oki dzieki mam nadzieje ze bedzie dobrze…
pozdrawiam :?
Złączono Posta : 22.11.2007 (Czw) 17:54
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:57, on 2007-11-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\FreshDevices\FreshDownload\fd.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe”
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM…\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause
O4 - HKLM…\Run: [bearFlix] “C:\Program Files\BearFlix\BearFlix.exe” /pause
O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {F2CB2192-BE5B-4FAB-A114-949BCE913370} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip…{11C1F5AE-E66B-4E57-A193-C9F4365A6B03}: NameServer = 172.17.0.2,195.144.161.61
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
–
End of file - 6470 bytes
“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]
“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”]
“MsnMsgr” = ““C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background” [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”]
“ATICCC” = ““C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe”” [null data]
“HP Software Update” = “C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [“Hewlett-Packard Development Company, L.P.”]
“PCLEPCI” = “C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE” [“Pinnacle Systems GmbH”]
“NeroFilterCheck” = “C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe” [“Nero AG”]
“avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [“ALWIL Software”]
“ZSSnp211” = “C:\WINDOWS\ZSSnp211.exe” [“ZSMCSNAP”]
“Domino” = “C:\WINDOWS\Domino.exe” [empty string]
“SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”” [“Sun Microsystems, Inc.”]
“BearShare” = ““C:\Program Files\BearShare\BearShare.exe” /pause” [“Free Peers, Inc.”]
“BearFlix” = ““C:\Program Files\BearFlix\BearFlix.exe” /pause” [file not found]
“Onet.pl AutoUpdate” = “C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr” [“Onet.pl”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{206E52E0-D52E-11D4-AD54-0000E86C26F6}(Default) = (no title provided)
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll” [“FreshDevices Corp.”]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = “Skype add-on (mastermind)”
-> {HKLM…CLSID} = “Skype add-on (mastermind)”
\InProcServer32(Default) = “C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll” [“Skype Technologies S.A.”]
{37B85A21-692B-4205-9CAD-2626E4993404}(Default) = “My Global Search Bar BHO”
-> {HKLM…CLSID} = “My Global Search Bar BHO”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [“My Global Search”]
{73E00092-5539-4661-9B61-3A66FC0D772E}(Default) = (no title provided)
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\WINDOWS\system32\hggfecy.dll” [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll” [“Sun Microsystems, Inc.”]
{9CB65201-89C4-402c-BA80-02D8C59F9B1D}(Default) = “Ask Search Assistant BHO”
-> {HKLM…CLSID} = “Ask Search Assistant BHO”
\InProcServer32(Default) = “C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL” [“Ask.com”]
{A20854FD-DDB5-4931-8F76-D11EA2364D94}(Default) = (no title provided)
-> {HKLM…CLSID} = “Mario Forever Toolbar Helper”
\InProcServer32(Default) = “C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll” [null data]
{F9AFD393-68EB-48BD-A491-1B401B5AC77C}(Default) = (no title provided)
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\WINDOWS\system32\mljgh.dll” [null data]
{FE063DB1-4EC0-403e-8DD8-394C54984B2C}(Default) = “Ask Toolbar BHO”
-> {HKLM…CLSID} = “Ask Toolbar BHO”
\InProcServer32(Default) = “C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL” [“Ask.com”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]
“{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension”
-> {HKLM…CLSID} = “SimpleShlExt Class”
\InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string]
“{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx”
-> {HKLM…CLSID} = “AlcoholShellEx”
\InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”]
“{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler”
-> {HKLM…CLSID} = “NeroDigitalIconHandler Class”
\InProcServer32(Default) = “C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll” [“Nero AG”]
“{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler”
-> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class”
\InProcServer32(Default) = “C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll” [“Nero AG”]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”
-> {HKLM…CLSID} = “RealOne Player Context Menu Class”
\InProcServer32(Default) = “C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll” [file not found]
“{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}” = “NeroCoverEd Live Icons”
-> {HKLM…CLSID} = “NeroCoverEdLiveIcons Class”
\InProcServer32(Default) = “C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”]
“{472083B0-C522-11CF-8763-00608CC02F24}” = “avast”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<> “{73E00092-5539-4661-9B61-3A66FC0D772E}” = “*g” (unwritable string)
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\WINDOWS\system32\hggfecy.dll” [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”]
<> hggfecy\DLLName = “hggfecy.dll” [null data]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler”
-> {HKLM…CLSID} = “NeroDigitalColumnHandler Class”
\InProcServer32(Default) = “C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll” [“Nero AG”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]
Cover Designer(Default) = “{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}”
-> {HKLM…CLSID} = “NeroCoverEdContextMenu Class”
\InProcServer32(Default) = “C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\system32\ssflwbox.scr” [MS]
Startup items in “Damian” & “All Users” startup folders:
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
“Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [file not found]
“HP Digital Imaging Monitor” -> shortcut to: “C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe” [“Hewlett-Packard Development Company, L.P.”]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
“{FE063DB9-4EC0-403E-8DD8-394C54984B2C}”
-> {HKLM…CLSID} = “Ask Toolbar”
\InProcServer32(Default) = “C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL” [“Ask.com”]
“{37B85A29-692B-4205-9CAD-2626E4993404}”
-> {HKLM…CLSID} = “My Global Search Bar”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [“My Global Search”]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7}”
-> {HKLM…CLSID} = “Mario Forever Toolbar”
\InProcServer32(Default) = “C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll” [null data]
“{FE063DB9-4EC0-403E-8DD8-394C54984B2C}”
-> {HKLM…CLSID} = “Ask Toolbar”
\InProcServer32(Default) = “C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL” [“Ask.com”]
“{37B85A29-692B-4205-9CAD-2626E4993404}”
-> {HKLM…CLSID} = “My Global Search Bar”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [“My Global Search”]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{FE063DB9-4EC0-403E-8DD8-394C54984B2C}” = (no title provided)
-> {HKLM…CLSID} = “Ask Toolbar”
\InProcServer32(Default) = “C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL” [“Ask.com”]
“{71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7}” = “Mario Forever Toolbar”
-> {HKLM…CLSID} = “Mario Forever Toolbar”
\InProcServer32(Default) = “C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll” [null data]
“{ED0E8CA5-42FB-4B18-997B-769E0408E79D}” = “FreshDownload Bar”
-> {HKLM…CLSID} = “FreshDownload Bar”
\InProcServer32(Default) = “C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll” [“FreshDevices Corp.”]
“{37B85A29-692B-4205-9CAD-2626E4993404}” = (no title provided)
-> {HKLM…CLSID} = “My Global Search Bar”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [“My Global Search”]