Red X (cross) icon by C: drive

2 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

Red X (cross) icon by C: drive11th November 2010, 7:42 am

I've tried to search the forum for this issue but couldn't find anything. I am working on a computer whose onboard LAN port is not working (not found in Device Manager) I have put in a PCI Network Card. That was recognized and is working. The machine does not seem to be running as fast as I think it should be, although it isn't bad. It is using XP SP3 with WebRoot AntiVirus with SpySweeper.
When working on this I noticed a red X icon in front of the C: drive when I explore or use My Computer. In searching the web I found mention of this being a result of the Vundo virus.
I installed, updated and ran Malwarebytes and CCleaner. I did a full scan (just to be sure) and nothing was found. I cleaned what was found by CCleaner.
I ran HiJack This and the report follows.
I have 2 questions--1. Could anything listed be responsible for the onboard LAN port not working? 2. Is there still some sort of virus/malware that is still on the machine that is not picked up by the updated WebRoot and MBAM that would be causing the Red X? If not, how can I get rid of that red X?

Thanks for the help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:39:57 AM, on 11/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://frontier.my.yahoo.com/?_bc=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] "SOUNDMAN.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live OneCare Health Monitor (OcHealthMon) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 6824 bytes

Re: Red X (cross) icon by C: drive12th November 2010, 12:08 am

Hello.

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

OTL.txt file12th November 2010, 12:49 am

OTL logfile created on: 11/11/2010 6:33:57 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 181.00 Mb Available Physical Memory | 47.00% Memory free
916.00 Mb Paging File | 579.00 Mb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.39 Gb Total Space | 72.46 Gb Free Space | 81.98% Space Free | Partition Type: NTFS
Drive D: | 4.76 Gb Total Space | 2.71 Gb Free Space | 56.97% Space Free | Partition Type: FAT32

Computer Name: PAULASUBEN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/11 18:33:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2010/05/17 14:15:36 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/06 14:20:10 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 11:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 11:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/08 16:52:06 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
PRC - [2007/02/08 16:51:54 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe
PRC - [2007/02/08 16:50:33 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxczcoms.exe
PRC - [2007/01/06 14:22:36 | 000,050,792 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1131383480\EE\aolsoftware.exe
PRC - [2005/11/07 11:00:18 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/09/26 17:07:00 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/06/06 22:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 14:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

========== Modules (SafeList) ==========

MOD - [2010/11/11 18:33:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/09/18 10:32:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2005/09/18 10:32:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/05/17 14:15:36 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 11:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2007/02/08 16:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2005/11/07 11:00:18 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\rt2870.sys -- (rt2870)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\BW2NDIS5.sys -- (BW2NDIS5)
DRV - [2009/11/06 11:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 11:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 11:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2006/11/20 07:44:36 | 000,056,728 | ---- | M] (Aluria Software, a division of EarthLink, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADSFilter.sys -- (ADSFilter) ADSFilter - (EarthLink Filter Driver)
DRV - [2005/11/07 11:11:57 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/26 17:07:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/09/18 10:32:00 | 003,493,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/08/12 14:31:12 | 000,098,432 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/07/29 19:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 19:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/11/15 19:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/06/17 16:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 16:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 16:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/29 14:24:42 | 000,033,280 | ---- | M] (DAVICOM Semiconductor, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102)
DRV - [2002/05/03 12:56:24 | 000,024,528 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2001/08/17 12:12:20 | 000,020,573 | ---- | M] (The Linksts Group ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LNE100.SYS -- (pnicII)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://frontier.my.yahoo.com/?_bc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 4E FE 67 25 1D CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/08 13:21:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/10 08:43:16 | 000,000,000 | ---D | M]

[2010/11/10 08:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/11/10 08:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q3ve6zj8.default\extensions
[2010/11/10 08:44:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q3ve6zj8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/10 08:38:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/17 17:05:19 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: bnsf.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Filter\text/html {07851C6A-1C43-41d9-8319-BC89154A8C00} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\awtro.dll) - C:\WINDOWS\System32\awtro.dll File not found
O30 - LSA: Authentication Packages - (ws.common-controls_6595b64144ccf1df) - File not found
O30 - LSA: Security Packages - (indows.common-controls_6595b641) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 12:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O33 - MountPoints2\{457a41d1-ac98-11de-8122-0040caaf485f}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 01:28:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/11/10 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/11/10 22:13:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/10 22:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/10 22:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/10 08:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/11/09 13:28:09 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\drivers\ADM8511.SYS
[2010/11/09 13:28:09 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/11/09 09:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2010/11/09 00:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/08 23:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/11/08 23:25:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/08 23:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/08 23:25:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/08 23:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/08 23:04:51 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/11/08 23:04:24 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/11/08 23:02:48 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/11/08 21:47:26 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\drivers\LNE100.SYS
[2010/11/08 21:47:26 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010/11/08 20:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\DAVICOM
[2010/11/08 16:27:41 | 000,033,280 | ---- | C] (DAVICOM Semiconductor, Inc. ) -- C:\WINDOWS\System32\drivers\DM9PCI5.SYS
[2010/11/08 16:27:41 | 000,033,280 | ---- | C] (DAVICOM Semiconductor, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/11/08 15:05:36 | 000,000,000 | ---D | C] -- C:\Downloads
[2007/06/17 13:56:10 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczinpa.dll
[2007/06/17 13:56:10 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCZhcp.dll
[2007/06/17 13:56:09 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczusb1.dll
[2007/06/17 13:56:09 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcziesc.dll
[2007/06/17 13:56:08 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczserv.dll
[2007/06/17 13:56:08 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczprox.dll
[2007/06/17 13:56:07 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpmui.dll
[2007/06/17 13:56:07 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczlmpm.dll
[2007/06/17 13:56:07 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpplc.dll
[2007/06/17 13:56:05 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczhbn3.dll
[2007/06/17 13:56:02 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomc.dll
[2007/06/17 13:56:02 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomm.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/11 18:25:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/11/11 18:25:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/11/11 18:25:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/11/11 18:25:10 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/11 18:24:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/11 18:24:13 | 401,068,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/11 10:36:50 | 001,720,025 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\wlogs_101111-000891_11-11-2010-10.32AM.zip
[2010/11/11 10:36:49 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2010/11/11 09:45:45 | 000,001,692 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LBA3BB4F3FF8D4918B44E246F3845E385.job
[2010/11/11 09:14:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/11/11 09:14:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/11/11 01:44:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/11/11 01:44:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/11/11 01:08:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/11/11 01:08:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/11/11 00:37:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/11/11 00:37:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/11/10 22:00:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (FullScan).job
[2010/11/10 10:07:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/11/10 10:07:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/11/10 08:42:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
[2010/11/09 16:41:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/11/09 16:41:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/11/09 13:09:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/11/09 13:09:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/11/09 12:41:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/11/09 12:41:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/11/09 09:02:50 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/09 08:50:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/11/09 08:50:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/11/09 08:19:09 | 000,476,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/09 01:10:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/11/09 01:10:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/11/09 01:07:51 | 000,344,930 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20101109_010733.reg
[2010/11/09 00:48:48 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/08 23:25:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/08 21:44:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/11/08 21:44:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/11/08 16:17:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/11/08 16:17:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/11/08 16:05:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/11/08 16:05:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/11/08 15:38:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/11/08 15:38:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/11/08 15:33:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/11/08 15:33:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/11/08 15:24:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/11/08 15:24:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/11/08 15:22:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/11/08 15:22:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/11/08 13:21:13 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/08 08:07:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/11/08 08:07:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/11/08 08:03:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/11/08 08:03:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/11 10:36:49 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2010/11/11 10:35:57 | 001,720,025 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\wlogs_101111-000891_11-11-2010-10.32AM.zip
[2010/11/09 09:02:50 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/09 01:07:42 | 000,344,930 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20101109_010733.reg
[2010/11/09 00:48:48 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/08 23:25:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/08 14:57:25 | 401,068,032 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/08 13:21:13 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/21 16:00:28 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.html
[2010/06/21 14:23:33 | 000,107,963 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.log
[2009/11/06 11:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2007/06/17 14:03:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/06/17 14:03:03 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/06/17 13:58:37 | 000,000,475 | ---- | C] () -- C:\WINDOWS\Lexstat.ini
[2007/06/17 13:57:57 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.dll
[2007/06/17 13:57:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2007/06/17 13:57:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
[2007/06/17 13:57:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
[2007/06/17 13:57:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2007/06/17 13:57:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv4.dll
[2007/06/17 13:57:03 | 000,039,899 | ---- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2007/06/17 13:56:10 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCZinst.dll
[2007/06/17 13:56:09 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxczutil.dll
[2007/01/06 15:47:47 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2007/01/05 16:58:57 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/10/04 06:07:24 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/13 19:07:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/08/16 18:21:46 | 000,000,549 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2006/08/08 17:52:54 | 000,006,492 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/07/22 11:57:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/01 16:14:36 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/05/06 18:24:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/03 16:54:40 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/04/15 05:58:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/25 16:39:53 | 000,003,932 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\LMLayout.dat
[2006/03/11 10:38:33 | 000,000,069 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/03/04 10:35:16 | 000,000,031 | ---- | C] () -- C:\WINDOWS\album.ini
[2006/02/17 20:19:07 | 000,001,053 | ---- | C] () -- C:\WINDOWS\photoprn.ini
[2006/02/17 20:18:10 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2006/02/11 19:59:24 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\LMCPaper.dat
[2006/02/11 18:54:20 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2006/02/11 18:54:20 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2006/02/11 18:53:56 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2006/02/11 18:53:41 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/02/11 18:11:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/11 17:55:05 | 000,003,932 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\LMLayout.dat
[2006/02/11 12:08:02 | 000,000,019 | ---- | C] () -- C:\WINDOWS\vaLangChoice.ini
[2006/02/11 12:07:26 | 000,000,150 | ---- | C] () -- C:\WINDOWS\System32\LM_SUPPORT.INI
[2005/11/07 11:40:23 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/11/07 11:40:22 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/11/07 11:40:22 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/11/07 11:40:20 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/11/07 11:40:20 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/11/07 11:40:20 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/11/07 11:40:17 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/11/07 11:09:15 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/11/07 11:09:10 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/07 11:06:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/27 04:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 10:12:43 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 10:12:43 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 10:12:30 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/26 10:12:30 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/26 10:12:30 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/26 10:12:30 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/26 10:12:30 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/26 04:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/17 09:12:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/17 15:46:30 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2002/03/13 14:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1997/09/12 15:41:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll

========== Files - Unicode (All) ==========
[2010/11/10 21:13:06 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\s?stem) -- C:\Documents and Settings\Owner\My Documents\sуstem
[2007/12/11 19:32:40 | 000,000,000 | ---D | M](C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
[2007/12/11 19:32:40 | 000,000,000 | ---D | M](C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
[2007/12/09 06:00:49 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\s?stem) -- C:\Documents and Settings\Owner\My Documents\sуstem
(C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe:SummaryInformation

< End of report >

Extras. txt file12th November 2010, 12:50 am

OTL Extras logfile created on: 11/11/2010 6:33:57 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 181.00 Mb Available Physical Memory | 47.00% Memory free
916.00 Mb Paging File | 579.00 Mb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.39 Gb Total Space | 72.46 Gb Free Space | 81.98% Space Free | Partition Type: NTFS
Drive D: | 4.76 Gb Total Space | 2.71 Gb Free Space | 56.97% Space Free | Partition Type: FAT32

Computer Name: PAULASUBEN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"8097:TCP" = 8097:TCP:*:Disabled:EarthLink UHP Modem Support

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\1131383480\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1131383480\EE\AOLServiceHost.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Disabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon -- (America Online, Inc)
"C:\WINDOWS\system32\lxczcoms.exe" = C:\WINDOWS\system32\lxczcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Disabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Disabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Disabled:IncrediMail -- File not found
"C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5MHTHXHX\incredimail_install[1].exe" = C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5MHTHXHX\incredimail_install[1].exe:*:Disabled:IncrediMail Installer -- File not found
"C:\WINDOWS\system32\osxjiiup.exe" = C:\WINDOWS\system32\osxjMAIL\BIN\IMAPP.EXE -- File not found
"C:\WINDOWS\system32\pjthfkdf.exe" = C:\WINDOWS\system32\pjthmail\bin\imapp.exe -- File not found
"E:\Release\Frontier.exe" = E:\Release\Frontier.exe:*:Enabled:Frontier Gateway Installation Wizard -- File not found
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07B1BDFB-2596-426B-89E9-E82BF8D3BBED}" = EarthLink Common Authentication
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot AntiVirus with Spy Sweeper
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{24F009D2-7A41-4534-BA08-160E1E7E0DDB}" = msxml4SP2
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{53661815-565E-4553-9D1A-D0666336B1C9}" = ArcSoft Software Suite
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7A724058-2D43-11D6-AD5B-00105AE20051}" = ViewAhead Photo Center
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{920BECA3-0C85-4E56-AA3C-4367859F3FBF}" = Protection Control Center
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5B68275-CC72-4F25-95C3-EDF2F4A49BB4}" = Perfect Scrapbook Maker
"{D9E09B07-6C95-11D5-AEBB-00606E910201}" = DM9XInst
"{F033B55E-54FA-46AD-8B7E-3EF65A6E9D7A}" = Hallmark Card Studio 2005
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"225af9a1-b556-11d5-94aa-0010b5426419" = MyDSC_CIF
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DVDFab Platinum_is1" = DVDFab Platinum 2.62
"Eyles_Comprehensive_Review" = Eyles 15e
"Hallmark Card Studio" = Hallmark Card Studio
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{24F009D2-7A41-4534-BA08-160E1E7E0DDB}" = msxml4SP2
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"Lexmark 1200 Series" = Lexmark 1200 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NCLEX Questions" = NCLEX Questions
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SelectRebatesUninstall" = ShopAtHome SelectRebates
"Simplified Family Legal Forms Kit" = Simplified Family Legal Forms Kit
"The Print Shop 6.0" = The Print Shop®
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"{DAF8B012-D559-4B8D-95C0-D98E1172E5C3}" = My Wal-Mart Digital Photo Center
"GoToMeeting" = GoToMeeting 2.0.0.127
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2010 2:47:22 AM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 11/11/2010 3:14:49 AM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/11/2010 3:14:53 AM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 11/11/2010 10:59:49 AM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/11/2010 10:59:53 AM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 11/11/2010 11:16:21 AM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/11/2010 11:16:26 AM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 11/11/2010 8:27:59 PM | Computer Name = PAULASUBEN | Source = nview_info | ID = 11141121
Description =

Error - 11/11/2010 8:29:06 PM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/11/2010 8:29:11 PM | Computer Name = PAULASUBEN | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

[ System Events ]
Error - 11/9/2010 6:40:58 PM | Computer Name = PAULASUBEN | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 11/10/2010 10:36:36 AM | Computer Name = PAULASUBEN | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 11/10/2010 7:27:32 PM | Computer Name = PAULASUBEN | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 11/10/2010 9:07:33 PM | Computer Name = PAULASUBEN | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 11/10/2010 9:12:44 PM | Computer Name = PAULASUBEN | Source = System Error | ID = 1003
Description = Error code 00000077, parameter1 c000000e, parameter2 c000000e, parameter3
00000000, parameter4 00778000.

Error - 11/11/2010 2:43:32 AM | Computer Name = PAULASUBEN | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 11/11/2010 3:10:34 AM | Computer Name = PAULASUBEN | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 11/11/2010 10:55:23 AM | Computer Name = PAULASUBEN | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.254.5 for the Network Card with network
address 0080AD071F06 has been denied by the DHCP server 192.168.254.254 (The DHCP
Server sent a DHCPNACK message).

Error - 11/11/2010 10:55:44 AM | Computer Name = PAULASUBEN | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 11/11/2010 8:24:51 PM | Computer Name = PAULASUBEN | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

< End of report >

Re: Red X (cross) icon by C: drive12th November 2010, 1:30 am

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\awtro.dll) - C:\WINDOWS\System32\awtro.dll File not found
O30 - LSA: Authentication Packages - (ws.common-controls_6595b64144ccf1df) - File not found
O30 - LSA: Security Packages - (indows.common-controls_6595b641) - File not found

:files
C:\sqmdata**.sqm
C:\sqmnoopt**.sqm

:commands
[purity]
[emptytemp]
[reboot]
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

fix log12th November 2010, 1:50 am

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\awtro.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:ws.common-controls_6595b64144ccf1df deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:indows.common-controls_6595b641 deleted successfully.
========== FILES ==========
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmdata06.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmdata09.sqm moved successfully.
C:\sqmdata10.sqm moved successfully.
C:\sqmdata11.sqm moved successfully.
C:\sqmdata12.sqm moved successfully.
C:\sqmdata13.sqm moved successfully.
C:\sqmdata14.sqm moved successfully.
C:\sqmdata15.sqm moved successfully.
C:\sqmdata16.sqm moved successfully.
C:\sqmdata17.sqm moved successfully.
C:\sqmdata18.sqm moved successfully.
C:\sqmdata19.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmnoopt06.sqm moved successfully.
C:\sqmnoopt07.sqm moved successfully.
C:\sqmnoopt08.sqm moved successfully.
C:\sqmnoopt09.sqm moved successfully.
C:\sqmnoopt10.sqm moved successfully.
C:\sqmnoopt11.sqm moved successfully.
C:\sqmnoopt12.sqm moved successfully.
C:\sqmnoopt13.sqm moved successfully.
C:\sqmnoopt14.sqm moved successfully.
C:\sqmnoopt15.sqm moved successfully.
C:\sqmnoopt16.sqm moved successfully.
C:\sqmnoopt17.sqm moved successfully.
C:\sqmnoopt18.sqm moved successfully.
C:\sqmnoopt19.sqm moved successfully.
========== COMMANDS ==========
C:\Program Files\ѕecurity folder moved successfully.
C:\Documents and Settings\Owner\My Documents\sуstem folder moved successfully.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 50619071 bytes
->Temporary Internet Files folder emptied: 458679 bytes
->FireFox cache emptied: 3383710 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 599336 bytes
->Flash cache emptied: 300 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: Owner
->Temp folder emptied: 45253577 bytes
->Temporary Internet Files folder emptied: 27986062 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 23726951 bytes
->Flash cache emptied: 6181 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4900 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 475 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 36476474 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 137112 bytes
RecycleBin emptied: 1607846 bytes

Total Files Cleaned = 182.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11112010_193606

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF85AF.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF85BF.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF863B.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF864E.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8742.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8752.tmp not found!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6U2QJ32T\red-x-cross-icon-by-c-drive-t24700[3].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3R25A6A3\2115340[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Re: Red X (cross) icon by C: drive13th November 2010, 1:13 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

MBAM log13th November 2010, 2:27 am

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5104

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/12/2010 8:20:15 PM
mbam-log-2010-11-12 (20-20-15).txt

Scan type: Quick scan
Objects scanned: 153952
Time elapsed: 9 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: Red X (cross) icon by C: drive14th November 2010, 12:23 am

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

combo-fix txt14th November 2010, 5:18 am

ComboFix 10-11-12.06 - Owner 11/13/2010 22:58:57.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.157 [GMT -6:00]
Running from: c:\downloads\Combo-Fix.exe
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Uninstall
c:\program files\RcvSystem
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\SAHS_popuplogo2.gif
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesH.dat
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\Toolbar\AddtoList.bmp
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\CashBack.bmp
c:\program files\SelectRebates\Toolbar\Coupons.bmp
c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\ImageCache\alert-red.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\ndisapi.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Legacy_NDISRD
-------\Service_NDISRD
-------\Service_usnjsvc

((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-12 01:46 . 2010-11-14 04:07 4900 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-11-12 01:36 . 2010-11-12 01:36 -------- d-----w- C:\_OTL
2010-11-11 04:24 . 2010-11-11 04:24 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG10
2010-11-11 04:13 . 2010-11-11 04:13 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-11 04:08 . 2010-11-11 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-11 04:05 . 2010-11-11 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-09 19:28 . 2001-08-17 18:11 20160 -c--a-w- c:\windows\system32\dllcache\adm8511.sys
2010-11-09 19:28 . 2001-08-17 18:11 20160 ----a-w- c:\windows\system32\drivers\ADM8511.SYS
2010-11-09 15:08 . 2010-11-09 15:11 -------- d-----w- c:\program files\NirSoft
2010-11-09 06:48 . 2010-11-09 06:48 -------- d-----w- c:\program files\CCleaner
2010-11-09 05:26 . 2010-11-09 05:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-11-09 05:25 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-09 05:25 . 2010-11-09 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-09 05:25 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-09 05:24 . 2010-11-09 05:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-09 05:04 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-09 05:04 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-09 05:02 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-09 03:47 . 2001-08-17 18:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2010-11-09 03:47 . 2001-08-17 18:12 20573 ----a-w- c:\windows\system32\drivers\LNE100.SYS
2010-11-09 02:08 . 2010-11-09 02:08 -------- d-----w- c:\program files\DAVICOM
2010-11-08 22:27 . 2002-10-29 20:24 33280 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2010-11-08 22:27 . 2002-10-29 20:24 33280 ----a-w- c:\windows\system32\drivers\DM9PCI5.SYS
2010-11-08 21:05 . 2010-11-14 04:12 -------- d-----w- C:\Downloads
2010-11-08 19:11 . 2010-11-08 19:13 -------- d-----w- c:\documents and settings\Administrator
2010-11-08 14:04 . 2010-11-08 14:04 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 18:23 . 2004-08-26 16:11 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-26 16:11 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-26 16:11 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-26 16:11 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-26 16:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-26 16:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-26 16:11 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-26 16:12 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-26 16:12 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-26 16:12 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-26 16:12 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-06-18 15:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-26 16:11 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-26 16:12 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-26 16:12 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 20:14 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"HostManager"="c:\program files\Common Files\AOL\1131383480\ee\AOLSoftware.exe" [2007-01-06 50792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-07 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2005-11-7 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1131383480\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:*:Disabled:EarthLink UHP Modem Support

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 11:00 AM 29808]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [5/17/2010 2:16 PM 1201640]
S2 OcHealthMon;Windows Live OneCare Health Monitor;"c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe" --> c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [?]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [11/9/2010 1:28 PM 20160]
S3 ADSFilter;ADSFilter - (EarthLink Filter Driver);c:\windows\system32\drivers\ADSFilter.sys [11/20/2006 7:44 AM 56728]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/8/2010 11:25 PM 38224]
S3 pnicII;Linksys Fast Ethernet PCI Card;c:\windows\system32\drivers\LNE100.SYS [11/8/2010 9:47 PM 20573]
.
Contents of the 'Scheduled Tasks' folder

2010-11-11 c:\windows\Tasks\wrSpySweeper_LBA3BB4F3FF8D4918B44E246F3845E385.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-05-17 20:20]

2010-11-11 c:\windows\Tasks\wrSpySweeper_LBA3BB4F3FF8D4918B44E246F3845E385.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-05-17 20:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://frontier.my.yahoo.com/?_bc=1
Trusted Zone: bnsf.com\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q3ve6zj8.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-AOL Fast Start - c:\program files\America Online 9.0\AOL.EXE
SafeBoot-OneCareMP
AddRemove-{D9E09B07-6C95-11D5-AEBB-00606E910201} - c:\program files\DAVICOM\DM9XInst\uninst2k.exe {D9E09B07-6C95-11D5-AEBB-00606E910201} PCI\ WinXP

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-13 23:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1840)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2010-11-13 23:16:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-14 05:16

Pre-Run: 77,799,362,560 bytes free
Post-Run: 77,697,187,840 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F899A156DC9959856644557EBDF7873D

Windows OneCare14th November 2010, 3:30 pm

Combo-Fix finds that Windows Live OneCare is running on this machine. It does not show up in Programs and in doing a search for it, I have tried deleting those instances of it. I also downloaded and ran the removal tool from MS. When I ran Combo-Fix a second time it still shows that OneCare is still active.
I'm not sure if this has affected the results of the Combo-Fix log. Is there another way to get rid of this program?
Thanks

Re: Red X (cross) icon by C: drive15th November 2010, 1:39 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

ESET log15th November 2010, 4:16 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ab6e282c4dc28f458c6c6c8ffe25b39d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-15 04:10:42
# local_time=2010-11-14 10:10:42 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=72000
# found=8
# cleaned=8
# scan_time=3920
C:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\CompuWorld\SmitfraudFix.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\CompuWorld\adware\PROCESS.EXE Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\CompuWorld\SmitfraudFix\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\CompuWorld\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\setup.exe probably a variant of Win32/Agent.JHVCYJA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\AOL\Installers\ASP 2.0\setup.exe probably a variant of Win32/Agent.JHVCYJA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\MSN Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Re: Red X (cross) icon by C: drive15th November 2010, 6:07 pm

Hello.
How is the machine running now?

Re: Red X (cross) icon by C: drive15th November 2010, 6:42 pm

Hi,
It seems to be running a bit better. I'm planning on increasing the memory so that will probably help with the speed.
The red X (cross) is still the icon in front of the C: drive. Apparently the removal of the various malware/trojans has not caused it to change back to the usual hard drive icon. Would the Windows OneCare still be on the machine and causing this to happen?
Is there anything else I could/should be doing to make sure the machine is clean?

Thanks for all the help so far.

Re: Red X (cross) icon by C: drive17th November 2010, 12:35 am

Can you please take a screenshot of the red X on your drive icon? I'd like a closer look at it.

Screenshot17th November 2010, 1:29 am

Am trying to attach a screenshot of the Red X icon. Hope this works.

screenshot post17th November 2010, 1:32 am

hope the attachment is clear enough.

Re: Red X (cross) icon by C: drive17th November 2010, 11:37 pm

Ah I see. I think I know what it is.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\*.*
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the pink Quick Scan button.
A fix log in Notepad will appear. Copy the contents of the log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

otl log18th November 2010, 12:23 am

OTL logfile created on: 11/17/2010 6:15:46 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.39 Gb Total Space | 71.73 Gb Free Space | 81.15% Space Free | Partition Type: NTFS
Drive D: | 4.76 Gb Total Space | 2.71 Gb Free Space | 56.97% Space Free | Partition Type: FAT32

Computer Name: PAULASUBEN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/16 18:28:04 | 001,286,960 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2010/11/16 18:27:49 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2010/11/11 18:33:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2010/09/22 13:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/09/22 13:41:30 | 000,157,536 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/08 16:52:06 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
PRC - [2007/02/08 16:51:54 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe
PRC - [2007/02/08 16:50:33 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxczcoms.exe
PRC - [2007/01/06 14:22:36 | 000,050,792 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1131383480\EE\aolsoftware.exe
PRC - [2005/11/07 11:00:18 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/09/26 17:07:00 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/06/06 22:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 14:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

========== Modules (SafeList) ==========

MOD - [2010/11/11 18:33:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/09/18 10:32:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2005/09/18 10:32:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/16 18:27:49 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/09/22 13:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2007/02/08 16:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2005/11/07 11:00:18 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\rt2870.sys -- (rt2870)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\BW2NDIS5.sys -- (BW2NDIS5)
DRV - [2010/06/17 14:49:10 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2010/06/17 14:49:10 | 000,045,072 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2010/06/17 14:49:10 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2006/11/20 07:44:36 | 000,056,728 | ---- | M] (Aluria Software, a division of EarthLink, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADSFilter.sys -- (ADSFilter) ADSFilter - (EarthLink Filter Driver)
DRV - [2005/11/07 11:11:57 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/26 17:07:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/09/18 10:32:00 | 003,493,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/08/12 14:31:12 | 000,098,432 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/07/29 19:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 19:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/11/15 19:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/06/17 16:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 16:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 16:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/29 14:24:42 | 000,033,280 | ---- | M] (DAVICOM Semiconductor, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102)
DRV - [2002/05/03 12:56:24 | 000,024,528 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2001/08/17 12:12:20 | 000,020,573 | ---- | M] (The Linksts Group ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LNE100.SYS -- (pnicII)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://frontier.my.yahoo.com/?_bc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 4E FE 67 25 1D CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/08 13:21:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/17 10:38:55 | 000,000,000 | ---D | M]

[2010/11/10 08:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/11/10 08:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q3ve6zj8.default\extensions
[2010/11/10 08:44:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q3ve6zj8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/16 19:52:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/16 19:52:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/16 19:51:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/14 08:44:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: bnsf.com ([www] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Security Packages - (indows.common-controls_6595b641) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 12:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/16 21:01:55 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/11/16 21:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/11/16 20:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/16 19:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/16 19:50:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/11/16 18:42:14 | 000,045,072 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfmonm.sys
[2010/11/16 18:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/11/16 18:29:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E15A1CA7-D908-4C28-ADCF-C23723A9D28D}
[2010/11/16 18:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\webroot
[2010/11/16 18:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware
[2010/11/16 18:08:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/14 20:30:31 | 000,000,000 | --SD | C] -- C:\Combo-Fix16885C
[2010/11/14 09:08:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/14 08:56:52 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/11/13 22:50:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/13 22:48:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/11 19:36:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/10 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/11/10 22:13:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/10 22:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/10 22:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/10 08:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/11/09 09:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2010/11/09 00:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/08 23:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/11/08 23:25:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/08 23:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/08 23:25:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/08 23:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/08 21:47:26 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\drivers\LNE100.SYS
[2010/11/08 21:47:26 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010/11/08 20:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\DAVICOM
[2010/11/08 16:27:41 | 000,033,280 | ---- | C] (DAVICOM Semiconductor, Inc. ) -- C:\WINDOWS\System32\drivers\DM9PCI5.SYS
[2010/11/08 16:27:41 | 000,033,280 | ---- | C] (DAVICOM Semiconductor, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/11/08 15:05:36 | 000,000,000 | ---D | C] -- C:\Downloads
[2007/06/17 13:56:10 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczinpa.dll
[2007/06/17 13:56:10 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCZhcp.dll
[2007/06/17 13:56:09 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczusb1.dll
[2007/06/17 13:56:09 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcziesc.dll
[2007/06/17 13:56:08 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczserv.dll
[2007/06/17 13:56:08 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczprox.dll
[2007/06/17 13:56:07 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpmui.dll
[2007/06/17 13:56:07 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczlmpm.dll
[2007/06/17 13:56:07 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpplc.dll
[2007/06/17 13:56:05 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczhbn3.dll
[2007/06/17 13:56:02 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomc.dll
[2007/06/17 13:56:02 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomm.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/17 10:38:55 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/17 10:37:29 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/17 10:37:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/11/17 10:36:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/17 10:36:26 | 1474,809,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/16 18:29:18 | 000,001,968 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/11/14 08:44:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/11/14 08:39:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/11/14 08:39:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/11/13 23:09:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/11/13 23:09:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/11/13 22:50:48 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/13 22:41:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/11/13 22:41:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/11/11 19:42:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/11/11 19:42:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/11/11 10:36:50 | 001,720,025 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\wlogs_101111-000891_11-11-2010-10.32AM.zip
[2010/11/11 10:36:49 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2010/11/09 08:19:09 | 000,476,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/09 01:07:51 | 000,344,930 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20101109_010733.reg
[2010/11/09 00:48:48 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/08 23:25:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/08 13:21:13 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/17 10:36:26 | 1474,809,856 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/16 18:42:16 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2010/11/16 18:42:16 | 000,017,472 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2010/11/16 18:29:18 | 000,001,968 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/11/14 08:39:26 | 000,000,268 | -H-- | C] () -- C:\sqmdata03.sqm
[2010/11/14 08:39:26 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2010/11/13 23:09:05 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2010/11/13 23:09:05 | 000,000,232 | -H-- | C] () -- C:\sqmdata02.sqm
[2010/11/13 22:50:48 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/13 22:50:43 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/13 22:41:18 | 000,000,268 | -H-- | C] () -- C:\sqmdata01.sqm
[2010/11/13 22:41:18 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2010/11/11 19:42:58 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2010/11/11 19:42:58 | 000,000,232 | -H-- | C] () -- C:\sqmdata00.sqm
[2010/11/11 10:36:49 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2010/11/11 10:35:57 | 001,720,025 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\wlogs_101111-000891_11-11-2010-10.32AM.zip
[2010/11/09 09:02:50 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/09 01:07:42 | 000,344,930 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20101109_010733.reg
[2010/11/09 00:48:48 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/08 23:25:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/08 13:21:13 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/21 16:00:28 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.html
[2010/06/21 14:23:33 | 000,107,963 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.log
[2007/06/17 14:03:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/06/17 14:03:03 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/06/17 13:58:37 | 000,000,475 | ---- | C] () -- C:\WINDOWS\Lexstat.ini
[2007/06/17 13:57:57 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.dll
[2007/06/17 13:57:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2007/06/17 13:57:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
[2007/06/17 13:57:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
[2007/06/17 13:57:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2007/06/17 13:57:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv4.dll
[2007/06/17 13:57:03 | 000,039,899 | ---- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2007/06/17 13:56:10 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCZinst.dll
[2007/06/17 13:56:09 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxczutil.dll
[2007/01/06 15:47:47 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2007/01/05 16:58:57 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/10/04 06:07:24 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/13 19:07:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/08/16 18:21:46 | 000,000,549 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2006/08/08 17:52:54 | 000,006,492 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/07/22 11:57:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/01 16:14:36 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/05/06 18:24:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/03 16:54:40 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/04/15 05:58:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/25 16:39:53 | 000,003,932 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\LMLayout.dat
[2006/03/11 10:38:33 | 000,000,069 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/03/04 10:35:16 | 000,000,031 | ---- | C] () -- C:\WINDOWS\album.ini
[2006/02/17 20:19:07 | 000,001,053 | ---- | C] () -- C:\WINDOWS\photoprn.ini
[2006/02/17 20:18:10 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2006/02/11 19:59:24 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\LMCPaper.dat
[2006/02/11 18:54:20 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2006/02/11 18:54:20 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2006/02/11 18:53:56 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2006/02/11 18:53:41 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/02/11 18:11:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/11 17:55:05 | 000,003,932 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\LMLayout.dat
[2006/02/11 12:08:02 | 000,000,019 | ---- | C] () -- C:\WINDOWS\vaLangChoice.ini
[2006/02/11 12:07:26 | 000,000,150 | ---- | C] () -- C:\WINDOWS\System32\LM_SUPPORT.INI
[2005/11/07 11:40:23 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/11/07 11:40:22 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/11/07 11:40:22 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/11/07 11:40:20 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/11/07 11:40:20 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/11/07 11:40:20 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/11/07 11:40:17 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/11/07 11:09:15 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/11/07 11:09:10 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/07 11:06:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/27 04:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 10:12:43 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 10:12:43 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 04:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/17 09:12:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/17 15:46:30 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2002/03/13 14:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1997/09/12 15:41:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll

========== LOP Check ==========

[2010/11/11 01:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/10 22:13:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/06/16 08:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2008/01/05 09:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2008/01/04 10:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/11/10 22:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/02/11 20:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra
[2007/11/25 17:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/16 18:29:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E15A1CA7-D908-4C28-ADCF-C23723A9D28D}
[2010/11/10 22:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2007/12/08 08:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EarthLink
[2008/01/15 10:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\F-Secure
[2006/04/27 19:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2006/08/11 16:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2005/11/07 11:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2006/11/14 08:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2006/08/08 17:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2007/11/25 17:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint

========== Purity Check ==========

========== Custom Scans ==========

< C:\*.* >
[2010/05/13 08:08:42 | 000,021,302 | ---- | M] () -- C:\aaw7boot.log
[2006/06/05 02:34:48 | 000,000,000 | ---- | M] () -- C:\ADSClient.txt
[2006/06/04 18:32:18 | 000,000,000 | ---- | M] () -- C:\ADSServer.txt
[2007/01/05 16:58:34 | 000,008,017 | ---- | M] () -- C:\ADSService.txt
[2006/02/11 20:33:40 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2006/02/11 20:33:40 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2005/11/07 11:09:49 | 000,000,189 | ---- | M] () -- C:\audio.log
[2004/08/26 12:04:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/01/04 13:29:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/13 22:50:48 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2006/06/19 17:40:09 | 000,007,559 | ---- | M] () -- C:\caavsetup.log
[2006/06/19 19:28:38 | 000,008,618 | ---- | M] () -- C:\caisslog.txt
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/11/14 09:08:49 | 000,012,163 | ---- | M] () -- C:\ComboFix.txt
[2004/08/26 12:04:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/01 20:17:09 | 000,162,571 | ---- | M] () -- C:\dvdfabexpress_burn.log
[2006/08/16 18:28:51 | 000,001,776 | ---- | M] () -- C:\dvdfab_burn.log
[2006/07/30 09:41:49 | 000,129,768 | ---- | M] () -- C:\EarnExtraCash.pdf
[2007/01/05 16:49:00 | 000,004,541 | ---- | M] () -- C:\elnkserv.log
[2006/07/30 09:26:45 | 000,227,682 | ---- | M] () -- C:\Formula1Instant.pdf
[2010/11/17 10:36:26 | 1474,809,856 | -HS- | M] () -- C:\hiberfil.sys
[2006/04/15 07:41:16 | 000,015,669 | ---- | M] () -- C:\install.log
[2004/08/26 12:04:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/11/07 11:01:18 | 000,000,086 | ---- | M] () -- C:\lan.log
[2010/11/11 19:40:49 | 000,000,966 | ---- | M] () -- C:\lxcz.log
[2004/08/26 12:04:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/07/30 09:27:33 | 000,096,878 | ---- | M] () -- C:\Nourifusion.pdf
[2006/08/08 19:54:58 | 000,096,878 | ---- | M] () -- C:\Nourifusionflyer.pdf
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/06/30 15:38:59 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2005/11/07 11:10:12 | 000,000,086 | ---- | M] () -- C:\nvida.log
[2010/11/17 10:36:24 | 1474,740,224 | -HS- | M] () -- C:\pagefile.sys
[2006/05/04 20:06:41 | 000,000,180 | ---- | M] () -- C:\Profile.xml
[2008/01/04 08:41:04 | 000,003,187 | ---- | M] () -- C:\rapport.txt
[2005/06/12 09:34:01 | 000,000,256 | ---- | M] () -- C:\SmartInstaller.log
[2010/11/11 19:42:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/11/13 22:41:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/11/13 23:09:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/11/14 08:39:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/11/11 19:42:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/11/13 22:41:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/11/13 23:09:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/11/14 08:39:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2007/12/29 18:18:43 | 001,313,800 | ---- | M] () -- C:\SystemEvent.log
[2006/04/25 14:50:19 | 000,000,432 | -H-- | M] () -- C:\T4Metrics.log
[2007/12/29 18:14:45 | 000,011,234 | ---- | M] () -- C:\WinSSEvent.log
[2006/07/30 09:42:08 | 000,308,842 | ---- | M] () -- C:\WorkFromHome.pdf

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe:SummaryInformation

< End of report >

Re: Red X (cross) icon by C: drive19th November 2010, 1:07 am

Hmm, okay then, no autorun.

Do next.

Now open a new notepad file.
Input this into the notepad file:

regedit /e look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer"
start notepad look.txt
Save this as look.bat, save it to your desktop.
Double click look.bat to run it.
Copy and paste the report back here.

Look.bat result pt.119th November 2010, 1:37 am

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"IconUnderline"=hex(0):03,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder]
"Type"="group"
"Text"="@shell32.dll,-30498"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
"HelpID"="shell.hlp#51140"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState]
"Type"="checkbox"
"Text"="@shell32.dll,-30506"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ClassicViewState"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51076"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideMyComputerIcons"
"Text"="@shell32.dll,-30497"
"Type"="checkbox"
"ValueName"="{21EC2020-3AEA-1069-A2DD-08002B30309D}"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000001
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51150"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess]
"Type"="checkbox"
"Text"="@shell32.dll,-30507"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="SeparateProcess"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51079"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy\SeparateProcess]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache]
"Type"="checkbox"
"Text"="@shell32.dll,-30517"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="DisableThumbnailCache"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51155"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip]
"Type"="checkbox"
"Text"="@shell32.dll,-30514"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="FolderContentsInfoTip"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree]
"Type"="checkbox"
"Text"="@shell32.dll,-30511"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="FriendlyTree"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"HelpID"="shell.hlp#51149"
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]
"Text"="@shell32.dll,-30499"
"Type"="group"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
"HelpID"="shell.hlp#51131"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30501"
"Type"="radio"
"CheckedValue"=dword:00000002
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51104"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt]
"Type"="checkbox"
"Text"="@shell32.dll,-30503"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="HideFileExt"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler]
"Type"="checkbox"
"Text"="@shell32.dll,-30509"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="NoNetCrawling"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51147"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy\NoNetCrawling]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers]
"Type"="checkbox"
"Text"="@shell32.dll,-30513"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="PersistBrowsers"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"HelpID"="shell.hlp#51152"
"DefaultValue"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor]
"Type"="checkbox"
"Text"="@shell32.dll,-30512"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ShowCompColor"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51130"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath]
"Type"="checkbox"
"Text"="@shell32.dll,-30504"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState"
"ValueName"="FullPath"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51100"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress]
"Type"="checkbox"
"Text"="@shell32.dll,-30505"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState"
"ValueName"="FullPathAddress"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51107"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip]
"Type"="checkbox"
"Text"="@shell32.dll,-30502"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ShowInfoTip"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51102"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden]
"Type"="checkbox"
"Text"="@shell32.dll,-30508"
"WarningIfNotDefault"="@shell32.dll,-28964"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ShowSuperHidden"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51103"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets]
"Text"="Managing pairs of Web pages and folders"
"HelpID"="TBD"
"Type"="group"
"Bitmap"="C:\\WINDOWS\\system32\\\\SHELL32.DLL,4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO]
"CheckedValue"=dword:00000000
"Type"="radio"
"ValueName"="NoFileFolderConnection"
"HelpID"="TBD"
"Text"="Show and manage the pair as a single file"
"DefaultValue"=dword:00000000
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
"HKeyRoot"=dword:80000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE]
"ValueName"="NoFileFolderConnection"
"DefaultValue"=dword:00000000
"Text"="Show both parts but manage as a single file"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
"HelpID"="TBD"
"Type"="radio"
"CheckedValue"=dword:00000002
"HKeyRoot"=dword:80000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE]
"CheckedValue"=dword:00000001
"Type"="radio"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
"HelpID"="TBD"
"ValueName"="NoFileFolderConnection"
"DefaultValue"=dword:00000000
"Text"="Show both parts and manage them individually"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade]
"Type"="checkbox"
"Text"="@shell32.dll,-30510"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="WebViewBarricade"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"HelpID"="shell.hlp#51148"
"DefaultValue"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\15]
"RegisteredApp"="Mail"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\16]
"Association"=".cda"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\17]
"ShellExecute"="::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\18]
"ShellExecute"="calc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\7]
"Association"="http"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"XMLLookup"="http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s"
"Application"="http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s"
"intl"="http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]
"AB007EC8-E2D4-4664-ACD9-1D059681F3DE"=""
"346617CD-E9F1-4891-B1D1-FA3694F368E7"=""
"017837A8-F5EE-4a3a-9919-6291D9B219E1"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\Files]
"*setup*.exe"=""
"*instal*.exe"=""
"*setup*.bat"=""
"*instal*.bat"=""
"*setup*.cmd"=""
"*instal*.cmd"=""
"*setup*.com"=""
"*instal*.com"=""
"Y?kle*"=""
"Felrak.exe"=""
"Imposta.exe"=""
"KUR.exe"=""
"Ayarla.exe"=""
"sfc2.ico"=""
"evanims"=""
"00000001.tmp"=""
"updmoney.exe"=""
"hs\\media\\y\\11399\\11399_cd_fp.jpg"=""
"hs\\media\\y\\9953\\9953_cd_fp.jpg"=""
"hs\\media\\y\\9951\\9951_cd_fp.jpg"=""
"hs\\media\\y\\9964\\9964_cd_fp.jpg"=""
"hs\\media\\y\\9968\\9968_cd_fp.jpg"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler]
"DefaultIcon"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,32,00,32,00,35,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\EventHandlers\MediaArrival]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\FriendlyName]
"Content"="music files"
"IconLabel"="Music files (WMA/MP3)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler]
"DefaultIcon"=hex(2):73,00,68,00,69,00,6d,00,67,00,76,00,77,00,2e,00,64,00,6c,\
00,6c,00,2c,00,33,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\EventHandlers\DeviceArrival]
"ShowPicturesOnArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\EventHandlers\MediaArrival]
"ShowPicturesOnArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\FriendlyName]
"Content"="picture files"
"IconLabel"="Pictures"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler]
"DefaultIcon"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,32,00,32,00,34,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\EventHandlers\MediaArrival]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\FriendlyName]
"Content"="video files"
"IconLabel"="Video"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\MusicFilesContentSniffer]
"ContentTypeHandler"="MusicFilesContentHandler"
"RelPattern"=hex(7):2a,00,2e,00,77,00,6d,00,61,00,00,00,48,00,49,00,46,00,49,\
00,5c,00,2a,00,5c,00,2a,00,2e,00,77,00,6d,00,61,00,00,00,2a,00,2e,00,6d,00,\
70,00,33,00,00,00,48,00,49,00,46,00,49,00,5c,00,2a,00,5c,00,2a,00,2e,00,6d,\
00,70,00,33,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\PicturesContentSniffer]
"ContentTypeHandler"="PicturesContentHandler"
"RelPattern"=hex(7):2a,00,2e,00,62,00,6d,00,70,00,00,00,44,00,43,00,49,00,4d,\
00,5c,00,2a,00,5c,00,2a,00,2e,00,62,00,6d,00,70,00,00,00,2a,00,2e,00,6a,00,\
70,00,67,00,00,00,44,00,43,00,49,00,4d,00,5c,00,2a,00,5c,00,2a,00,2e,00,6a,\
00,70,00,67,00,00,00,2a,00,2e,00,67,00,69,00,66,00,00,00,44,00,43,00,49,00,\
4d,00,5c,00,2a,00,5c,00,2a,00,2e,00,67,00,69,00,66,00,00,00,44,00,43,00,2a,\
00,5c,00,2a,00,2e,00,6a,00,70,00,67,00,00,00,2a,00,2e,00,74,00,69,00,66,00,\
00,00,4d,00,53,00,53,00,4f,00,4e,00,59,00,5c,00,2a,00,5c,00,2a,00,2e,00,74,\
00,69,00,66,00,00,00,49,00,4d,00,2a,00,5c,00,2a,00,2e,00,6a,00,70,00,67,00,\
00,00,43,00,41,00,4d,00,45,00,52,00,41,00,30,00,31,00,5c,00,2a,00,2e,00,6a,\
00,70,00,67,00,00,00,44,00,43,00,2a,00,5c,00,42,00,52,00,2a,00,5c,00,2a,00,\
2e,00,6a,00,70,00,67,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\VideoFilesContentSniffer]
"ContentTypeHandler"="VideoFilesContentHandler"
"RelPattern"=hex(7):2a,00,2e,00,6d,00,70,00,67,00,00,00,56,00,49,00,44,00,45,\
00,4f,00,5c,00,2a,00,2e,00,6d,00,70,00,67,00,00,00,2a,00,2e,00,6d,00,70,00,\
65,00,67,00,00,00,56,00,49,00,44,00,45,00,4f,00,5c,00,2a,00,2e,00,6d,00,70,\
00,65,00,67,00,00,00,2a,00,2e,00,61,00,73,00,66,00,00,00,56,00,49,00,44,00,\
45,00,4f,00,5c,00,2a,00,2e,00,61,00,73,00,66,00,00,00,4d,00,53,00,53,00,4f,\
00,4e,00,59,00,5c,00,2a,00,5c,00,2a,00,2e,00,6d,00,70,00,67,00,00,00,4d,00,\
53,00,53,00,4f,00,4e,00,59,00,5c,00,2a,00,5c,00,2a,00,2e,00,6d,00,70,00,65,\
00,67,00,00,00,2a,00,2e,00,77,00,6d,00,76,00,00,00,56,00,49,00,44,00,45,00,\
4f,00,5c,00,2a,00,2e,00,77,00,6d,00,76,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceClasses]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceClasses\{CC7BFB41-F175-11D1-A392-00E0291F3959}]
"DeviceHandlers"="VideoCameraDeviceHandler"
"Label"="@C:\\Program Files\\Movie Maker\\wmm2res.dll,-63094"
"Icons"=hex(7):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,\
00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,65,00,\
6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,31,00,37,\
00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\Camera]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,\
00,30,00,39,00,00,00,00,00
"Label"="Digital Camera"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\CellPhone]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,\
00,31,00,30,00,00,00,00,00
"Label"="Cell Phone"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\CFStorage]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,\
00,30,00,33,00,00,00,00,00
"Label"="CompactFlash Reader/Writer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ClikDrive]
"Label"="Clik! Drive"
"NoSoftEject"="0x00000001"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\FaxDevice]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,\
00,39,00,36,00,00,00,00,00
"Label"="Fax Machine"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ImageMate]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,\
00,32,00,39,00,00,00,00,00
"NoMediaIcons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,32,00,32,00,39,00,00,00,00,00
"Label"="ImageMate"
"NoSoftEject"="0x00000001"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\JazDrive]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,\
00,31,00,32,00,00,00,00,00
"Label"="Jaz Drive"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\MemoryStick]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,\
00,30,00,35,00,00,00,00,00
"Label"="Memory Stick"
"NoSoftEject"="0x00000001"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\MemoryStick-MG]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,\
00,33,00,33,00,00,00,00,00
"Label"="Memory Stick - MG"
"NoSoftEject"="0x00000001"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\OpticalDrive]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,\
00,30,00,31,00,00,00,00,00
"Label"="Optical Drive"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\PCMCIAStorage]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,\
00,30,00,36,00,00,00,00,00
"Label"="PCMCIA Storage Device"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\PocketPC]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,\
00,31,00,34,00,00,00,00,00
"Label"="Pocket PC"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\PortableAudioPlayer]
"Label"="Portable Audio Player"
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,\
00,39,00,39,00,00,00,00,00
"NoSoftEject"="0x00000001"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\Printer]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,\
00,37,00,00,00,00,00
"Label"="Printer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\Scanner]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,\
00,31,00,35,00,00,00,00,00
"Label"="Scanner"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\SMStorage]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,\
00,30,00,38,00,00,00,00,00
"Label"="SmartMedia Reader/Writer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\TapeDrive]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,\
00,30,00,30,00,00,00,00,00
"Label"="Tape Drive"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\VideoCamera]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,\
00,31,00,37,00,00,00,00,00
"Label"="Digital Video Camera"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ZipDrive100]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,\
00,33,00,30,00,00,00,00,00
"Label"="Zip Drive 100"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ZipDrive250]
"Icons"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,\
00,33,00,30,00,00,00,00,00
"Label"="Zip Drive 250"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CompaqPA1Handler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CompaqPA1Handler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CompaqPA1Handler\EventHandlers\DeviceArrival]
"CompaqPA1Arrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIcHandler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIcHandler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIcHandler\EventHandlers\DeviceArrival]
"CreativeNomadIIcArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIHandler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIHandler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIHandler\EventHandlers\DeviceArrival]
"CreativeNomadIIArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIMGHandler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIMGHandler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIMGHandler\EventHandlers\DeviceArrival]
"CreativeNomadIIMGArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadJukeboxHandler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadJukeboxHandler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadJukeboxHandler\EventHandlers\DeviceArrival]
"CreativeNomadJukeboxArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\DigisetteDuo64Handler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\DigisetteDuo64Handler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\DigisetteDuo64Handler\EventHandlers\DeviceArrival]
"DigisetteDuo64Arrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\DLinkDMP110Handler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\DLinkDMP110Handler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\DLinkDMP110Handler\EventHandlers\DeviceArrival]
"DLinkDMP110Arrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\ContentTypes]
"MusicFilesContentSniffer"=""
"PicturesContentSniffer"=""
"VideoFilesContentSniffer"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\EventHandlers\DeviceArrival]
"GenericVolumeArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\EventHandlers\MediaArrival]
"GenericVolumeArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Intel3000Handler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Intel3000Handler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Intel3000Handler\EventHandlers\DeviceArrival]
"Intel3000Arrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\IntelPocketConcertHandler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\IntelPocketConcertHandler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\IntelPocketConcertHandler\EventHandlers\DeviceArrival]
"IntelPocketConcertArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\IomegaHipZipHandler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\IomegaHipZipHandler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\IomegaHipZipHandler\EventHandlers\DeviceArrival]
"IomegaHipZipArrival"=""

Look.bat pt.219th November 2010, 1:40 am

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\NikepsaplayHandler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\NikepsaplayHandler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\NikepsaplayHandler\EventHandlers\DeviceArrival]
"NikepsaplayArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Ravemp2300Handler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Ravemp2300Handler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Ravemp2300Handler\EventHandlers\DeviceArrival]
"Ravemp2300Arrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Rio600Handler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Rio600Handler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Rio600Handler\EventHandlers\DeviceArrival]
"Rio600Arrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Rio800Handler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Rio800Handler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Rio800Handler\EventHandlers\DeviceArrival]
"Rio800Arrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\RioOneHandler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\RioOneHandler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\RioOneHandler\EventHandlers\DeviceArrival]
"RioOneArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler\EventHandlers\DeviceArrival]
"VideoCameraArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\AutorunINFLegacyArrival]
"MSOpenFolder"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\CompaqPA1Arrival]
"MSWMDMHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\CreativeNomadIIArrival]
"MSWMDMHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\CreativeNomadIIcArrival]
"MSWMDMHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\CreativeNomadIIMGArrival]
"MSWMDMHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\CreativeNomadJukeboxArrival]
"MSWMDMHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\DigisetteDuo64Arrival]
"MSWMDMHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\DLinkDMP110Arrival]
"MSWMDMHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\GenericVolumeArrival]
"MSGenericVolumeArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\HandleCDBurningOnArrival]
"MSWMPBurnCDOnArrival"=""
"MSCDBurningOnArrival"=""
"NeroAutoPlay2LaunchNeroStartSmart"=""
"NeroAutoPlay2DataDisc"=""
"NeroAutoPlay2CDAudio"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\Intel3000Arrival]
"MSWMDMHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\IntelPocketConcertArrival]
"MSWMDMHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\IomegaHipZipArrival]
"MSWMDMHandler"=""
"MSOpenFolder"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\MixedContentOnArrival]
"MSOpenFolder"=""
"PSASE30ImportPicturesOnArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\MTPMediaPlayerArrival]
"MSWMDMHandler"=""
"MSWPDShellNamespaceHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\NikepsaplayArrival]
"MSWMDMHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival]
"MSPlayCDAudioOnArrival"=""
"MSRipCDAudioOnArrival"=""
"MSOpenFolder"=""
"NeroAutoPlay2CopyCD"=""
"PSASE30ImportPicturesOnArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayDVDMovieOnArrival]
"MSPlayDVDMovieOnArrival"=""
"MSOpenFolder"=""
"PDVDPlayDVDMovieOnArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayHDDVDOnArrival]
"MSOpenFolder"=hex(2):00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayMusicFilesOnArrival]
"MSPlayMediaOnArrival"=""
"MSOpenFolder"=""
"PSASE30ImportPicturesOnArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlaySuperVideoCDMovieOnArrival]
"MSPlaySuperVideoCDMovieOnArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVCDMovieOnArrival]
"PDVDPlayVCDMovieOnArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoCDMovieOnArrival]
"MSPlayVideoCDMovieOnArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival]
"MSPlayMediaOnArrival"=""
"MSOpenFolder"=""
"PSASE30ImportPicturesOnArrival"=""
"MSPictureIt11ViewOnArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\Ravemp2300Arrival]
"MSWMDMHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\Rio600Arrival]
"MSWMDMHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\Rio800Arrival]
"MSWMDMHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\RioOneArrival]
"MSWMDMHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\ShowPicturesOnArrival]
"MSWiaEventHandler"=""
"MSShowPicturesOnArrival"=""
"MSPrintPicturesOnArrival"=""
"MSOpenFolder"=""
"PSASE30ImportPicturesOnArrival"=""
"MSPictureIt11ViewOnArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\VideoCameraArrival]
"MSVideoCameraArrival"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSCDBurningOnArrival]
"DefaultIcon"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,35,00,00,00
"Action"="@%SystemRoot%\\system32\\SHELL32.dll,-17169"
"Provider"="@%SystemRoot%\\system32\\SHELL32.dll,-17170"
"InvokeProgID"="Folder"
"InvokeVerb"="open"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSOpenFolder]
"DefaultIcon"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,35,00,00,00
"Action"="@%SystemRoot%\\system32\\SHELL32.dll,-17154"
"Provider"="@%SystemRoot%\\system32\\SHELL32.dll,-17155"
"InvokeProgID"="Folder"
"InvokeVerb"="open"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPictureIt11ViewOnArrival]
"InvokeProgID"="Microsoft.Picture.It.11.AutoPlay"
"Action"="Import pictures and videos to my computer"
"DefaultIcon"="C:\\Program Files\\Microsoft Digital Image 2006\\Pod.exe,-102"
"InvokeVerb"="AutoPlay"
"Provider"="Microsoft Digital Image Import Wizard"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayCDAudioOnArrival]
"Action"="@wmploc.dll,-6503"
"Provider"="@wmploc.dll,-6502"
"InvokeProgID"="WMP.AudioCD"
"InvokeVerb"="play"
"DefaultIcon"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
20,00,4d,00,65,00,64,00,69,00,61,00,20,00,50,00,6c,00,61,00,79,00,65,00,72,\
00,5c,00,77,00,6d,00,70,00,6c,00,61,00,79,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,2c,00,30,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayDVDMovieOnArrival]
"Action"="@wmploc.dll,-6504"
"Provider"="@wmploc.dll,-6502"
"InvokeProgID"="WMP.DVD"
"InvokeVerb"="play"
"DefaultIcon"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
20,00,4d,00,65,00,64,00,69,00,61,00,20,00,50,00,6c,00,61,00,79,00,65,00,72,\
00,5c,00,77,00,6d,00,70,00,6c,00,61,00,79,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,2c,00,30,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayMediaOnArrival]
"Action"="@wmploc.dll,-1800"
"Provider"="@wmploc.dll,-6502"
"InvokeProgid"="WMP.PlayMedia"
"InvokeVerb"="play"
"DefaultIcon"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
20,00,4d,00,65,00,64,00,69,00,61,00,20,00,50,00,6c,00,61,00,79,00,65,00,72,\
00,5c,00,77,00,6d,00,70,00,6c,00,61,00,79,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,2c,00,30,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlaySuperVideoCDMovieOnArrival]
"Action"="@wmploc.dll,-6508"
"Provider"="@wmploc.dll,-6502"
"InvokeProgID"="WMP.VCD"
"InvokeVerb"="play"
"DefaultIcon"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
20,00,4d,00,65,00,64,00,69,00,61,00,20,00,50,00,6c,00,61,00,79,00,65,00,72,\
00,5c,00,77,00,6d,00,70,00,6c,00,61,00,79,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,2c,00,30,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayVideoCDMovieOnArrival]
"Action"="@wmploc.dll,-6507"
"Provider"="@wmploc.dll,-6502"
"InvokeProgID"="WMP.VCD"
"InvokeVerb"="play"
"DefaultIcon"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
20,00,4d,00,65,00,64,00,69,00,61,00,20,00,50,00,6c,00,61,00,79,00,65,00,72,\
00,5c,00,77,00,6d,00,70,00,6c,00,61,00,79,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,2c,00,30,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPrintPicturesOnArrival]
"DefaultIcon"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,31,00,37,00,00,00
"Action"="@%SystemRoot%\\system32\\SHELL32.dll,-17158"
"Provider"="@%SystemRoot%\\system32\\SHELL32.dll,-17159"
"InvokeProgID"="Applications\\shimgvw.dll"
"InvokeVerb"="print"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPromptEachTime]
"DefaultIcon"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,33,00,00,00
"Action"="Prompt each time"
"Provider"="Windows Explorer"
"ProgID"="Shell.Autoplay"
"InitCmdLine"="PromptEachTime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPromptEachTimeNoContent]
"DefaultIcon"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,33,00,00,00
"Action"="Prompt each time - No Content"
"Provider"="Windows Explorer"
"ProgID"="Shell.Autoplay"
"InitCmdLine"="PromptEachTimeNoContent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSRipCDAudioOnArrival]
"Action"="@wmploc.dll,-6506"
"Provider"="@wmploc.dll,-6502"
"InvokeProgID"="WMP.RipCD"
"InvokeVerb"="Rip"
"DefaultIcon"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
20,00,4d,00,65,00,64,00,69,00,61,00,20,00,50,00,6c,00,61,00,79,00,65,00,72,\
00,5c,00,77,00,6d,00,70,00,6c,00,61,00,79,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,2c,00,30,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSSHAudioDevHandler]
@=""
"Action"="@%SystemRoot%\\system32\\Audiodev.dll,-500"
"Provider"="@%SystemRoot%\\system32\\Audiodev.dll,-501"
"DefaultIcon"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
41,00,75,00,64,00,69,00,6f,00,64,00,65,00,76,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,35,00,30,00,00,00
"ProgID"="Shell.HWEventHandlerShellExecute"
"InitCmdLine"="::{21EC2020-3AEA-1069-A2DD-08002B30309D}\\::{640167b4-59b0-47a6-b335-a6b3c0695aea}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSShowPicturesOnArrival]
"DefaultIcon"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,32,00,34,00,39,00,00,00
"Action"="@%SystemRoot%\\system32\\SHELL32.dll,-17156"
"Provider"="@%SystemRoot%\\system32\\SHELL32.dll,-17157"
"InvokeProgID"="Shell.AutoplayForSlideShow.1"
"InvokeVerb"="open"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSTakeNoAction]
"DefaultIcon"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,33,00,33,00,38,00,00,00
"Action"="@%SystemRoot%\\system32\\SHELL32.dll,-17168"
"Provider"="<TakeNoAction>"
"ProgID"="Shell.AutoplaySpecial"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSVideoCameraArrival]
"InitCmdLine"=""C:\\Program Files\\Movie Maker\\moviemk.exe" /RECORD"
"ProgID"="Shell.HWEventHandlerShellExecute"
"DefaultIcon"="C:\\Program Files\\Movie Maker\\moviemk.exe,0"
"CLSIDForCancel"="{AB007EC8-E2D4-4664-ACD9-1D059681F3DE}"
"Action"="@C:\\Program Files\\Movie Maker\\wmm2res.dll,-63095"
"Provider"="@C:\\Program Files\\Movie Maker\\wmm2res.dll,-100"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWiaEventHandler]
"ProgID"="WiaDevMgr"
"Action"="@%systemroot%\\System32\\wiaacmgr.exe,-276"
"Provider"="@%systemroot%\\System32\\wiaacmgr.exe,-101"
"DefaultIcon"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,69,00,61,00,61,00,63,00,6d,00,67,00,72,00,2e,00,65,00,78,00,65,00,2c,\
00,2d,00,32,00,00,00
"InvokeProgID"="WIA.AutoplayDropHandler.1"
"InvokeVerb"="open"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMDMHandler]
"Action"="@wmploc.dll,-29300"
"CLSIDForCancel"="{91778246-9BE4-4713-A651-E833B853CC30}"
"DefaultIcon"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
20,00,4d,00,65,00,64,00,69,00,61,00,20,00,50,00,6c,00,61,00,79,00,65,00,72,\
00,5c,00,77,00,6d,00,70,00,6c,00,61,00,79,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,2c,00,30,00,00,00
"ProgID"="WMP.Device"
"Provider"="@wmploc.dll,-6502"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMPBurnCDOnArrival]
"Action"="@wmploc.dll,-6505"
"Provider"="@wmploc.dll,-6502"
"InvokeProgID"="WMP.BurnCD"
"InvokeVerb"="Burn"
"DefaultIcon"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
20,00,4d,00,65,00,64,00,69,00,61,00,20,00,50,00,6c,00,61,00,79,00,65,00,72,\
00,5c,00,77,00,6d,00,70,00,6c,00,61,00,79,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,2c,00,30,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWPDShellNamespaceHandler]
@=""
"Action"="@%SystemRoot%\\System32\\WPDShextRes.dll,-500"
"Provider"="@%SystemRoot%\\System32\\WPDShextRes.dll,-501"
"DefaultIcon"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,70,00,64,00,73,00,68,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,2c,\
00,2d,00,37,00,32,00,30,00,00,00
"CLSID"="{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\NeroAutoPlay2CDAudio]
"Action"="Make Audio CD"
"DefaultIcon"="C:\\Program Files\\Common Files\\Ahead\\Lib\\apreg.dll,-2006"
"Provider"="Nero Express"
"InvokeProgID"="Nero.AutoPlay2"
"InvokeVerb"="HandleCDBurningOnArrival_CDAudio"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\NeroAutoPlay2CopyCD]
"Action"="Copy CD"
"DefaultIcon"="C:\\Program Files\\Common Files\\Ahead\\Lib\\apreg.dll,-2024"
"Provider"="Nero Express"
"InvokeProgID"="Nero.AutoPlay2"
"InvokeVerb"="PlayCDAudioOnArrival_CopyCD"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\NeroAutoPlay2DataDisc]
"Action"="Make Data Disc"
"DefaultIcon"="C:\\Program Files\\Common Files\\Ahead\\Lib\\apreg.dll,-2002"
"Provider"="Nero Express"
"InvokeProgID"="Nero.AutoPlay2"
"InvokeVerb"="HandleCDBurningOnArrival_DataDisc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\NeroAutoPlay2LaunchNeroStartSmart]
"Action"="Create Your Own Disc"
"DefaultIcon"="C:\\Program Files\\Common Files\\Ahead\\Lib\\apreg.dll,-2026"
"Provider"="Nero StartSmart"
"InvokeProgID"="Nero.AutoPlay2"
"InvokeVerb"="HandleCDBurningOnArrival_LaunchNeroStartSmart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\PDVDPlayDVDMovieOnArrival]
"Action"="Play DVD Video"
"DefaultIcon"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe,0"
"InvokeProgID"="DVD"
"InvokeVerb"="PlayWithPowerDVD"
"Provider"="PowerDVD"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\PDVDPlayVCDMovieOnArrival]
"Action"="Play VCD Video"
"DefaultIcon"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe,0"
"InvokeProgID"="VCD"
"InvokeVerb"="PlayWithPowerDVD"
"Provider"="PowerDVD"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\PSASE30ImportPicturesOnArrival]
"Provider"="Adobe Photoshop Album Starter Edition"
"InvokeVerb"="launch"
"InvokeProgID"="PSASE30.autoplay"
"DefaultIcon"="C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\Photoshop Album Starter Edition.exe,-111"
"Action"="View, Find, Fix, and Share Photos"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket]
"UseGlobalSettings"=dword:00000001
"Percent"=dword:0000000a
"NukeOnDelete"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\c]
"VolumeSerialNumber"=dword:00802c04
"IsUnicode"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\d]
"VolumeSerialNumber"=dword:423b2bdf
"IsUnicode"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess]
"BrowseNewProcess"="yes"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
@="AcroIEHelperStub"
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
@="JQSIEStartDetectorImpl"
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\AudioBurnHandlers]
@="{8dd448e6-c188-4aed-af92-44956194eb1f}"
"{8dd448e6-c188-4aed-af92-44956194eb1f}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\AudioBurnHandlers\{8dd448e6-c188-4aed-af92-44956194eb1f}]
"verb"="WMPBurnAsAudioCD"
"SupportedFileTypes"="*.WMA;*.MP3;*.WAV"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\ExcludedFS]
"UDF"=""
"CDUDF"=""
"CDUDFRW"=""
"UDFREADR"=""
"UDF1.50"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\Flags]
"desk.cpl"=dword:00000001
"access.cpl"=dword:00000001
"hdwwiz.cpl"=dword:00000001
"keymgr.cpl"=dword:00000001
"inetcpl.cpl"=dword:00000001
"joy.cpl"=dword:00000001
"main.cpl"=dword:00000001
"intl.cpl"=dword:00000001
"mmsys.cpl"=dword:00000001
"sapi.cpl"=dword:00000001
"sysdm.cpl"=dword:00000001
"telephon.cpl"=dword:00000001
"timedate.cpl"=dword:00000001
"powercfg.cpl"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Accessibility_Options]
"IconIndex"=dword:0000006e
"Info"="Customizes accessibility features for your computer."
"Module"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,61,00,\
63,00,63,00,65,00,73,00,73,00,2e,00,63,00,70,00,6c,00,00,00
"Name"="Accessibility Options"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Add-Remove_Programs]
"IconIndex"=dword:000005dc
"Info"="Installs and removes programs and Windows components."
"Module"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,61,00,\
70,00,70,00,77,00,69,00,7a,00,2e,00,63,00,70,00,6c,00,00,00
"Name"="Add/Remove Programs"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Date-Time]
"IconIndex"=dword:000000c8
"Info"="Changes date, time, and time-zone information."
"Module"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,74,00,\
69,00,6d,00,65,00,64,00,61,00,74,00,65,00,2e,00,63,00,70,00,6c,00,00,00
"Name"="Date/Time"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Dialing_Options]
"IconIndex"=dword:00000064
"Info"="Configures telephone dialing rules for your location."
"Module"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,74,00,\
65,00,6c,00,65,00,70,00,68,00,6f,00,6e,00,2e,00,63,00,70,00,6c,00,00,00
"Name"="Dialing Options"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Display_Properties]
"IconIndex"=dword:00000064
"Info"="Customizes your desktop display and screen saver."
"Module"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
65,00,73,00,6b,00,2e,00,63,00,70,00,6c,00,00,00
"Name"="Display"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Internet_Options]
"IconIndex"=dword:00001187
"Info"="Configures your Internet display and connections settings."
"Module"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,\
6e,00,65,00,74,00,63,00,70,00,6c,00,2e,00,63,00,70,00,6c,00,00,00
"Name"="Internet Options"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Printers]
"IconIndex"=dword:0000012c
"Info"="Adds, removes and changes settings for printers."
"Module"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
61,00,69,00,6e,00,2e,00,63,00,70,00,6c,00,00,00
"Name"="Printers and Faxes"
@="{2227A280-3AEA-1069-A2DE-08002B30309D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{002B9E07-2E10-438F-AF1E-40E6A96F1EE4}]
@="NVIDIA nView Desktop Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{0DF44EAA-FF21-4412-828E-260A8728E7F1}]
@="Taskbar and Start Menu"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}]
@="Folder Options"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{7007ACC7-3202-11D1-AAD2-00805FC1270E}]
@="Network Connections"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{78CB147A-98EA-4AA6-B0DF-C8681F69341C}]
@="CardSpace"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D20EA4E1-3957-11d2-A40B-0C5020524152}]
@="Fonts"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D20EA4E1-3957-11d2-A40B-0C5020524153}]
@="Administrative Tools"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}]
@="Scheduled Tasks"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{E211B736-43FD-11D1-9EFB-0000F8757FCD}]
@="Scanners & Cameras"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CSSFilters]
"oavredirect"="{999937BC-30FE-11D4-BA52-00C04F6843FA}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}]
@="IE History and Feeds Shell Data Source for Windows Search"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}]
@="Computer Search Results Folder"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}]
@=""
"Removal Message"="@mydocs.dll,-900"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}]
@="Recycle Bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}]
@="Search Results Folder"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DeviceUpdateLocations]
"::{21EC2020-3AEA-1069-A2DD-08002B30309D}\\::{35786D3C-B075-49b9-88DD-029876E11C01}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths]
"Owner"="C:\\Documents and Settings\\Owner\\My Documents"
"Ivan"="C:\\Documents and Settings\\Ivan\\My Documents"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c\DefaultIcon]
@="%SystemRoot%\\system32\\shell32.dll,131"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\F]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\F\DefaultIcon]
@="%SystemRoot%\\system32\\diconxp.dll,1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\F\DefaultLabel]
@="MMC/SD"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\G]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\G\DefaultIcon]
@="%SystemRoot%\\system32\\diconxp.dll,2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\G\DefaultLabel]
@="CompactFlashI/II"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\H]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\H\DefaultIcon]
@="%SystemRoot%\\system32\\diconxp.dll,3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\H\DefaultLabel]
@="SmartMedia"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\I]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\I\DefaultIcon]
@="%SystemRoot%\\system32\\diconxp.dll,4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\I\DefaultLabel]
@="MS/MS Pro"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation]
"KillList"="%1;explorer.exe;dvdplay.exe;mplay32.exe;msohtmed.exe;quikview.exe;rundll.exe;rundll32.exe;taskman.exe;bck32api.dll;"
"CutList"=hex(7):41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,\
6e,00,20,00,46,00,69,00,6c,00,65,00,00,00,4d,00,46,00,43,00,20,00,41,00,70,\
00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00
"AddRemoveApps"="SETUP.EXE;INSTALL.EXE;ISUNINST.EXE;UNWISE.EXE;UNWISE32.EXE;ST5UNST.EXE;RUNDLL32.EXE;MSOOBE.EXE;LNKSTUB.EXE"
"AddRemoveNames"="Documentation;Help;Install;More Info;Readme;Read me;Read First;Setup;Support;What's New;Remove "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\OutlookFind]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\ShellFindInDirectory]
@="{F020E586-5264-11d1-A532-0000F8757D7E}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\OutlookFind]
@="{0006F019-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\OutlookFind\0]
@="Using Microsoft &Outlook..."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\OutlookFind\0\DefaultIcon]
@="C:\\PROGRA~1\\MICROS~2\\OFFICE11\\OLKFSTUB.DLL,0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\RealSearch]
@="{A06B0DBC-8272-4D72-A366-B8090BBE1871}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\RealSearch\0]
@="For Internet &Audio/Video..."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\RealSearch\0\DefaultIcon]
@="C:\\Program Files\\Real\\RealPlayer\\rpshellsearch.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch]
@="{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0]
@="For &Files or Folders..."
"LocalizedString"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,\
2c,00,2d,00,32,00,33,00,32,00,33,00,32,00,00,00
"RunInProcess"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,48,00,\
45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,33,\
00,34,00,00,00
"HotIcon"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,\
00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,\
35,00,30,00,00,00
"GrayIcon"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,\
00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,\
35,00,31,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0\HelpText]
@="Search for files or folders"
"LocalizedString"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,\
2c,00,2d,00,32,00,33,00,32,00,39,00,36,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0\SearchGUID]
@="{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0\SearchGUID\UrlNavNew]
@=hex(2):3a,00,3a,00,7b,00,65,00,31,00,37,00,64,00,34,00,66,00,63,00,30,00,2d,\
00,35,00,35,00,36,00,34,00,2d,00,31,00,31,00,64,00,31,00,2d,00,38,00,33,00,\
66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,30,00,64,00,63,00,38,\
00,34,00,39,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1]
@="For &Computers"
"LocalizedString"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,\
2c,00,2d,00,32,00,33,00,32,00,33,00,33,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,48,00,\
45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,33,\
00,35,00,00,00
"HotIcon"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,\
00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,\
35,00,32,00,00,00
"GrayIcon"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,\
00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,\
35,00,33,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1\HelpText]
@="Search for computers on the network"
"LocalizedString"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,\
2c,00,2d,00,32,00,33,00,32,00,39,00,37,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1\SearchGUID]
@="{996E1EB1-B524-11d1-9120-00A0C98BA67D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1\SearchGUID\UrlNavNew]
@=hex(2):3a,00,3a,00,7b,00,31,00,66,00,34,00,64,00,65,00,33,00,37,00,30,00,2d,\
00,64,00,36,00,32,00,37,00,2d,00,31,00,31,00,64,00,31,00,2d,00,62,00,61,00,\
34,00,66,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,65,00,64,\
00,62,00,61,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\2]
@="For &Printer"
"LocalizedString"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,\
2c,00,2d,00,32,00,33,00,32,00,33,00,34,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\2\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,48,00,\
45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,33,\
00,35,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\2\HelpText]
@="Search for a printer"
"LocalizedString"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,\
2c,00,2d,00,32,00,33,00,32,00,39,00,38,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\2\SearchGUID]
@="{D515F311-B78B-11d1-9123-00A0C98BA67D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WabFind]
@="{32714800-2E5F-11d0-8B85-00AA0044F941}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WabFind\0]
@="For &People..."
"LocalizedString"="@C:\\Program Files\\Common Files\\System\\wab32res.dll,-1646"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WabFind\0\DefaultIcon]
@="C:\\Program Files\\Outlook Express\\wabfind.dll, 0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WebSearch]
@="{07798131-AF23-11d1-9111-00A0C98BA67D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WebSearch\0]
@="On the &Internet..."
"LocalizedString"="@browselc.dll,-13060"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WebSearch\0\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
64,00,6f,00,63,00,76,00,77,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,31,\
00,31,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WebSearch\0\HelpText]
@="Search the web"
"LocalizedString"="@browselc.dll,-13061"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"="0"
"{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000001
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"=dword:00000001
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=dword:00000001
"{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons]
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap]
".xltx"="Document"
".pptx"="Document"
".docx"="Document"
".xltm"="Document"
".xlsx"="Document"
".xlsm"="Document"
".xlsb"="Document"
".ppsx"="Document"
".pptm"="Document"
".ppsm"="Document"
".potx"="Document"
".potm"="Document"
".sldx"="Document"
".sldm"="Document"
".docm"="Document"
".dotx"="Document"
".dotm"="Document"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath]
@=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,74,00,\
62,00,61,00,63,00,6b,00,75,00,70,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\cleanuppath]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6c,00,\
65,00,61,00,6e,00,6d,00,67,00,72,00,2e,00,65,00,78,00,65,00,20,00,2f,00,44,\
00,20,00,25,00,63,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath]
@=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,66,00,\
72,00,67,00,2e,00,6d,00,73,00,63,00,20,00,25,00,63,00,3a,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\Controls]
@="{21EC2020-3AEA-1069-A2DD-08002B30309D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders\{35786D3C-B075-49b9-88DD-029876E11C01}]
@="Portable Devices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders\{59031a47-3f72-44a7-89c5-5595fe6b30ee}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
@="Portable Media Devices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders\{E211B736-43FD-11D1-9EFB-0000F8757FCD}]
@="Scanners & Cameras"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}]
@="Web Folders"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}]
@="Messenger Sharing Folders"

Look.bat result pt.319th November 2010, 1:44 am

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects\WorkgroupCrawler]
"CLSID"="{72b3882f-453a-4633-aac9-8c3dced62aff}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\DelegateFolders]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\DelegateFolders\{9DB7A13C-F208-4981-8353-73CC61AE2783}]
@="Previous Versions"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{2728520d-1ec8-4c68-a551-316b684c4ea7}]
@="{2728520d-1ec8-4c68-a551-316b684c4ea7}"
"SuppressionPolicy"=dword:08000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{3c5c43a3-9ce9-4a9b-9699-2ac0cf6cc4bf}]
@="{3c5c43a3-9ce9-4a9b-9699-2ac0cf6cc4bf}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{D4480A50-BA28-11d1-8E75-00C04FA31A86}]
@="{D4480A50-BA28-11d1-8E75-00C04FA31A86}"
"SuppressionPolicy"=dword:08000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NewShortcutHandlers]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\PublishingWizard]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\PublishingWizard\InternetPhotoPrinting]
"ContentTypeFilter"="image/*"
"DefaultIcon"="shell32.dll,-251"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs]
"ViewStream"=hex:1c,00,00,00,04,00,00,00,00,00,00,00,00,00,58,00,03,00,00,00,\
01,00,00,00,03,00,00,00,f0,f0,f0,f0,14,00,03,00,58,00,00,00,00,00,00,00,30,\
00,00,00,fd,df,df,fd,0e,00,02,00,18,00,10,00,1c,00,00,00,00,00,00,00,01,00,\
00,00,78,00,78,00,00,00,00,00,03,00,00,00,ff,ff,ff,ff

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{2227A280-3AEA-1069-A2DE-08002B30309D}]
@="Printers"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}]
@="Scheduled Tasks"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoveAccess]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData"="C:\\Documents and Settings\\All Users\\Application Data"
"Common Programs"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs"
"Common Documents"="C:\\Documents and Settings\\All Users\\Documents"
"Common Desktop"="C:\\Documents and Settings\\All Users\\Desktop"
"Common Start Menu"="C:\\Documents and Settings\\All Users\\Start Menu"
"CommonPictures"="C:\\Documents and Settings\\All Users\\Documents\\My Pictures"
"CommonMusic"="C:\\Documents and Settings\\All Users\\Documents\\My Music"
"CommonVideo"="C:\\Documents and Settings\\All Users\\Documents\\My Videos"
"Common Favorites"="C:\\Documents and Settings\\All Users\\Favorites"
"Common Startup"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup"
"Common Templates"="C:\\Documents and Settings\\All Users\\Templates"
"Common Administrative Tools"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Administrative Tools"
"Personal"="C:\\WINDOWS\\system32\\config\\systemprofile\\My Documents\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files]
@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}]
"AutoStart"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu]
"Type"="group"
"Text"="@shell32.dll,-30464"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,30,\
00,00,00
"HelpID"="windows.hlp#51132"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\Policy\NoChangeStartMenu]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu]
"Type"="group"
"Text"="@shell32.dll,-30464"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,30,\
00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\AdminTools]
"Type"="checkbox"
"Text"="@shell32.dll,-30476"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="StartMenuAdminTools"
"CheckedValue"=hex(2):59,00,45,00,53,00,00,00
"UncheckedValue"=hex(2):4e,00,4f,00,00,00
"DefaultValue"="NO"
"HelpID"="windows.hlp#51140"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\CascadeControlPanel]
"Type"="checkbox"
"Text"="@shell32.dll,-30468"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="CascadeControlPanel"
"CheckedValue"=hex(2):59,00,45,00,53,00,00,00
"UncheckedValue"=hex(2):4e,00,4f,00,00,00
"DefaultValue"="NO"
"HelpID"="windows.hlp#51135"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\CascadeControlPanel\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\CascadeControlPanel\Policy\NoControlPanel]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\CascadeControlPanel\Policy\NoSetFolders]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\CascadeMyDocuments]
"Type"="checkbox"
"Text"="@shell32.dll,-30469"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="CascadeMyDocuments"
"CheckedValue"=hex(2):59,00,45,00,53,00,00,00
"UncheckedValue"=hex(2):4e,00,4f,00,00,00
"DefaultValue"="NO"
"HelpID"="windows.hlp#51136"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\CascadeMyDocuments\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\CascadeMyDocuments\Policy\NoSMMyDocs]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\CascadeMyPictures]
"Type"="checkbox"
"Text"="@shell32.dll,-30472"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="CascadeMyPictures"
"CheckedValue"=hex(2):59,00,45,00,53,00,00,00
"UncheckedValue"=hex(2):4e,00,4f,00,00,00
"DefaultValue"="NO"
"HelpID"="windows.hlp#51146"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\CascadeMyPictures\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\CascadeMyPictures\Policy\NoSMMyPictures]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\CascadePrinters]
"Type"="checkbox"
"Text"="@shell32.dll,-30470"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="CascadePrinters"
"CheckedValue"=hex(2):59,00,45,00,53,00,00,00
"UncheckedValue"=hex(2):4e,00,4f,00,00,00
"DefaultValue"="NO"
"HelpID"="windows.hlp#51137"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\CascadePrinters\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\CascadePrinters\Policy\NoSetFolders]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\IntelliMenus]
"Type"="checkbox"
"Text"="@shell32.dll,-30465"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="IntelliMenus"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="windows.hlp#51139"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\IntelliMenus\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\IntelliMenus\Policy\IntelliMenus]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\NetConnect]
"Type"="checkbox"
"Text"="@shell32.dll,-30473"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="CascadeNetworkConnections"
"CheckedValue"=hex(2):59,00,45,00,53,00,00,00
"UncheckedValue"=hex(2):4e,00,4f,00,00,00
"DefaultValue"="NO"
"HelpID"="windows.hlp#51141"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\NetConnect\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\NetConnect\Policy\NoNetworkConnections]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\NetConnect\Policy\NoSetFolders]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\SmallIcons]
"Type"="checkbox"
"Text"="@shell32.dll,-30477"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_LargeIcons"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000001
"HelpID"="windows.hlp#6010"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuChange]
"Type"="checkbox"
"Text"="@shell32.dll,-30475"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="StartMenuChange"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="windows.hlp#51145"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuChange\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuChange\Policy\NoChangeStartMenu]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuFavorites]
"Type"="checkbox"
"Text"="@shell32.dll,-30466"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="StartMenuFavorites"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"="0"
"HelpID"="windows.hlp#51134"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuFavorites\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuFavorites\Policy\NoFavoritesMenu]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuLogoff]
"Type"="checkbox"
"Text"="@shell32.dll,-30467"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="StartMenuLogoff"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000
"HelpID"="windows.hlp#51133"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuLogoff\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuLogoff\Policy\ForceStartMenuLogoff]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuLogoff\Policy\LogonType]
"RegKey"="Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuLogoff\Policy\StartMenuLogoff]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuRun]
"Type"="checkbox"
"Text"="@shell32.dll,-30474"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="StartMenuRun"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="windows.hlp#51142"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuRun\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuRun\Policy\NoRun]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuScrollPrograms]
"Type"="checkbox"
"Text"="@shell32.dll,-30471"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="StartMenuScrollPrograms"
"CheckedValue"=hex(2):59,00,45,00,53,00,00,00
"UncheckedValue"=hex(2):4e,00,4f,00,00,00
"DefaultValue"="NO"
"HelpID"="windows.hlp#51138"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ControlPanel]
"Type"="group"
"Text"="@shell32.dll,-30488"
"Bitmap"="%SystemRoot%\\System32\\shell32.dll,22"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ControlPanel\Hide]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30492"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowControlPanel"
"CheckedValue"=dword:00000000
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ControlPanel\Menu]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30491"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowControlPanel"
"CheckedValue"=dword:00000002
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ControlPanel\Open]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30490"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowControlPanel"
"CheckedValue"=dword:00000001
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ControlPanel\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ControlPanel\Policy\NoControlPanel]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\EnableDragDrop]
"Type"="checkbox"
"Text"="@shell32.dll,-30475"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_EnableDragDrop"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\EnableDragDrop\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\EnableDragDrop\Policy\NoChangeStartMenu]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\Favorites]
"Type"="checkbox"
"Text"="@shell32.dll,-30484"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="StartMenuFavorites"
"CheckedValue"=dword:00000002
"UncheckedValue"=dword:00000000
"HelpID"="windows.hlp#51134"
"DefaultValue"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\Favorites\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\Favorites\Policy\NoFavoritesMenu]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyComp]
"Type"="group"
"Text"="@shell32.dll,-30480"
"Bitmap"="%SystemRoot%\\explorer.exe,100"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyComp\Hide]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30492"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowMyComputer"
"CheckedValue"=dword:00000000
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyComp\Menu]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30491"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowMyComputer"
"CheckedValue"=dword:00000002
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyComp\Open]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30490"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowMyComputer"
"CheckedValue"=dword:00000001
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyComp\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyComp\Policy\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
"RegKey"="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyDocs]
"Type"="group"
"Text"="@shell32.dll,-30485"
"Bitmap"="%SystemRoot%\\System32\\shell32.dll,235"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyDocs\Hide]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30492"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowMyDocs"
"CheckedValue"=dword:00000000
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyDocs\Menu]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30491"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowMyDocs"
"CheckedValue"=dword:00000002
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyDocs\Open]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30490"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowMyDocs"
"CheckedValue"=dword:00000001
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyDocs\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyDocs\Policy\NoSMMyDocs]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyMusic]
"Type"="group"
"Text"="@shell32.dll,-30487"
"Bitmap"="%SystemRoot%\\System32\\shell32.dll,237"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyMusic\Hide]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30492"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowMyMusic"
"CheckedValue"=dword:00000000
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyMusic\Menu]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30491"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowMyMusic"
"CheckedValue"=dword:00000002
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyMusic\Open]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30490"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowMyMusic"
"CheckedValue"=dword:00000001
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyMusic\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyMusic\Policy\NoStartMenuMyMusic]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyPics]
"Type"="group"
"Text"="@shell32.dll,-30486"
"Bitmap"="%SystemRoot%\\System32\\shell32.dll,236"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyPics\Hide]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30492"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowMyPics"
"CheckedValue"=dword:00000000
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyPics\Menu]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30491"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowMyPics"
"CheckedValue"=dword:00000002
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyPics\Open]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30490"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowMyPics"
"CheckedValue"=dword:00000001
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyPics\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyPics\Policy\NoSMMyPictures]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\NetConn]
"Type"="group"
"Text"="@shell32.dll,-30482"
"Bitmap"="%SystemRoot%\\System32\\shell32.dll,175"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\NetConn\Hide]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30492"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowNetConn"
"CheckedValue"=dword:00000000
"DefaultValue"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\NetConn\Menu]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30495"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowNetConn"
"CheckedValue"=dword:00000002
"DefaultValue"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\NetConn\Open]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30494"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowNetConn"
"CheckedValue"=dword:00000001
"DefaultValue"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\NetConn\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\NetConn\Policy\NoNetworkConnections]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowAdminTools]
"Type"="group"
"Text"="@shell32.dll,-30515"
"Bitmap"="%SystemRoot%\\System32\\main.cpl,500"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowAdminTools\Both]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30478"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_AdminToolsTemp"
"CheckedValue"=dword:00000002
"DefaultValue"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowAdminTools\Hide]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30492"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_AdminToolsTemp"
"CheckedValue"=dword:00000000
"DefaultValue"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowAdminTools\Menu]
"HKeyRoot"=dword:80000001
"Type"="radio"
"Text"="@shell32.dll,-30479"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_AdminToolsTemp"
"CheckedValue"=dword:00000001
"HelpID"="windows.hlp#51140"
"DefaultValue"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowHelp]
"Type"="checkbox"
"Text"="@shell32.dll,-30489"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowHelp"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowHelp\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowHelp\Policy\NoSMHelp]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowNetPlaces]
"Type"="checkbox"
"Text"="@shell32.dll,-30481"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowNetPlaces"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowNetPlaces\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowNetPlaces\Policy\NoStartMenuNetworkPlaces]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowOEMLink]
"Type"="checkbox"
"Text"="@shell32.dll,-30516"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowOEMLink"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"NoOEMLinkInstalled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowOEMLink\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowOEMLink\Policy\NoOEMLinkInstalled]
"RegKey"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartMenu\\StartPanel\\ShowOEMLink"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowPrinters]
"Type"="checkbox"
"Text"="@shell32.dll,-30493"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowPrinters"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowPrinters\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowPrinters\Policy\NoSetFolders]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowRun]
"Type"="checkbox"
"Text"="@shell32.dll,-30483"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowRun"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001

Look.bat result pt.419th November 2010, 1:45 am

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowRun\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowRun\Policy\NoRun]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowSearch]
"Type"="checkbox"
"Text"="@shell32.dll,-30496"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowSearch"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowSearch\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowSearch\Policy\NoFind]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowSetProgramAccessAndDefaults]
"Type"="checkbox"
"Text"="@xpsp1res.dll,-10077"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ShowSetProgramAccessAndDefaults"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowSetProgramAccessAndDefaults\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowSetProgramAccessAndDefaults\Policy\NoSMConfigurePrograms]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\StartMenuScrollPrograms]
"Type"="checkbox"
"Text"="@shell32.dll,-30471"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="Start_ScrollPrograms"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"HelpID"="windows.hlp#51138"
"DefaultValue"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Streams]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]
"Default Taskbar"=hex:0c,00,00,00,08,00,00,00,02,00,00,00,00,00,00,00,b0,e2,2b,\
d8,64,57,d0,11,a9,6e,00,c0,4f,d7,05,a2,22,00,1c,00,0a,01,00,00,1a,00,00,00,\
01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4c,00,00,00,01,14,02,00,00,\
00,00,00,c0,00,00,00,00,00,00,46,83,00,00,00,10,00,00,00,a0,b0,48,5e,89,8d,\
bd,01,00,d8,9e,e4,2a,8d,bd,01,00,45,fe,5e,89,8d,bd,01,00,00,00,00,00,00,00,\
00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,13,01,14,00,1f,0f,e0,4f,\
d0,20,ea,3a,69,10,a2,d8,08,00,2b,30,30,9d,19,00,23,44,3a,5c,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,cd,97,15,00,31,00,00,00,00,00,af,24,5c,\
b9,10,80,57,69,6e,6e,74,00,00,20,00,31,00,00,00,00,00,af,24,a3,b9,10,00,50,\
72,6f,66,69,6c,65,73,00,50,52,4f,46,49,4c,45,53,00,19,00,31,00,00,00,00,00,\
c1,24,08,92,10,00,69,65,35,30,30,2e,30,30,30,00,00,28,00,31,00,00,00,00,00,\
c1,24,08,92,10,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,44,61,74,61,00,41,50,\
50,4c,49,43,7e,31,00,21,00,31,00,00,00,00,00,c5,22,9d,91,10,00,4d,69,63,72,\
6f,73,6f,66,74,00,4d,49,43,52,4f,53,7e,31,00,29,00,31,00,00,00,00,00,d3,22,\
32,a6,10,00,49,6e,74,65,72,6e,65,74,20,45,78,70,6c,6f,72,65,72,00,49,4e,54,\
45,52,4e,7e,31,00,24,00,31,00,00,00,00,00,db,22,76,ba,10,00,51,75,69,63,6b,\
20,4c,61,75,6e,63,68,00,51,55,49,43,4b,4c,7e,31,00,00,00,8d,00,00,00,1c,00,\
00,00,01,00,00,00,1c,00,00,00,36,00,00,00,0d,f0,ad,ba,8c,00,00,00,1a,00,00,\
00,03,00,00,00,e7,18,2d,23,10,00,00,00,49,45,35,30,30,5f,58,31,43,00,43,3a,\
5c,57,49,4e,4e,54,5c,50,72,6f,66,69,6c,65,73,5c,49,45,35,30,30,2e,30,30,30,\
5c,41,70,70,6c,69,63,61,74,69,6f,6e,20,44,61,74,61,5c,4d,69,63,72,6f,73,6f,\
66,74,5c,49,6e,74,65,72,6e,65,74,20,45,78,70,6c,6f,72,65,72,5c,51,75,69,63,\
6b,20,4c,61,75,6e,63,68,00,00,10,00,00,00,05,00,00,a0,1a,00,00,00,a3,00,00,\
00,00,00,00,00,08,00,00,00,02,00,00,00,cc,00,00,00,01,00,00,00,03,00,00,00,\
4a,00,00,00,01,00,00,00,40,00,32,00,e6,01,00,00,c4,24,15,9f,20,00,4c,61,75,\
6e,63,68,20,49,6e,74,65,72,6e,65,74,20,45,78,70,6c,6f,72,65,72,20,42,72,6f,\
77,73,65,72,2e,6c,6e,6b,00,4c,41,55,4e,43,48,7e,32,2e,4c,4e,4b,00,00,00,40,\
00,00,00,02,00,00,00,36,00,32,00,48,02,00,00,c4,24,15,9f,20,00,4c,61,75,6e,\
63,68,20,4f,75,74,6c,6f,6f,6b,20,45,78,70,72,65,73,73,2e,6c,6e,6b,00,4c,41,\
55,4e,43,48,7e,31,2e,4c,4e,4b,00,00,00,36,00,00,00,00,00,00,00,2c,00,32,00,\
51,00,00,00,ec,22,46,39,20,00,53,68,6f,77,20,44,65,73,6b,74,6f,70,2e,73,63,\
66,00,53,48,4f,57,44,45,7e,31,2e,53,43,46,00,00,00,52,00,00,00,e0,00,00,00,\
00,00,00,00,16,00,00,00,00,00,00,00,00,00,00,00,16,00,00,00,00,00,00,00,01,\
00,00,00,01,00,00,00,aa,4f,28,68,48,6a,d0,11,8c,78,00,c0,4f,d9,18,b4,37,02,\
00,00,e0,00,00,00,00,00,00,00,16,00,00,00,00,00,00,00,00,00,00,00,16,00,00,\
00,00,00,00,00,01,00,00,00
"Default Toolbars"=hex:11,00,00,00,00,00,00,00
"Default Taskbar (Personal)"=hex:0c,00,00,00,08,00,00,00,01,00,00,00,00,00,00,\
00,aa,4f,28,68,48,6a,d0,11,8c,78,00,c0,4f,d9,18,b4,0c,03,00,00,e0,04,00,00,\
00,00,00,00,16,00,00,00,00,00,00,00,00,00,00,00,16,00,00,00,00,00,00,00,01,\
00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TemplateRegistry]
"759836355196470116432875075352719368045"=dword:00003bbc
"31201081023141380871971491562964136521"=dword:00003f08
"2236257933255982206610612438381165446813"=dword:000031be
"250153239513251071619937627273064686729"=dword:0000393c
"123892500533680544333792785953265880023"=dword:000065b8
"3232921342295069033492045977297776504"=dword:000070cc
"110701215198207921430106767603362976780"=dword:00005434
"18315419833596577732804927360167748216"=dword:00003b17
"534385382196949278426487088731447829188"=dword:00003ed7
"2117145300104658635922891143221327231034"=dword:000030ca
"202315359224578449923832318334689545061"=dword:000037f5
"239143530433762014158959751161467473627"=dword:000063a9
"377424428414834195038216645453495672483"=dword:0000706c
"345458271126867440384201098427628239681"=dword:000053a9
"2913513121276017290636006150141201379004"=dword:00003b8c
"374266662241192330481212073653045129164"=dword:00003f1b
"122480074329235720653494287652090052749"=dword:000031b8
"349183759723458232151089535808537937845"=dword:000038ac
"409243695206146459636554608623932834239"=dword:00006548
"3911984131197545598019713982267372560"=dword:000070d7
"16799843084207251244114768332207600206"=dword:00005498
"1096186870355500302736438383294102145342"=dword:00003b9f
"263730790836141322632295798971057458294"=dword:00003f1e
"231338797396349318138753840152947156933"=dword:0000319b
"301041256826182258125837825563105308910"=dword:000038ff
"951662534533577838748579251538997673"=dword:0000657a
"40516491947879509462273700913115044439"=dword:000070e3
"2205592198177798884315377470544167400871"=dword:00005474
"45665088220500043611428098892840990339"=dword:00003bb7
"168503096225512615220787626034281352961"=dword:00003f1b
"2622178187291782944122653746304076025173"=dword:000031d1
"35501806844269678103385120265642492641"=dword:000038d7
"2386980086346637267834663257101281701080"=dword:000065a4
"32906341164000006511288493911336454106"=dword:000070b7
"425049830835138737381621076613834218456"=dword:0000546b
"273153458012644511552530295831280254577"=dword:00003c30
"93776176859797401735714879492478115842"=dword:00003f65
"3153011509263679363323570338294220557613"=dword:00003302
"289847165941287988619340424412397874737"=dword:00003a7b
"395851621189816531110379067141723591477"=dword:0000673a
"4023732848122949273434246725693853128194"=dword:00007141
"2865606051144020415419428416321005291199"=dword:00005542
"23017067661801968972146276262952551800"=dword:00001f5f
"151335588414524090086460481584248794553"=dword:00001f44
"2203002876202313235418322117873297446950"=dword:00001f4b
"108147788237263905819996286251163528597"=dword:00001f44
"216670763106432720133427631742754862055"=dword:00001f47
"181300800188918632416544014844083055379"=dword:00001fbe
"17543836791543348803515660327847306486"=dword:00001f7f
"350779979227911894741354520884006304280"=dword:00001f3a
"1563131723405338815356672911924895142"=dword:00001f43
"416473528721035448613853396411373290883"=dword:00001f48
"420212029193365027714513311323797233565"=dword:00001f4e
"1468917077131965830714487110751398696173"=dword:00001f75
"431669286415970877512633631721439743867"=dword:00001f52
"314557626522944333594074956042977300370"=dword:00001f4f
"166992257223727311483054219998608359797"=dword:00001f8c
"85079218729887599515764100962414962115"=dword:00001f63
"239058526231469671172319280987485472678"=dword:00001f3f
"2170520030367887090537329878981893656942"=dword:00001f42
"59312625617506463853893452292402541166"=dword:00001f4b
"1481590384355781377585675538260320995"=dword:00001f73
"3965825631327931302334098510913708282888"=dword:00001f4a
"99101569834855281964163309032971779330"=dword:00001f46
"4156458644135791857613524070611387686230"=dword:00001f41
"29423773665110829527554543821847436844"=dword:000010c4
"2740514723288395706621790120211736345092"=dword:0000033e

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Tips]
"0"="If you don't know how to do something, you can look it up in Help. Just click Start, and then click Help."
"1"="The Shut Down command on the Start menu enables you to safely shut down your computer."
"10"="You can move the taskbar to any edge of your screen by dragging it with your mouse."
"11"="You can minimize all open windows at once; just use your right mouse button to click an empty area on the taskbar, and then click Minimize All Windows."
"12"="To set your computer's clock, you can double-click the clock on the taskbar."
"13"="You can minimize neck strain by positioning your monitor at eye level."
"14"="To change the color scheme, use the right mouse button to click the desktop, and then click Properties."
"15"="To select more than one file or folder, hold down CTRL while you click each item."
"16"="To change your screen saver, use your right mouse button to click the desktop, and then click Properties."
"17"="Deleted files and folders are saved in the Recycle Bin until you empty it."
"18"="You can use Paint in Accessories to draw pictures and to view bitmap files."
"19"="You can switch mouse buttons if you are left-handed. Just double-click the Mouse icon in Control Panel."
"2"="To add a program to your Start menu, you can drag the program's icon to the Start button."
"20"="To open a document quickly, you can double-click its icon."
"21"="To minimize wrist strain when you type, keep your wrists elevated or use a wristpad."
"22"="You can try many useful programs by clicking Start, pointing to Programs, and then clicking Accessories."
"23"="To start a command prompt window, from which you can start programs, click Start, point to Programs, and then click Command Prompt."
"24"="You can copy and paste text between MS-DOS and Windows NT. In the MS-DOS window, click the MS-DOS icon to see a menu, click Edit, and then click Mark. Select the text you want to copy and press ENTER to copy the text to the Clipboard. You can then paste the text into your application."
"25"="To see how much disk space is free, use your right mouse button to click the icon for the drive, and then click Properties."
"26"="Even if you don't shut down your computer at night, you can turn off your monitor to save power."
"27"="When a folder is open, you can press BACKSPACE to open a folder one level higher."
"28"="When you display files in Details view, you can sort them by clicking column headings. To sort files in reverse order, click the column heading once more."
"29"="To draw a selection box around a group of files, click at a corner of the group, and then drag the rectangle to form the box."
"3"="You can use your right mouse button to drag files. Try it and see what happens!"
"30"="The underlined letters in menus indicate a keyboard shortcut method to select the item. Just press ALT and the underlined letter."
"31"="You can put a shortcut to a printer on your desktop for easy access to printing functions."
"32"="For a bit of diversion, try a game in the Games folder. Click Start, point to Programs, point to Games, and then click a game."
"33"="To free disk space, try emptying the Recycle Bin."
"34"="You can drag a file's icon into a document, or even drag a shortcut icon into a document or mail message."
"35"="You can have programs start automatically when you start Windows NT by dragging their icons to the Startup folder."
"36"="If you have a tape drive, you can use Backup to make copies of important files or your entire volume. Click Start, point to Programs, point to Administrative Tools, and then click Backup."
"37"="In Windows NT Explorer, you can set options to show or hide the three-letter filename extensions."
"38"="Use Quick View to preview a document without opening it by right-clicking a document and then choosing Quick View from the menu that appears."
"39"="Use an error-checking tool to periodically check a volume for errors. In Windows NT Explorer, right-click the volume you want to check, click Properties, and then click the Tools tab."
"4"="You can use long filenames when you save documents. You can even use spaces!"
"40"="When you print a document, a printer icon appears on the taskbar. Double-click it to see a list of documents waiting to print."
"41"="To find out about any button on a toolbar, rest your mouse pointer on the button for a few seconds."
"42"="You can use the Run command on the Start menu to open shared folders on another computer."
"43"="You can customize Windows NT in many ways. Don't hesitate to experiment!"
"44"="If you work on a laptop computer away from your computer at the office, you can easily keep documents up-to-date on both machines by using Briefcase."
"45"="If your computer is set up to use a network directory service, you can double-click the Network Neighborhood icon on your desktop to see computers in your workgroup."
"46"="For security, you can change your password by pressing CTRL+ALT+DEL and clicking Change Password."
"47"="You can manage applications that are currently running by pressing CTRL+ALT+DEL and clicking Task Manager."
"48"="For security, you can lock your display whenever you leave your computer by pressing CTRL+ALT+DEL and clicking Lock Workstation."
"49"="You can create a shortcut to open a document or program that you use frequently directly from the desktop. A shortcut does not change the file's location; it just lets you open the file from a more convenient location."
"5"="You can click your right mouse button anywhere and see a menu of available commands."
"6"="To print a document quickly, drag its icon to a printer icon."
"7"="If you see a question mark button in the title bar of a window, you can get Help on each item in the window by clicking it, and then clicking the item."
"8"="You can use Windows NT Explorer to see all the files on your computer."
"9"="You can solve printer problems by using the Print Troubleshooter in Help."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=hex(2):25,00,41,00,4c,00,4c,00,55,00,53,00,45,00,52,00,53,00,\
50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,44,00,65,00,73,00,6b,\
00,74,00,6f,00,70,00,00,00
"Common Start Menu"=hex(2):25,00,41,00,4c,00,4c,00,55,00,53,00,45,00,52,00,53,\
00,50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,53,00,74,00,61,00,\
72,00,74,00,20,00,4d,00,65,00,6e,00,75,00,00,00
"Common Programs"=hex(2):25,00,41,00,4c,00,4c,00,55,00,53,00,45,00,52,00,53,00,\
50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,53,00,74,00,61,00,72,\
00,74,00,20,00,4d,00,65,00,6e,00,75,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
61,00,6d,00,73,00,00,00
"Common Startup"=hex(2):25,00,41,00,4c,00,4c,00,55,00,53,00,45,00,52,00,53,00,\
50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,53,00,74,00,61,00,72,\
00,74,00,20,00,4d,00,65,00,6e,00,75,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
61,00,6d,00,73,00,5c,00,53,00,74,00,61,00,72,00,74,00,75,00,70,00,00,00
"Common AppData"=hex(2):25,00,41,00,4c,00,4c,00,55,00,53,00,45,00,52,00,53,00,\
50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,6c,\
00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,\
00,00
"Common Templates"=hex(2):25,00,41,00,4c,00,4c,00,55,00,53,00,45,00,52,00,53,\
00,50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,54,00,65,00,6d,00,\
70,00,6c,00,61,00,74,00,65,00,73,00,00,00
"Common Favorites"=hex(2):25,00,41,00,4c,00,4c,00,55,00,53,00,45,00,52,00,53,\
00,50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,46,00,61,00,76,00,\
6f,00,72,00,69,00,74,00,65,00,73,00,00,00
"Common Documents"=hex(2):25,00,41,00,4c,00,4c,00,55,00,53,00,45,00,52,00,53,\
00,50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,44,00,6f,00,63,00,\
75,00,6d,00,65,00,6e,00,74,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\AnimateMinMax]
"Type"="checkbox"
"Text"="@shell32.dll,-30534"
"SPIActionGet"=dword:00000048
"SPIActionSet"=dword:00000049
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="windows.hlp#51140"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ComboBoxAnimation]
"Type"="checkbox"
"Text"="@shell32.dll,-30539"
"SPIActionGet"=dword:00001004
"SPIActionSet"=dword:00001005
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="windows.hlp#51140"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\CursorShadow]
"Type"="checkbox"
"Text"="@shell32.dll,-30531"
"SPIActionGet"=dword:0000101a
"SPIActionSet"=dword:0000101b
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="windows.hlp#51140"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DragFullWindows]
"Type"="checkbox"
"Text"="@shell32.dll,-30533"
"SPIActionGet"=dword:00000026
"SPIActionSet"=dword:00000025
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="windows.hlp#51140"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DropShadow]
"Type"="checkbox"
"Text"="@shell32.dll,-30532"
"SPIActionGet"=dword:00001024
"SPIActionSet"=dword:00001025
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"DefaultByAlphaTest"=dword:00000001
"HelpID"="windows.hlp#51140"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\FontSmoothing]
"Type"="checkbox"
"Text"="@shell32.dll,-30535"
"SPIActionGet"=dword:0000004a
"SPIActionSet"=dword:0000004b
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"DefaultByFontTest"=dword:00000000
"HelpID"="windows.hlp#51140"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListBoxSmoothScrolling]
"Type"="checkbox"
"Text"="@shell32.dll,-30544"
"SPIActionGet"=dword:00001006
"SPIActionSet"=dword:00001007
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="windows.hlp#51140"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewAlphaSelect]
"Type"="checkbox"
"Text"="@shell32.dll,-30540"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ListviewAlphaSelect"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000
"DefaultByAlphaTest"=dword:00000001
"HelpID"="windows.hlp#51140"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewShadow]
"Type"="checkbox"
"Text"="@shell32.dll,-30541"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ListviewShadow"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000
"DefaultByAlphaTest"=dword:00000001
"HelpID"="windows.hlp#51140"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewWatermark]
"Type"="checkbox"
"Text"="@shell32.dll,-30543"
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ListviewWatermark"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000
"MinimumMEM"=dword:00000054
"HelpID"="windows.hlp#51140"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\MenuAnimation]
"Type"="checkbox"
"Text"="@shell32.dll,-30536"
"SPIActionGet"=dword:00001002
"SPIActionSet"=dword:00001003
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"DefaultByAlphaTest"=dword:00000001
"HelpID"="windows.hlp#51140"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\SelectionFade]
"Type"="checkbox"
"Text"="@shell32.dll,-30546"
"SPIActionGet"=dword:00001014
"SPIActionSet"=dword:00001015
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"DefaultByAlphaTest"=dword:00000001
"HelpID"="windows.hlp#51140"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TaskbarAnimations]
"Type"="checkbox"
"Text"="@shell32.dll,-30530"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="TaskbarAnimations"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"DefaultByAlphaTest"=dword:00000001
"HelpID"="windows.hlp#51140"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\Themes]
"Type"="checkbox"
"Text"="@shell32.dll,-30538"
"CLSID"="{AABE54D4-6E88-4c46-A6B3-1DF790DD6E0D}"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="windows.hlp#51140"
"NoApplyDefault"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TooltipAnimation]
"Type"="checkbox"
"Text"="@shell32.dll,-30547"
"SPIActionGet"=dword:00001016
"SPIActionSet"=dword:00001017
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"DefaultByAlphaTest"=dword:00000001
"HelpID"="windows.hlp#51140"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\WebView]
"Type"="checkbox"
"Text"="@shell32.dll,-30537"
"CLSID"="{01E2E7C0-2343-407f-B947-7E132E791D3E}"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="windows.hlp#51140"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Active Setup Temp Folders]
@="{C0E13E61-0CC6-11d1-BBB6-0060978B2AE6}"
"Display"="Temporary Setup Files"
"Description"="These files should no longer be needed. They were originally created by a setup program that is no longer running."
"LastAccess"=hex:02,00,00,00
"Folder"="C:\\WINDOWS\\msdownld.tmp|?:\\msdownld.tmp"
"FileList"="*.tmp"
"Priority"=hex:64,00,00,00
"Flags"=hex:7c,00,00,00
"StateFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Compress old files]
@="{B50F5260-0C21-11D2-AB56-00A0C9082678}"
"Priority"=dword:0000012c
"StateFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Content Indexer Cleaner]
@="{A9B48EAC-3ED8-11d2-8216-00C04FB687DA}"
"PropertyBag"="{24400D16-5754-11d2-8218-00C04FB687DA}"
"FileList"="*.*"
"Folder"="?:\\Catalog.wci"
"Flags"=dword:00000141
"Priority"=dword:0000012c
"StateFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Downloaded Program Files]
@="{8369AB20-56C9-11D0-94E8-00AA0059CE02}"
"Display"="Downloaded Program Files"
"Description"="Downloaded Program Files are ActiveX controls and Java applets downloaded automatically from the Internet when you view certain pages. They are temporarily stored in the Downloaded Program Files folder on your hard disk."
"Priority"=hex:64,00,00,00
"AdvancedButtonText"="&View Files"
"StateFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Internet Cache Files]
@="{9B0EFD60-F7B0-11D0-BAEF-00C04FC308C9}"
"Display"="Temporary Internet Files"
"Description"="The Temporary Internet Files folder contains Web pages stored on your hard disk for quick viewing. Your personalized settings for Web pages will be left intact."
"AdvancedButtonText"="&View Files"
"Priority"=dword:00000064
"StateFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Memory Dump Files]
@="{C0E13E61-0CC6-11d1-BBB6-0060978B2AE6}"
"FileList"="*.dmp"
"Folder"=hex(2):25,00,57,00,49,00,4e,00,44,00,49,00,52,00,25,00,00,00
"LastAccess"=dword:0000001e
"Display"="Debug Dump Files"
"Description"="Files created by Windows"
"Flags"=dword:00000020
"StateFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Microsoft Office Temp Files]
@="{56197BB9-FBA0-4CFB-802B-129A9674D7C1}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Microsoft_Event_Reporting_2.0_Temp_Files]
@="{5A79987F-5D0A-425C-B70D-E49AD5B6BF23}"
"StateFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Office Setup Files]
@="{7CBCC347-0EDA-40D1-B30B-ECB5BD6C8E11}"
"StateFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Offline Files]
@="{effc2928-37b1-11d2-a3c1-00c04fb1782a}"
"Priority"=dword:000000ca

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Offline Pages Files]
@="{8E6E6079-0CB7-11d2-8F10-0000F87ABD16}"
"Display"="Offline Web Pages"
"Description"="Offline pages are Web pages that are stored on your computer so you can view them without being connected to the Internet. If you delete these pages now, you can still view your favorites offline later by synchronizing them. Your personalized settings for Web pages will be left intact."
"AdvancedButtonText"="&View Pages"
"Priority"=dword:00000064
"StateFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Old ChkDsk Files]
@="{C0E13E61-0CC6-11d1-BBB6-0060978B2AE6}"
"PropertyBag"="{60F6E464-4DEF-11d2-B2D9-00C04F8EEC8C}"
"FileList"="*.CHK"
"Folder"="?:\\FOUND.000|?:\\FOUND.001|?:\\FOUND.002|?:\\FOUND.003|?:\\FOUND.004|?:\\FOUND.005|?:\\FOUND.006|?:\\FOUND.007|?:\\FOUND.008|?:\\FOUND.009"
"Flags"=dword:00000120
"IconPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,\
00,41,00,54,00,41,00,43,00,4c,00,45,00,4e,00,2e,00,44,00,4c,00,4c,00,2c,00,\
33,00,00,00
"StateFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\PIOrganize Files]
@="{25414AAA-C9A8-4459-9F9C-107987DD23D3}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Recycle Bin]
@="{5ef4af3a-f726-11d0-b8a2-00c04fc309a4}"
"StateFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Remote Desktop Cache Files]
@="{C0E13E61-0CC6-11d1-BBB6-0060978B2AE6}"
"FileList"="*.BMC"
"Flags"=dword:00000120
"Description"="Remote Desktop Connection creates temporary picture files and stores them on your computer to improve the effective speed of your connection to a remote computer."
"Display"="Temporary Remote Desktop files"
"CSIDL"=dword:0000001c
"Folder"="Microsoft\\Terminal Server Client\\Cache"
"LastAccess"=dword:00000007
"StateFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Setup Log Files]
@="{C0E13E61-0CC6-11d1-BBB6-0060978B2AE6}"
"FileList"="setup*.log|setup*.old|setuplog.txt|winnt32.log"
"Folder"=hex(2):25,00,57,00,49,00,4e,00,44,00,49,00,52,00,25,00,00,00
"LastAccess"=dword:0000001e
"Display"="Setup Log Files"
"Description"="Files created by Windows"
"Flags"=dword:00000020
"StateFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\System Restore]
@="{7325c922-bb81-47b0-8b2f-a5f8605e242f}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Temporary Files]
@="{C0E13E61-0CC6-11d1-BBB6-0060978B2AE6}"
"PropertyBag"="{60F6E465-4DEF-11d2-B2D9-00C04F8EEC8C}"
"FileList"="*.*"
"Folder"=hex(2):25,00,54,00,45,00,4d,00,50,00,25,00,00,00
"Flags"=dword:00000041
"LastAccess"=dword:00000007
"StateFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Temporary Offline Files]
@="{750fdf0f-2a26-11d1-a3ea-080036587f03}"
"Priority"=dword:000000c9

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Temporary Sync Files]
@="{E96F5460-09CE-4f46-88B1-F4B6B4A8E252}"
"StateFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Uninstall Backup Image]
@="{67cf8cbd-e5c0-44f7-9de5-e1d599d626d8}"
"Description"="These files are needed if you want to uninstall this version of Windows and return back to your previous operating system."
"Display"="Backup Files for Previous Operating System"
"IconPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6f,\
00,73,00,75,00,6e,00,69,00,6e,00,73,00,74,00,2e,00,45,00,58,00,45,00,2c,00,\
30,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\WebClient and WebPublisher Cache]
@="{E3BF1126-BA29-4850-AF33-5BDB654F4774}"
"StateFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WebView]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WebView\TemplateMacros]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WebView\TemplateMacros\BACKGROUNDIMAGE]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,57,00,65,00,62,00,5c,00,77,00,76,00,6c,00,65,00,66,00,74,00,2e,00,\
62,00,6d,00,70,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WebView\TemplateMacros\LOGOLINE]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,57,00,65,00,62,00,5c,00,77,00,76,00,6c,00,69,00,6e,00,65,00,2e,00,\
67,00,69,00,66,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WindowsUpdate]
"ShortcutName"="Windows Update"

Re: Red X (cross) icon by C: drive20th November 2010, 1:22 am

Hold tight, talking to a colleague and we'll see if we change the icon back.

Re: Red X (cross) icon by C: drive20th November 2010, 1:49 am

Ok, not come across this one before???

possible fix??20th November 2010, 2:01 am

I came across this while researching the problem, but wasn't sure if it would work and didn't want to try it if there was really still a problem with the machine.

3- Launch RegEdit from the Start menu's Run dialog and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrenTVersion\Explorer. If a subkey named driveicons is present, open it; You will find a subkey named C ,, Delete this subkey , this will return the C drive default Icon so the red icon will be gone.

Could this be a way to get the icon back??

Re: Red X (cross) icon by C: drive21st November 2010, 12:21 am

It may, but the articles I read on that says to put the normal value back rather than delete it, that's why I'm asking some of the other helpers that work here. Smile...

Normal values21st November 2010, 1:14 am

Is knowing how to get the normal values back the issue??

In Safe mode21st November 2010, 1:56 am

Don't know if this will help, but the normal Icon shows when in safe mode for both Administrator and the Owner.

When looking for more answers to this, I came across a post that suggested the the default icon file (IconCache.db) may be corrupted. They suggest deleting that file and restarting the computer. They thought this should cause the default HDD icon to return.

Still there23rd November 2010, 4:19 pm

I tried the suggestion of deleting the IconCache.db file and the red X is still there. So that fix doesn't apply to this machine's problem.

Re: Red X (cross) icon by C: drive23rd November 2010, 10:35 pm

Hello.
Lets try this, we'll make a backup of the registry first.

Please use the following link to download ERUNT
Use the setup program to install ERUNT on your computer

Click Erunt.exe to backup your registry to the folder of your choice.

Note:to restore your registry, go to the folder and start ERDNT.exe

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c]
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Fix log23rd November 2010, 11:26 pm

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c]

Fixed23rd November 2010, 11:35 pm

You're brilliant!!!
That seemed to fix it. When I restarted the computer, the default icon is back.
Thanks so much.

Red X (cross) icon by C: drive

descriptionRed X (cross) icon by C: drive11th November 2010, 7:42 am

descriptionRe: Red X (cross) icon by C: drive12th November 2010, 12:08 am

descriptionOTL.txt file12th November 2010, 12:49 am

descriptionExtras. txt file12th November 2010, 12:50 am

descriptionRe: Red X (cross) icon by C: drive12th November 2010, 1:30 am

descriptionfix log12th November 2010, 1:50 am

descriptionRe: Red X (cross) icon by C: drive13th November 2010, 1:13 am

descriptionMBAM log13th November 2010, 2:27 am

descriptionRe: Red X (cross) icon by C: drive14th November 2010, 12:23 am

descriptioncombo-fix txt14th November 2010, 5:18 am

descriptionWindows OneCare14th November 2010, 3:30 pm

descriptionRe: Red X (cross) icon by C: drive15th November 2010, 1:39 am

descriptionESET log15th November 2010, 4:16 am

descriptionRe: Red X (cross) icon by C: drive15th November 2010, 6:07 pm

descriptionRe: Red X (cross) icon by C: drive15th November 2010, 6:42 pm

descriptionRe: Red X (cross) icon by C: drive17th November 2010, 12:35 am

descriptionScreenshot17th November 2010, 1:29 am

descriptionscreenshot post17th November 2010, 1:32 am

descriptionRe: Red X (cross) icon by C: drive17th November 2010, 11:37 pm

descriptionotl log18th November 2010, 12:23 am

descriptionRe: Red X (cross) icon by C: drive19th November 2010, 1:07 am

descriptionLook.bat result pt.119th November 2010, 1:37 am

descriptionLook.bat pt.219th November 2010, 1:40 am

descriptionLook.bat result pt.319th November 2010, 1:44 am

descriptionLook.bat result pt.419th November 2010, 1:45 am

descriptionRe: Red X (cross) icon by C: drive20th November 2010, 1:22 am

descriptionRe: Red X (cross) icon by C: drive20th November 2010, 1:49 am

descriptionpossible fix??20th November 2010, 2:01 am

descriptionRe: Red X (cross) icon by C: drive21st November 2010, 12:21 am

descriptionNormal values21st November 2010, 1:14 am

descriptionIn Safe mode21st November 2010, 1:56 am

descriptionStill there23rd November 2010, 4:19 pm

descriptionRe: Red X (cross) icon by C: drive23rd November 2010, 10:35 pm

descriptionFix log23rd November 2010, 11:26 pm

descriptionFixed23rd November 2010, 11:35 pm

descriptionRe: Red X (cross) icon by C: drive