tcp #Teredo Port
teredo 3544/udp #Teredo Port
p2pgroup 3587/tcp #Peer to Peer Grouping
p2pgroup 3587/udp #Peer to Peer Grouping
ws-discovery 3702/udp #WS-Discovery
ws-discovery 3702/tcp #WS-Discovery
dvcprov-port 3776/tcp #Device Provisioning Port
dvcprov-port 3776/udp #Device Provisioning Port
msfw-control 3847/tcp #Microsoft Firewall Control
msdts1 3882/tcp #DTS Service Port
sdp-portmapper 3935/tcp #SDP Port Mapper Protocol
sdp-portmapper 3935/udp #SDP Port Mapper Protocol
net-device 4350/tcp #Net Device
net-device 4350/udp #Net Device
ipsec-msft 4500/tcp #Microsoft IPsec NAT-T
ipsec-msft 4500/udp #Microsoft IPsec NAT-T
llmnr 5355/tcp #LLMNR
llmnr 5355/udp #LLMNR
wsd 5357/tcp #Web Services on devices
wsd 5358/tcp #Web Services on devices
rrac 5678/tcp #Remote Replication Agent Connection
rrac 5678/udp #Remote Replication Agent Connection
dccm 5679/tcp #Direct Cable Connect Manager
dccm 5679/udp #Direct Cable Connect Manager
ms-licensing 5720/tcp #Microsoft Licensing
ms-licensing 5720/udp #Microsoft Licensing
directplay8 6073/tcp #DirectPlay8
directplay8 6073/udp #DirectPlay8
man 9535/tcp #Remote Man Server
rasadv 9753/tcp
rasadv 9753/udp
imip-channels 11320/tcp #IMIP Channels Port
imip-channels 11320/udp #IMIP Channels Port
directplaysrvr 47624/tcp #Direct Play Server
directplaysrvr 47624/udp #Direct Play Server
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Confusing the issue here. All I need to see are the contents of the Hosts and nothing else.
Here are the contents of mine to give you an idea;
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
psuk0110 0 Light Poster
Sorry, this is it
127.0.0.1 localhost
There is a file called lmhosts, that is more similar to your example. ill post that as well
# Following an entry with the "#DOM:<domain>" tag will associate the
# entry with the domain specified by <domain>. This affects how the
# browser and logon services behave in TCP/IP environments. To preload
# the host name associated with #DOM entry, it is necessary to also add a
# #PRE to the line. The <domain> is always preloaded although it will not
# be shown when the name cache is viewed.
#
# Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)
# software to seek the specified <filename> and parse it as if it were
# local. <filename> is generally a UNC-based name, allowing a
# centralized lmhosts file to be maintained on a server.
# It is ALWAYS necessary to provide a mapping for the IP address of the
# server prior to the #INCLUDE. This mapping must use the #PRE directive.
# In addtion the share "public" in the example below must be in the
# LanManServer list of "NullSessionShares" in order for client machines to
# be able to read the lmhosts file successfully. This key is under
# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
# in the registry. Simply add "public" to the list found there.
#
# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
# statements to be grouped together. Any single successful include
# will cause the group to succeed.
#
# Finally, non-printing characters can be embedded in mappings by
# first surrounding the NetBIOS name in quotations, then using the
# \0xnn notation to specify a hex value for a non-printing character.
#
# The following example illustrates all of these extensions:
#
# 102.54.94.97 rhino #PRE #DOM:networking #net group's DC
# 102.54.94.102 "appname \0x14" #special app server
# 102.54.94.123 popular #PRE #source server
# 102.54.94.117 localsrv #PRE #needed for the include
#
# #BEGIN_ALTERNATE
# #INCLUDE \\localsrv\public\lmhosts
# #INCLUDE \\rhino\public\lmhosts
# #END_ALTERNATE
#
# In the above example, the "appname" server contains a special
# character in its name, the "popular" and "localsrv" server names are
# preloaded, and the "rhino" server name is specified so it can be used
# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
# system is unavailable.
#
# Note that the whole file is parsed including comments on each lookup,
# so keeping the number of comments to a minimum will improve performance.
# Therefore it is not advisable to simply add lmhosts file entries onto the
# end of this file.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Download the HostsXpert.
Run it and press "Restore M$ Hosts File" and press "OK". Exit Program.
Go here and download then run Silent Runners.vbs. Right click on the download link and select Save Target As. Save it to the desktop or to a folder in a permanent directory. It generates a log which will be created in the same folder you are running it from. Please post the information back in this thread.
If you have a script blocking program, please allow the file to run. It is not malicious.
psuk0110 0 Light Poster
the hostsxpert is not working
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
What happens?
psuk0110 0 Light Poster
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
And that is where you will find the download.
http://www.funkytoad.com/index.php?option=com_content&task=view&id=13&Itemid=
psuk0110 0 Light Poster
"Silent Runners.vbs", revision 61, http://www.silentrunners.org/
Operating System: Windows 7
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"RESTART_STICKY_NOTES" = "C:\Windows\System32\StikyNot.exe" [MS]
"Google Update" = ""C:\Users\Dosah\AppData\Local\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]
"SunJavaUpdateSched" = ""C:\Program Files\Common Files\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = "{99FD978C-D287-4F50-827F-B2C658EDA8E7}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = "{920E6DB1-9907-4370-B3A0-BAFC03D81399}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = "{16F3DD56-1AF5-4347-846D-7C10C4192619}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
"{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\Windows\system32\btncopy.dll" ["Broadcom Corporation."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
<<!>> grooveLocalGWS\CLSID = "{88FED34C-F0CA-4636-A375-3CB6248B04CD}"
-> {HKLM...CLSID} = "Local Groove Web Services Protocol"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll" [MS]
<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
-> {HKLM...CLSID} = "HxProtocol Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll" [MS]
<<!>> skype4com\CLSID = "{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}"
-> {HKLM...CLSID} = "IEProtocolHandler Class"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL" ["Skype Technologies"]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
Edited by mike_2000_17 because: Fixed formatting
psuk0110 0 Light Poster
sorry not the full one
<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"
<<!>> HKCU\Software\Classes\.exe\(Default) = "exefile"
<<!>> HKLM\SOFTWARE\Classes\.exe\(Default) = "secfile"
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
"SaveZoneInformation" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Windows Components|Attachment Manager|
Do not preserve zone information in file attachments}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"EnableLUA" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\Dosah\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
ImgBurnBluRayBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleBluRayBurningOnArrival_BuildImage"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\HandleBluRayBurningOnArrival_BuildImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnBluRayBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleBluRayBurningOnArrival_BurnImage"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\HandleBluRayBurningOnArrival_BurnImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnCDBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleCDBurningOnArrival_BuildImage"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BuildImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnCDBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleCDBurningOnArrival_BurnImage"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BurnImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnDVDBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleDVDBurningOnArrival_BuildImage"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BuildImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnDVDBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleDVDBurningOnArrival_BurnImage"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BurnImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnHDDVDBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleHDDVDBurningOnArrival_BuildImage"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BuildImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnHDDVDBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleHDDVDBurningOnArrival_BurnImage"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BurnImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnPlayBluRayOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayBluRayOnArrival_ReadDisc"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\PlayBluRayOnArrival_ReadDisc\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]
ImgBurnPlayCDAudioOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayCDAudioOnArrival_ReadDisc"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\PlayCDAudioOnArrival_ReadDisc\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]
ImgBurnPlayDVDMovieOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayDVDMovieOnArrival_ReadDisc"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\PlayDVDMovieOnArrival_ReadDisc\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]
ImgBurnPlayHDDVDOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayHDDVDOnArrival_ReadDisc"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\PlayHDDVDOnArrival_ReadDisc\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]
iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]
iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]
iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]
iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]
MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd" ["mpc-hc@Sourceforge"]
MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd" ["mpc-hc@Sourceforge"]
MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["mpc-hc@Sourceforge"]
MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["mpc-hc@Sourceforge"]
Startup items in "Dosah" & "All Users" startup folders:
-------------------------------------------------------
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" [file not found]
"QuickSet" -> shortcut to: "C:\Program Files\Dell\QuickSet\quickset.exe" ["Dell Inc."]
Non-disabled Scheduled Tasks:
-----------------------------
C:\Users\Dosah\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
C:\Windows\System32\Tasks
"At1" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At10" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At11" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At12" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At13" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At14" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At15" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At16" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At17" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At18" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At19" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At2" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At20" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At21" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At22" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At23" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At24" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At3" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At4" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At5" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At6" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At7" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At8" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At9" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"GoogleUpdateTaskUserS-1-5-21-2582532038-2839803696-2113591094-1001Core" -> launches: "C:\Users\Dosah\AppData\Local\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-2582532038-2839803696-2113591094-1001UA" -> launches: "C:\Users\Dosah\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"{2276AE87-082B-4AF2-A880-EA0A1AC3013E}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\Dosah\Downloads\win7_1512754.exe -d C:\Users\Dosah\Downloads" [MS]
"{30A3CE94-BC3F-4F0F-BADB-DBC2A650546A}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\Dosah\Desktop\War3TFT_122a_English.exe -d C:\Users\Dosah\Desktop" [MS]
"{5996906B-36BB-4083-96A1-C396C79D799B}" -> launches: "C:\Program Files\Skype\Phone\Skype.exe" ["Skype Technologies S.A."]
C:\Windows\System32\Tasks\Apple
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
C:\Windows\System32\Tasks\Microsoft\Office Genuine Advantage
"OGALogon" -> (HIDDEN!) launches: "C:\Windows\system32\OGAExec.exe /batch" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
"AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"
-> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
"AitAgent" -> launches: "aitagent" [MS]
"ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
"Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
"KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}"
-> {HKLM...CLSID} = "KernelCeipCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS]
"UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}"
-> {HKLM...CLSID} = "UsbCeip"
\InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
"Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}"
-> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Location
"Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
"WinSAT" -> launches: "{A9A33436-678B-4C9C-A211-7CC38785E79D}"
-> {HKLM...CLSID} = "WinSAT Task Manger Task"
\InProcServer32\(Default) = "C:\Windows\system32\WinSATAPI.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
"ActivateWindowsSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch" [MS]
"ConfigureInternetTimeService" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService" [MS]
"DispatchRecoveryTasks" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)" [MS]
"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
"InstallPlayReady" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)" [MS]
"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0)" [MS]
"mcupdate_scheduled" -> launches: "%SystemRoot%\ehome\mcupdate -crl -hms -pscn 15" [MS]
"MediaCenterRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask" [MS]
"ObjectStoreRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask" [MS]
"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)" [MS]
"PBDADiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery" [MS]
"PBDADiscoveryW1" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery" [MS]
"PBDADiscoveryW2" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery" [MS]
"PvrRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask" [MS]
"PvrScheduleTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrSchedule" [MS]
"RegisterSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)" [MS]
"ReindexSearchRoot" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot" [MS]
"SqlLiteRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask" [MS]
"StartRecording" -> launches: "%SystemRoot%\ehome\ehrec /StartRecording" [MS]
"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
"CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]
"DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
-> {HKLM...CLSID} = "HotStart User Agent"
\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
"GatherNetworkInfo" -> launches: "%windir%\system32\gatherNetworkInfo.vbs" [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
"AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
"RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}"
-> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler"
\InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
"MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}"
-> {HKLM...CLSID} = "RasMobilityManager"
\InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
"RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}"
-> {HKLM...CLSID} = "RegistryIdleBackupHandler"
\InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
-> {HKLM...CLSID} = "GadgetsManager Class"
\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
"Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}"
-> {HKLM...CLSID} = "RunTask"
\InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
"IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
"IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
-> {HKLM...CLSID} = "MsCtfMonitor task handler"
\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
"SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
"ValidationTask" -> (HIDDEN!) launches: "%SystemRoot%\system32\Wat\WatAdminSvc.exe /run" [MS]
"ValidationTaskDeadline" -> (HIDDEN!) launches: "%SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
"BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
"UpdateLibrary" -> launches: ""%ProgramFiles%\Windows Media Player\wmpnscfg.exe"" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
"ConfigNotification" -> launches: "%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Defender
"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan" [MS]
C:\Windows\System32\Tasks\WPD
"SqmUpload_S-1-5-21-2582532038-2839803696-2113591094-1001" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe portabledeviceapi.dll,#1" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
000000000008\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 33
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Send to OneNote"
"MenuText" = "S&end to OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-12650"
"Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Andrea ST Filters Service, AESTFilters, "C:\Windows\system32\aestsrv.exe" ["Andrea Electronics Corporation"]
Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"" ["Apple Inc."]
Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
SigmaTel Audio Service, STacSV, "C:\Windows\system32\STacSV.exe" ["IDT, Inc."]
XAudioService, XAudioService, "C:\Windows\system32\DRIVERS\xaudio.exe" ["Conexant Systems, Inc."]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
HPLJ1018LM\Driver = "ZLhp1018.DLL" ["Zenographics, Inc."]
PrimoMon\Driver = "Primomonnt.dll" [null data]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]
---------- (launch time: 2010-05-25 14:10:06)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 60 seconds, including 14 seconds for message boxes)
Edited by mike_2000_17 because: Fixed formatting
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Any chance you can run it again, but this time when you save the log, uncheck "wordwrap" in notepad.
psuk0110 0 Light Poster
"Silent Runners.vbs", revision 61, [url]http://www.silentrunners.org/[/url]
Operating System: Windows 7
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"RESTART_STICKY_NOTES" = "C:\Windows\System32\StikyNot.exe" [MS]
"Google Update" = ""C:\Users\Dosah\AppData\Local\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]
"SunJavaUpdateSched" = ""C:\Program Files\Common Files\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = "{99FD978C-D287-4F50-827F-B2C658EDA8E7}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = "{920E6DB1-9907-4370-B3A0-BAFC03D81399}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = "{16F3DD56-1AF5-4347-846D-7C10C4192619}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
"{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\Windows\system32\btncopy.dll" ["Broadcom Corporation."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
<<!>> grooveLocalGWS\CLSID = "{88FED34C-F0CA-4636-A375-3CB6248B04CD}"
-> {HKLM...CLSID} = "Local Groove Web Services Protocol"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll" [MS]
<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
-> {HKLM...CLSID} = "HxProtocol Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll" [MS]
<<!>> skype4com\CLSID = "{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}"
-> {HKLM...CLSID} = "IEProtocolHandler Class"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL" ["Skype Technologies"]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\
Monitor\(Default) = "{7842554E-6BED-11D2-8CDB-B05550C10000}"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\Windows\system32\btncopy.dll" ["Broadcom Corporation."]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
NvCplDesktopContext\(Default) = "{A70C977A-BF00-412C-90B7-034C51DA2439}"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
Default executables:
--------------------
<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"
<<!>> HKCU\Software\Classes\.exe\(Default) = "exefile"
<<!>> HKLM\SOFTWARE\Classes\.exe\(Default) = "secfile"
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
"SaveZoneInformation" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Windows Components|Attachment Manager|
Do not preserve zone information in file attachments}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"EnableLUA" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\Dosah\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
ImgBurnBluRayBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleBluRayBurningOnArrival_BuildImage"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\HandleBluRayBurningOnArrival_BuildImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnBluRayBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleBluRayBurningOnArrival_BurnImage"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\HandleBluRayBurningOnArrival_BurnImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnCDBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleCDBurningOnArrival_BuildImage"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BuildImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnCDBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleCDBurningOnArrival_BurnImage"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BurnImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnDVDBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleDVDBurningOnArrival_BuildImage"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BuildImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnDVDBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleDVDBurningOnArrival_BurnImage"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BurnImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnHDDVDBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleHDDVDBurningOnArrival_BuildImage"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BuildImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnHDDVDBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleHDDVDBurningOnArrival_BurnImage"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BurnImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnPlayBluRayOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayBluRayOnArrival_ReadDisc"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\PlayBluRayOnArrival_ReadDisc\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]
ImgBurnPlayCDAudioOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayCDAudioOnArrival_ReadDisc"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\PlayCDAudioOnArrival_ReadDisc\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]
ImgBurnPlayDVDMovieOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayDVDMovieOnArrival_ReadDisc"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\PlayDVDMovieOnArrival_ReadDisc\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]
ImgBurnPlayHDDVDOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayHDDVDOnArrival_ReadDisc"
HKCU\Software\Classes\ImgBurn.AutoPlay.1\shell\PlayHDDVDOnArrival_ReadDisc\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]
iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]
iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]
iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]
iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]
MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd" ["mpc-hc@Sourceforge"]
MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd" ["mpc-hc@Sourceforge"]
MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["mpc-hc@Sourceforge"]
MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["mpc-hc@Sourceforge"]
Startup items in "Dosah" & "All Users" startup folders:
-------------------------------------------------------
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" [file not found]
"QuickSet" -> shortcut to: "C:\Program Files\Dell\QuickSet\quickset.exe" ["Dell Inc."]
Non-disabled Scheduled Tasks:
-----------------------------
C:\Users\Dosah\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
C:\Windows\System32\Tasks
"At1" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At10" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At11" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At12" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At13" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At14" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At15" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At16" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At17" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At18" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At19" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At2" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At20" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At21" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At22" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At23" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At24" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At3" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At4" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At5" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At6" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At7" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At8" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"At9" -> launches: "C:\ProgramData\Hxo7P0qj.exe" [file not found]
"GoogleUpdateTaskUserS-1-5-21-2582532038-2839803696-2113591094-1001Core" -> launches: "C:\Users\Dosah\AppData\Local\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-2582532038-2839803696-2113591094-1001UA" -> launches: "C:\Users\Dosah\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"{2276AE87-082B-4AF2-A880-EA0A1AC3013E}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\Dosah\Downloads\win7_1512754.exe -d C:\Users\Dosah\Downloads" [MS]
"{30A3CE94-BC3F-4F0F-BADB-DBC2A650546A}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\Dosah\Desktop\War3TFT_122a_English.exe -d C:\Users\Dosah\Desktop" [MS]
"{5996906B-36BB-4083-96A1-C396C79D799B}" -> launches: "C:\Program Files\Skype\Phone\Skype.exe" ["Skype Technologies S.A."]
C:\Windows\System32\Tasks\Apple
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
C:\Windows\System32\Tasks\Microsoft\Office Genuine Advantage
"OGALogon" -> (HIDDEN!) launches: "C:\Windows\system32\OGAExec.exe /batch" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
"AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"
-> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
"AitAgent" -> launches: "aitagent" [MS]
"ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
"Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
"KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}"
-> {HKLM...CLSID} = "KernelCeipCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS]
"UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}"
-> {HKLM...CLSID} = "UsbCeip"
\InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
"Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}"
-> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Location
"Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
"WinSAT" -> launches: "{A9A33436-678B-4C9C-A211-7CC38785E79D}"
-> {HKLM...CLSID} = "WinSAT Task Manger Task"
\InProcServer32\(Default) = "C:\Windows\system32\WinSATAPI.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
"ActivateWindowsSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch" [MS]
"ConfigureInternetTimeService" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService" [MS]
"DispatchRecoveryTasks" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)" [MS]
"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
"InstallPlayReady" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)" [MS]
"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0)" [MS]
"mcupdate_scheduled" -> launches: "%SystemRoot%\ehome\mcupdate -crl -hms -pscn 15" [MS]
"MediaCenterRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask" [MS]
"ObjectStoreRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask" [MS]
"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)" [MS]
"PBDADiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery" [MS]
"PBDADiscoveryW1" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery" [MS]
"PBDADiscoveryW2" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery" [MS]
"PvrRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask" [MS]
"PvrScheduleTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrSchedule" [MS]
"RegisterSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)" [MS]
"ReindexSearchRoot" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot" [MS]
"SqlLiteRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask" [MS]
"StartRecording" -> launches: "%SystemRoot%\ehome\ehrec /StartRecording" [MS]
"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
"CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]
"DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
-> {HKLM...CLSID} = "HotStart User Agent"
\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
"GatherNetworkInfo" -> launches: "%windir%\system32\gatherNetworkInfo.vbs" [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
"AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
"RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}"
-> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler"
\InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
"MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}"
-> {HKLM...CLSID} = "RasMobilityManager"
\InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
"RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}"
-> {HKLM...CLSID} = "RegistryIdleBackupHandler"
\InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
-> {HKLM...CLSID} = "GadgetsManager Class"
\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
"Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}"
-> {HKLM...CLSID} = "RunTask"
\InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
"IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
"IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
-> {HKLM...CLSID} = "MsCtfMonitor task handler"
\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
"SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
"ValidationTask" -> (HIDDEN!) launches: "%SystemRoot%\system32\Wat\WatAdminSvc.exe /run" [MS]
"ValidationTaskDeadline" -> (HIDDEN!) launches: "%SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
"BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
"UpdateLibrary" -> launches: ""%ProgramFiles%\Windows Media Player\wmpnscfg.exe"" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
"ConfigNotification" -> launches: "%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Defender
"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan" [MS]
C:\Windows\System32\Tasks\WPD
"SqmUpload_S-1-5-21-2582532038-2839803696-2113591094-1001" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe portabledeviceapi.dll,#1" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
000000000008\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 33
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Send to OneNote"
"MenuText" = "S&end to OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-12650"
"Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Andrea ST Filters Service, AESTFilters, "C:\Windows\system32\aestsrv.exe" ["Andrea Electronics Corporation"]
Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"" ["Apple Inc."]
Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
SigmaTel Audio Service, STacSV, "C:\Windows\system32\STacSV.exe" ["IDT, Inc."]
XAudioService, XAudioService, "C:\Windows\system32\DRIVERS\xaudio.exe" ["Conexant Systems, Inc."]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
HPLJ1018LM\Driver = "ZLhp1018.DLL" ["Zenographics, Inc."]
PrimoMon\Driver = "Primomonnt.dll" [null data]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]
---------- (launch time: 2010-05-25 22:15:46)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 57 seconds, including 6 seconds for message boxes)
Edited by mike_2000_17 because: Fixed formatting
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
I am not seeing anything amiss in that log. Can you try disabling all extensions and add-ons in FireFox and see if the problem still exists.
If no different, what are the chances of downloading the opera browser to see if the problem persists.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.