Garbeld
-
Content Count
4 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by Garbeld
-
-
Malwarebytes' Anti-Malware 1.24
Database version: 1045
Windows 5.1.2600 Service Pack 2
9:18:57 PM 1/6/2009
mbam-log-1-6-2009 (21-18-57).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 326374
Time elapsed: 1 hour(s), 27 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Posting while I wait for MBAM to finish, will append
OTViewIt logfile created on: 1/6/2009 7:13:33 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\ez\Desktop\wut
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 71.80% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 10.85 Gb Free Space | 15.66% Space Free | Partition Type: NTFS
Drive D: | 139.73 Gb Total Space | 10.99 Gb Free Space | 7.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DAG
Current User Name: ez
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2006/04/17 00:34:42 | 16,143,872 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2004/08/18 07:00:00 | 00,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe
[2008/12/03 19:54:01 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2006/08/21 10:48:46 | 00,665,600 | ---- | M] (WhatPulse.org) -- C:\Program Files\WhatPulse\WhatPulse.exe
[2007/06/16 13:47:44 | 00,827,392 | ---- | M] (Jay Elaraj) -- C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
[2008/09/26 19:37:21 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\avgwdsvc.exe
[2008/12/03 19:54:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2004/08/06 02:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
[2008/08/12 11:18:03 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\avgrsx.exe
[2004/08/18 07:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
[2007/01/25 03:52:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe
[2007/08/02 12:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\Mabinogi\npkcmsvc.exe
[2006/02/13 19:05:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2007/08/22 18:33:44 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
[2007/04/27 00:00:04 | 00,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
[2007/04/27 06:40:00 | 00,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
[2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
[2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2008/10/30 11:14:00 | 00,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
[2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
[2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2008/09/03 01:17:46 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\ez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2004/08/03 23:56:56 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2009/01/06 15:38:02 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ez\Desktop\wut\OTViewIt.exe
========== (O23) Win32 Services ==========
File not found -- -- (AdobeActiveFileMonitor6.0 [Auto | Stopped])
[2007/03/19 18:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])
[2005/09/23 06:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/09/26 19:37:21 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
[2005/09/23 06:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/11/17 14:18:52 | 01,527,900 | ---- | M] (MAGIX) -- C:\Program Files\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance [On_Demand | Stopped])
[2008/04/16 02:39:30 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2006/10/20 20:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006/10/30 02:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])
[2008/12/03 19:54:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2004/08/06 02:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
[2004/08/18 07:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield [On_Demand | Stopped])
[2004/08/18 07:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager [Auto | Running])
[2006/10/30 02:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/01/25 03:52:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
[2007/08/02 12:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\Mabinogi\npkcmsvc.exe -- (npkcmsvc [Auto | Running])
[2006/02/13 19:05:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/22 18:33:44 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
[2007/11/30 11:27:22 | 00,558,592 | ---- | M] (ReaSoft) -- C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe -- (rcp_service [On_Demand | Stopped])
[2007/04/27 00:00:04 | 00,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer [Auto | Running])
[2007/04/27 06:40:00 | 00,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer [Auto | Running])
[2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom [Auto | Running])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2006/05/12 14:04:08 | 00,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4 [Auto | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
========== Driver Services ==========
[2007/07/09 17:43:26 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2002/07/17 08:53:02 | 00,016,877 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
[2004/04/27 08:26:48 | 00,005,824 | ---- | M] () -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS -- (Asushwio [On_Demand | Stopped])
[2008/09/26 19:37:20 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [system | Running])
[2008/08/12 11:18:09 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [system | Running])
[2004/08/18 07:00:00 | 00,008,320 | ---- | M] (Network Associates, Inc) -- C:\WINDOWS\system32\drivers\EntDrv51.sys -- (EntDrv51 [On_Demand | Stopped])
[2008/03/20 22:55:29 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Running])
[2005/01/07 16:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/04/17 01:31:26 | 04,262,912 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/02/07 04:52:58 | 00,006,912 | R--- | M] (JMicron ) -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO [boot | Running])
[2006/07/01 02:47:08 | 00,041,216 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID [boot | Running])
[2004/08/03 21:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Running])
[2006/09/22 13:06:10 | 00,092,160 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus [On_Demand | Running])
[2004/08/13 03:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2004/08/18 07:00:00 | 00,108,256 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1 [On_Demand | Stopped])
[2004/08/18 07:00:00 | 00,058,016 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1 [system | Running])
[2008/11/26 07:16:57 | 00,004,096 | ---- | M] () -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio [On_Demand | Stopped])
[2006/02/13 19:05:00 | 03,642,784 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [system | Running])
[2001/04/09 06:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\drivers\penclass.sys -- (PenClass [boot | Running])
[2003/03/31 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])
[2007/01/11 17:20:06 | 00,194,304 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB [On_Demand | Stopped])
[2008/12/22 11:06:00 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [system | Running])
[2008/12/22 11:06:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/12/22 11:05:58 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [system | Running])
[2003/03/31 05:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/04/27 06:40:00 | 00,090,688 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel [Auto | Running])
[2008/04/18 17:16:47 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])
[2008/10/06 11:53:24 | 00,015,656 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor [On_Demand | Running])
[2007/02/16 11:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
[2008/07/11 11:16:50 | 00,013,352 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid [On_Demand | Running])
[2007/02/15 16:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid [On_Demand | Running])
[2006/04/19 23:44:38 | 00,479,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2006/06/06 14:37:10 | 00,011,136 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])
[2006/06/06 14:37:10 | 00,021,632 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Stopped])
[2006/06/06 14:37:10 | 00,006,400 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])
[2006/06/06 14:37:12 | 00,046,208 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])
[2003/03/31 05:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [system | Running])
[2007/02/26 18:15:21 | 00,061,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21 [On_Demand | Stopped])
[2005/09/19 07:41:00 | 00,241,280 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])
[2008/05/20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [system | Running])
[2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [system | Running])
[2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [system | Stopped])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.msn.com/?wl=true
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
========== (O1) Hosts File ==========
HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{69085d99-c561-4800-8ce8-4ec8804fc6f5} (HKLM) -- C:\WINDOWS\system32\zvsret.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"AVG8_TRAY"=C:\PROGRA~1\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"JMB36X Configure"=C:\WINDOWS\System32\JMRaidTool.exe boot (JMicron Technology Corp.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE (Network Associates, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"Taskbar Shuffle"=C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
"WhatPulse"=C:\Program Files\WhatPulse\WhatPulse.exe (WhatPulse.org)
========== (O4) Startup Folders ==========
[2004/05/02 10:02:51 | 00,062,464 | ---- | M] (Elias Fotinis) -- C:\Documents and Settings\ez\Start Menu\Programs\Startup\DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoWinKeys"=1
"AllowLegacyWebView"=1
"AllowUnhashedWebView"=1
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"DisableTaskMgr"=0
"NoControlPanel"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoSaveSettings"= [binary data]
"ClearRecentDocsOnExit"= [binary data]
"NoActiveDesktop"= [binary data]
"NoWindowsUpdate"=0
"NoControlPanel"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- Reg Error: Key does not exist or could not be opened. File not found
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- Reg Error: Key does not exist or could not be opened. File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2007/12/12 15:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
{d9288080-1baa-4bc4-9cf8-a92d743db949}: Button: Run IMVU -- %UserProfile%\Start Menu\Programs\IMVU\Run IMVU File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{5F5F9FB8-878E-4455-95E0-F64B2314288A}: http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab -- ijjiPlugin2 Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1184031087156 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
========== (O17) DNS Name Servers ==========
{3715EFAA-1ABD-43DB-A6B4-033BA15DEB26} (Servers: | Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter)
{40E8FCFF-C861-472C-93F6-76DE1AB1E0D6} (Servers: | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)
{424995E3-8EB2-48E4-92C6-2D0C685940D8} (Servers: | Description: )
{52096BAB-94C9-45E8-AB89-1F6B7CAC200C} (Servers: | Description: 1394 Net Adapter)
{648D6542-3CE9-4D24-AB57-2131014CC4A2} (Servers: | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)
========== (O20) HKLM Winlogon Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"=C:\WINDOWS\system32\userinit.exe,
>[2009/01/05 07:04:35 | 00,111,616 | ---- | M] () -- C:\WINDOWS\system32\userinit.exe
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
RelevantKnowledge: "DllName" = C:\program files\relevantknowledge\rlls.dll -- C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge)
========== Shell Execute Hooks ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2007/07/09 17:27:21 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
AUTORUN.INF [[autorun] | OPEN=SETUP.EXE | ICON=BW.ICO | ]
[1998/12/13 00:43:32 | 00,000,040 | R--- | M] () -- F:\AUTORUN.INF -- [ CDFS ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
""=AutoRun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\SETUP.EXE -- [1998/11/30 22:04:40 | 00,025,600 | R--- | M] ()
========== Files/Folders - Created Within 30 Days ==========
[2009/01/05 23:33:09 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/01/05 23:33:09 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/01/05 23:33:09 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/01/05 23:33:09 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/01/05 23:33:08 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/01/05 23:33:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/01/05 21:48:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Desktop\wut
[2009/01/05 07:34:44 | 00,111,616 | ---- | C] () -- C:\WINDOWS\System32\ntdll64.exe
[2009/01/05 07:06:58 | 00,000,502 | ---- | C] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/01/05 07:04:38 | 00,111,616 | ---- | C] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/01/04 02:03:31 | 00,015,656 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacmoumonitor.sys
[2009/01/04 02:03:29 | 00,172,840 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2009/01/03 15:19:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/01/03 15:19:20 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/01/03 15:19:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Application Data\SUPERAntiSpyware.com
[2009/01/03 10:35:49 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/01/03 09:25:25 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl
[2009/01/03 09:17:46 | 00,134,144 | ---- | C] () -- C:\WINDOWS\System32\zvsret.dll
[2009/01/03 09:17:44 | 00,134,144 | ---- | C] () -- C:\WINDOWS\System32\upirftmc.dll
[2009/01/03 08:54:35 | 00,000,304 | ---- | C] () -- C:\WINDOWS\tasks\amhdrfty.job
[2009/01/03 08:53:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Application Data\VirusRemover2008
[2009/01/02 16:04:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2008/12/30 23:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Application Data\acccore
[2008/12/28 19:11:22 | 00,000,000 | ---D | C] -- C:\Program Files\Will
[2008/12/24 10:10:03 | 00,000,000 | ---D | C] -- C:\Program Files\clisp-2.47
[2008/12/23 22:48:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Local Settings\Application Data\AOL OCP
[2008/12/23 22:48:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Local Settings\Application Data\AOL
[2008/12/23 22:45:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/23 22:45:07 | 00,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2008/12/23 22:45:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/12/23 22:44:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2008/12/23 22:44:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/12/23 22:44:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2008/12/23 22:44:17 | 00,000,000 | ---D | C] -- C:\Program Files\AIM6
[2008/12/23 22:44:13 | 00,000,456 | -H-- | C] () -- C:\IPH.PH
[2008/12/22 22:32:04 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/12/22 22:32:04 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/12/20 17:45:02 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced Batch Converter
[2008/12/19 16:55:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Application Data\IMVU
[2008/12/19 16:54:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Application Data\IMVUClient
[2008/12/17 20:13:25 | 00,000,000 | ---D | C] -- C:\Program Files\HexCmp
[2008/12/17 20:10:01 | 00,000,000 | ---D | C] -- C:\Program Files\DiffMerge
[2008/12/14 14:24:12 | 00,000,041 | ---- | C] () -- C:\WINDOWS\MinGW.INI
[2008/12/14 14:24:01 | 00,000,000 | ---D | C] -- C:\MinGW
[2008/12/14 13:45:05 | 00,000,000 | ---D | C] -- C:\Tcl
[2008/12/12 23:20:05 | 00,000,000 | ---D | C] -- C:\ijji
[2008/12/12 23:18:02 | 00,157,152 | ---- | C] (NHN Corporation) -- C:\WINDOWS\System32\PubPlugin.dll
[2008/12/12 23:18:02 | 00,058,800 | ---- | C] (NHN USA Corp.) -- C:\WINDOWS\System32\ijjiPlugin2.dll
[2008/12/12 23:18:01 | 00,710,064 | ---- | C] (NHN USA) -- C:\WINDOWS\System32\ijjiSetup.exe
[2008/12/12 23:18:01 | 00,000,000 | ---D | C] -- C:\Program Files\NHN USA
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/06 00:00:00 | 00,000,304 | ---- | M] () -- C:\WINDOWS\tasks\amhdrfty.job
[2009/01/05 23:29:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/05 23:29:11 | 00,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/05 23:29:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/05 23:29:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/05 17:10:49 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2009/01/05 14:18:14 | 00,000,502 | ---- | M] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/01/05 14:11:31 | 31,581,401 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/01/05 07:34:44 | 00,111,616 | ---- | M] () -- C:\WINDOWS\System32\ntdll64.exe
[2009/01/05 07:04:35 | 00,111,616 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe
[2009/01/05 07:04:35 | 00,111,616 | ---- | M] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/01/05 06:41:36 | 00,000,378 | ---- | M] () -- C:\WINDOWS\tasks\0640.job
[2009/01/04 18:47:03 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/01/03 10:51:57 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\ez\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/03 09:17:46 | 00,134,144 | ---- | M] () -- C:\WINDOWS\System32\zvsret.dll
[2009/01/03 09:17:46 | 00,134,144 | ---- | M] () -- C:\WINDOWS\System32\upirftmc.dll
[2009/01/01 19:51:29 | 00,014,903 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/31 20:30:00 | 00,000,608 | ---- | M] () -- C:\Documents and Settings\ez\My Documents\My Sharing Folders.lnk
[2008/12/30 22:01:57 | 02,640,806 | -H-- | M] () -- C:\Documents and Settings\ez\Local Settings\Application Data\IconCache.db
[2008/12/23 22:48:47 | 00,000,456 | -H-- | M] () -- C:\IPH.PH
[2008/12/22 22:32:04 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/12/22 08:05:17 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/17 22:50:35 | 00,000,052 | ---- | M] () -- C:\WINDOWS\GunzLauncher.INI
[2008/12/16 15:36:02 | 00,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/12/14 14:24:12 | 00,000,041 | ---- | M] () -- C:\WINDOWS\MinGW.INI
[2008/12/14 09:48:03 | 00,002,048 | ---- | M] () -- C:\WINDOWS\System32\Tr_sttool.dat
< End of report >
OTViewIt Extras logfile created on: 1/6/2009 7:13:33 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\ez\Desktop\wut
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 71.80% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 10.85 Gb Free Space | 15.66% Space Free | Partition Type: NTFS
Drive D: | 139.73 Gb Total Space | 10.99 Gb Free Space | 7.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DAG
Current User Name: ez
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/03 23:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/03 23:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:192.168.1.0/255.255.255.0:Enabled:@xpsp3res.dll,-20000
[2008/10/01 23:00:00 | 01,873,280 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian
[2008/02/20 07:33:48 | 00,963,072 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows
[2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2007/05/09 04:34:40 | 00,270,336 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe:*:Enabled:Maya
[2007/08/16 04:31:36 | 00,102,912 | ---- | M] () -- C:\Documents and Settings\ez\Desktop\Main\Game Files\Cave Story Deluxe\dedicated\Dedicated.exe:*:Enabled:Dedicated
[2008/11/05 18:10:59 | 01,220,608 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft
[2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/12/17 22:29:33 | 01,097,728 | ---- | M] (MAIET entertainment) -- C:\Program Files\Gunz\Gunz.exe:*:Enabled:Gunz
[2007/08/10 21:32:50 | 00,678,400 | ---- | M] (Michal Marcinkowski) -- C:\Program Files\Soldat\Soldat.exe:*:Enabled:Soldat
[2008/01/10 14:26:16 | 04,138,882 | ---- | M] () -- C:\Program Files\Miro\Miro_Downloader.exe:*:Enabled:Miro_Downloader
[2005/01/19 18:35:44 | 00,513,024 | ---- | M] () -- C:\Documents and Settings\ez\Desktop\Main\Game Files\ROM\zsnesw142\zsnesw.exe:*:Enabled:zsnesw
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/08/21 11:01:30 | 00,268,592 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:Torrent
[2007/04/27 06:40:00 | 00,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server
[2007/04/27 00:00:04 | 00,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Disabled:Sentinel Keys Server
[2008/09/26 19:36:38 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/06/10 13:06:16 | 03,103,232 | ---- | M] (ApexDC++ Development Team) -- C:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ - Pinnacle of File Sharing
[2006/11/03 00:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/10/21 10:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\TEMP\ntdll64.dll File not found
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2004/08/03 23:56:44 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/08/12 11:18:05 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2004/08/03 23:56:44 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2004/08/03 23:56:44 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
File not found Reg Error: Key does not exist or could not be opened. (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Reg Error: Key does not exist or could not be opened.])
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0070ED8E-6BEB-4883-BFEB-BACCAA1B6F05}_is1"=Artweaver Lua Script Interface
"{0140AE80-C3C6-4FE8-85AC-32EEB48BBDD1}"=Grubclient
"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}"=WD Diagnostics
"{0AF3FEAE-B651-4421-97EF-4808A588B4E5}"=LastChaos
"{0B62392F-B7D7-4DE3-AD15-30819F1C925E}"=Sodipodi
"{13AA6556-BA96-4468-A8B4-1AD4A75AD5A0}"=Logitech Gaming Software
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{1DCC7418-2089-4BDD-B321-3771956160FC}"=ijji Auto Installer
"{23A67E8B-9C1F-4CBC-86C2-E4D899D568A9}"=Paper Chase 2
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{257E440F-781F-459B-9A68-A0872B80C1D6}"=Windows Live Photo Gallery
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java 6 Update 11
"{27BFACF0-571C-4A2E-8577-2F6FD2457C93}"=Animation-ish Home Trial
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1"=RegAlyzer
"{2D8ECB5E-9F6C-4332-AEE6-0E4EE1DEC926}"=Maya 8.5 Personal Learning Edition
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java 6 Update 5
"{3254950A-7242-4258-848A-11BF092403D6}"=Aranock Online
"{32A3A4F4-B792-11D6-A78A-00B0D0160100}"=Java SE Development Kit 6 Update 10
"{32A3A4F4-B792-11D6-A78A-00B0D0160110}"=Java SE Development Kit 6 Update 11
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}"=JRAID
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{4B2DEF0C-51B4-4250-A082-7C3CD4FB2828}"=RealWorld Cursor Editor
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{51AFB69C-1C54-4C77-A888-2860F8CD3E7D}"=Paint.NET v3.31
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{54A55DF7-BCC0-4C98-84AB-01CDA57687C7}"=Hex Workshop v5.1
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}"=Sentinel Protection Installer 7.4.0
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}"=RGSS-RTP Standard
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}"=msxml4
"{5B2029A4-1854-42BC-96B6-4ACE5F5414BD}"=ArtRage 2 Starter Edition
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}"=McAfee VirusScan Enterprise
"{62281EAA-419B-44A5-894A-58E7A7324E0E}"=Light of Dawn
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}"=Corel Paint Shop Pro Photo X2
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}"=Microsoft Xbox 360 Accessories 1.1
"{69440E1E-7D34-4C00-B878-9412B1707F1C}"=SourceGear DiffMerge
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6A829DA3-E377-4BC0-938F-F453C6BB3F67}"=Maya 8.5 Personal Learning Edition Documentation (en_US)
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6D4E1222-AFEA-4848-A100-8A6011B624D4}"=openCanvas4.5.11e Plus
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar
"{7A8358BC-78B6-404B-9792-F344A6AB59C9}"=Curator Defense
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{80851370-07CF-477B-837D-F2E488916CFE}"=OpenOffice.org 2.4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A4D41F3-3EDA-4DAC-9403-839708EA0667}"=Install(US)2
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{9176251A-4CC1-4DDB-B343-B487195EB397}"=Windows Live Writer
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}"=Adobe Illustrator CS
"{91DD9DED-5979-4FB3-AC7D-80091CC1FC40}"=TVPaint Animation
"{94056AE8-EF0F-45E4-A1B4-D754115F8A28}"=Numedia CD-DVD writing as non-admin user
"{9559F7CA-5E34-4237-A2D9-D856464AD727}"=Project64 1.6
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{96443F45-13E2-11D6-AC87-00D0B7A9E540}"=Arx Fatalis
"{998D6972-F58E-479D-9248-8F179E55AE38}"=Java DB 10.4.1.3
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}"=EPSON TWAIN 5
"{9B2ADD3A-AFAF-4622-AC6F-C86FF36CC245}"=USB Flash Disk Utility
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}"=RPGXP
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A0BCF90F-B4E4-435C-A48D-8FAAE10554F9}"=Pixia
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}"=MSXML 6.0 Parser
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)
"{A8B94669-8654-4126-BD28-D0D2412CDED6}"=TI Connect 1.6
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}"=Spelling Dictionaries Support For Adobe Reader 8
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B09DFBF9-9148-4070-A493-69D71455D983}_is1"=Artweaver
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B2E56E2A-1DE2-454B-A24A-CAA471EBDC99}"=Toon Boom Digital Pro PLE
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}"=TextPad 5
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime
"{C314764F-2C47-44DA-BE37-F48BB7322BE4}_is1"=Screen Video Recorder 1.5
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}"=Blaze Media Pro
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}"=Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EF434C52-D882-43DB-8777-EC7B10D8943C}"=America's Army
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F54AC413-D2C6-4A24-B324-370C223C6250}"=Adobe Photoshop Elements 6.0
"{F99C5427-4D78-43E2-B97E-F4C4E622D612}"=MapleStory
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC1ADE3-944B-4231-894E-3903C37271D2}"=Adobe Setup
"7-Zip"=7-Zip 4.57
"ActiveTcl 8.5.5.0"=ActiveState ActiveTcl 8.5.5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop Elements 6"=Adobe Photoshop Elements 6.0
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe SVG Viewer"=Adobe SVG Viewer 3.0
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390"=Adobe Flash CS3 Professional
"Advanced Batch Converter"=Advanced Batch Converter
"AIM_6"=AIM 6
"AMUST Disk Cleaner_is1"=AMUST Disk Cleaner 1.0
"Animated GIF Banner Maker"=Animated GIF Banner Maker
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"Any Video Converter_is1"=Any Video Converter 2.6.2
"ApexDC++"=ApexDC++ 1.1.0
"Apophysis 2.0"=Apophysis 2.0
"Ares"=Ares 2.0.9
"Armadillo Run Demo_is1"=Armadillo Run Demo Version 1.0.1
"ATMA V"=ATMA V 5.05
"attack of the groox - encounter on blubuzz"=attack of the groox - encounter on blubuzz
"Audacity_is1"=Audacity 1.2.6
"AVG8Uninstall"=AVG Free 8.0
"Avidemux 2.4"=Avidemux 2.4
"AVIedit 3.38"=AVIedit 3.38
"Babiloo"=Babiloo
"BabyaPhotoWorkshop11.0_is1"=Babya Photo Workshop Professional 12.0
"Blaze Media Pro"=Blaze Media Pro
"Blender"=Blender (remove only)
"BulentsScreenRecorder4"=BSR Screen Recorder 4
"camcodec"=CamStudio Lossless Codec
"CamStudio"=CamStudio
"Cave Story Deluxe"=Cave Story Deluxe
"Chipamp"=Chipamp
"Collab"=Collab
"Color Efex Pro 3.0 Complete"=Color Efex Pro 3.0 Complete
"Color7 Music Editor_is1"=Color7 Music Editor v6.2.9
"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2008-09-21 16:18
"Cylekx_is1"=Cylekx 2.6
"DeskPins"=DeskPins (remove only)
"Dev-C++"=Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo II"=Diablo II
"DVD to VCD AVI DivX Converter v3.2 (build 069)"=DVD to VCD AVI DivX Converter v3.2 (build 069)
"eMule"=eMule
"Enigma"=Enigma
"Firebird SQL Server US"=Firebird SQL Server - MAGIX Edition
"fluffy"=fluffy
"Folding@Home"=Folding@Home
"Fraps"=Fraps
"Free Screen Recorder_is1"=Free Screen Recorder v2.9
"Freecorder Toolbar3.0"=Freecorder Toolbar 3.0 Application
"Furcadia"=Furcadia
"GoldWave v5.23"=GoldWave v5.23
"GoPets"=GoPets
"GotEd_is1"=GotEd V1.0
"GraphicsGale FreeEdition_is1"=GraphicsGale FreeEdition version 1.86
"Grooveshark"=sharkbyte
"Gtk+ Runtime Environment"=Gtk+ Runtime Environment 2.10.11-1
"gtkmm"=gtkmm Runtime Environment 2.10
"Gunz"=ijji - Gunz
"Hamachi"=Hamachi 1.0.3.0
"HexCmp 2_is1"=HexCmp 2.34
"Hexplorer"=ICY Hexplorer (remove only)
"HijackThis"=HijackThis 2.0.2
"HyperCam 2"=HyperCam 2
"ICE v2.03 Setup"=ICE v2.03 Setup
"IcoFX_is1"=IcoFX 1.6
"Icon In Depth_is1"=Icon In Depth 1.5.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"i-Fun Viewer_is1"=i-Fun Viewer
"imgSeek"=imgSeek (remove only)
"InfraRecorder"=InfraRecorder
"Inkscape"=Inkscape 0.45.1
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"IrfanView"=IrfanView (remove only)
"Jahplayer"=Jahplayer
"Jahshaka"=Jahshaka
"JCreator LE_is1"=JCreator LE 4.50
"jDictionary"=jDictionary dictionary program (remove only)
"JTablet"=JTablet
"kiki_is1"=kiki the nanobot 1.0.2
"LightWave 3D 9"=LightWave 3D
"Magic ISO Maker v5.4 (build 0251)"=Magic ISO Maker v5.4 (build 0251)
"MagicDisc 2.5.74"=MagicDisc 2.5.74
"MAGIX Photo Manager 2007 US"=MAGIX Photo Manager 2007 4.2.1.261 (US)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Manga Studio EX Demo 3.0"=Manga Studio EX Demo 3.0
"Mech2TitaniumUninstallKey"=MechWarrior 2: Titanium Edition
"MercsTitaniumUninstallKey"=Mercenaries: Titanium Edition
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"MinGW_is1"=MinGW 3.1.0
"Miro"=Miro
"mm.BOT5.46"=mm.BOT
"Mozilla Firefox (2.0.0.14)"=Mozilla Firefox (2.0.0.14)
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"Mozilla Sunbird (0.7)"=Mozilla Sunbird (0.7)
"Mozilla Thunderbird (2.0.0.14)"=Mozilla Thunderbird (2.0.0.14)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"mtPaint_is1"=mtPaint 3.11
"musikCube"=musikCube 1.0
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Notepad++"=Notepad++
"Novashell Game Creation System"=Novashell Game Creation System (remove only)
"NVIDIA Drivers"=NVIDIA Drivers
"On the Rain-Slick Precipice of Darkness, Episode One"=On the Rain-Slick Precipice of Darkness, Episode One
"OpenLibraries"=OpenLibraries
"Poke"=Poke
"Poser 7 Demo_is1"=Poser 7.0.2 Demo
"prunnet"=Advertisement Service
"Qliner Hotkeys"=Qliner Hotkeys 2.0
"Ragnarok Revolution6.0"=Ragnarok Revolution
"ReaConverter 5.5 Pro_is1"=ReaConverter 5.5 Pro
"RealAlt_is1"=Real Alternative 1.9.0
"RealPlayer 6.0"=RealPlayer
"RealVNC_is1"=VNC Free Edition 4.1.2
"ROM CHECK FAIL_is1"=ROM CHECK FAIL 1.0
"scilab-5.0.3_is1"=scilab-5.0.3
"secretmaryo"=Secret Maryo Chronicles
"SmoothDraw_is1"=SmoothDraw 3.1.2
"SolarWolf"=SolarWolf 1.5
"Soldat_is1"=Soldat 1.4.2
"Songbird 20071226"=Songbird 0.4 (20071226)
"ST6UNST #1"=Hero Editor V0.90
"ST6UNST #2"=Hero Editor V0.90 (C:\Program Files\Hero Editor\)
"ST6UNST #3"=Hero Editor V0.96
"Starcraft"=Starcraft
"StudioLine Photo Basic"=StudioLine Photo Basic
"synfig"=Synfig Core
"synfigstudio"=Synfig Studio
"Taskbar Shuffle_is1"=Taskbar Shuffle version 2.2
"TED Notepad"=TED Notepad
"Trillian"=Trillian
"Unlocker"=Unlocker 1.8.5
"ViewpointMediaPlayer"=Viewpoint Media Player
"VLC media player"=VideoLAN VLC media player 0.8.6c
"Wacom Tablet Driver"=Wacom Tablet
"WavePad"=WavePad Uninstall
"Wdf01001"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"WhatPulse"=WhatPulse 1.5
"WIC"=Windows Imaging Component
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 2
"WinGimp-2.0_is1"=GIMP 2.4.3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Extras"=Yahoo! Browser Services
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"YInstHelper"=Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GNU CLISP 2.47"=GNU CLISP 2.47
"Google Chrome"=Google Chrome
"ijji FireFox Launcher"=ijji FireFox Launcher 1.0
"ijji.com"=ijji
"IMVU Avatar chat client software BETA"=IMVU Avatar Chat Software
"Lucid Dreams"=Lucid Dreams
"Modding Tool Package"=Modding Tool Package
"New LEGO Digital Designer"=LEGO Digital Designer
"sodarace kiosk"=sodarace kiosk
"uTorrent"=Torrent
"WinDirStat"=WinDirStat 1.1.2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 1/6/2009 8:21:14 PM | Computer Name = DAG | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 1/6/2009 8:21:14 PM | Computer Name = DAG | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 1/6/2009 8:58:09 PM | Computer Name = DAG | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 1/6/2009 8:58:09 PM | Computer Name = DAG | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 1/6/2009 9:00:09 PM | Computer Name = DAG | Source = Google Update | ID = 20
Description =
Error - 1/6/2009 9:35:00 PM | Computer Name = DAG | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 1/6/2009 9:35:00 PM | Computer Name = DAG | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 1/6/2009 10:00:09 PM | Computer Name = DAG | Source = Google Update | ID = 20
Description =
Error - 1/6/2009 10:11:55 PM | Computer Name = DAG | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 1/6/2009 10:11:55 PM | Computer Name = DAG | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
[ System Events ]
Error - 1/6/2009 12:19:32 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2
Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31
Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31
Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31
Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7001
Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends
on the TCP/IP Protocol Driver service which failed to start because of the following
error: %%31
Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NaiAvTdi1 NetBIOS NetBT RasAcd Rdbss SASDIFSV
SASKUTIL
Tcpip
WS2IFSL
Error - 1/6/2009 2:30:19 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7000
Description = The Adobe Active File Monitor V6 service failed to start due to the
following error: %%3
Error - 1/6/2009 2:30:19 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7024
Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated
with service-specific error 4294967295 (0xFFFFFFFF).
Error - 1/6/2009 2:30:19 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2
< End of report >
-
I've had issues with atleast three different consecutive rogue antivirus programs popping up; each time, I run AVGFree, Malware Byte's, or Spybot, until all three have been tried and/or the current problem seems gone. Current state of my computer is I cannot access any websites ( I'm currently posting from my secondary PC ) ; nothing but blank, errorless pages load. I've gotten seemingly-random "Must restart because DCOM server process launcher terminated" or somesuch error, and occasional spontaneous freezes when trying to login...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:58 PM, on 1/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\NMSAccessU.exe
C:\Program Files\Mabinogi\npkcmsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG8\avgtray.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DeskPins\DeskPins.exe
C:\Documents and Settings\ez\Desktop\Main\Downloads\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: {5f6cf408-8ce4-8ec8-0084-165c99d58096} - {69085d99-c561-4800-8ce8-4ec8804fc6f5} - C:\WINDOWS\system32\zvsret.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG8\avgtray.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-329068152-1844823847-839522115-1005\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe (User '?')
O4 - HKUS\S-1-5-21-329068152-1844823847-839522115-1005\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (User '?')
O4 - HKUS\S-1-5-21-329068152-1844823847-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-329068152-1844823847-839522115-1005\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-329068152-1844823847-839522115-1005\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - S-1-5-21-329068152-1844823847-839522115-1005 Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe (User '?')
O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ez\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\temp\ntdll64.dll' missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184031087156
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\program files\relevantknowledge\rlls.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX - C:\Program Files\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Program Files\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 10440 bytes
Ongoing Problems
in Malware Removal
Posted
Well, I can again access internet through browser. Hoping this log has nothing further bad to say ...
ComboFix 09-01-07.02 - ez 2009-01-07 22:08:55.1 - NTFSx86
Running from: c:\documents and settings\ez\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ez\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\ez\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\program files\mm.BOT
c:\program files\mm.BOT\Config\backup\mm.Bot.Sequences_backup.ini
c:\program files\mm.BOT\Config\backup\mm.Bot_backup.ini
c:\program files\mm.BOT\Config\backup\mm.MultiKeys_backup.ini
c:\program files\mm.BOT\Config\backup\mm.PKID_backup.ini
c:\program files\mm.BOT\Config\backup\mm.PlayKeys_backup.ini
c:\program files\mm.BOT\Config\mm.BOT.ini
c:\program files\mm.BOT\Config\mm.BOT.Sequences.ini
c:\program files\mm.BOT\Config\mm.BotState.ini
c:\program files\mm.BOT\Config\mm.MultiKeys.ini
c:\program files\mm.BOT\Config\mm.PKID.ini
c:\program files\mm.BOT\Config\mm.PlayKeys.ini
c:\program files\mm.BOT\Config\mmcl.PKID.Compiler.exe
c:\program files\mm.BOT\Config\System\d2-cdkey.exe
c:\program files\mm.BOT\Config\System\listfile.dat
c:\program files\mm.BOT\Config\System\LMPQAPI.DLL
c:\program files\mm.BOT\Config\System\mm.Boxes.Ref.ini
c:\program files\mm.BOT\Config\System\mm.PKID.Ref
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.CH
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.ID
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.PK
c:\program files\mm.BOT\Config\System\MPQ2K.exe
c:\program files\mm.BOT\Config\System\Process.exe
c:\program files\mm.BOT\Config\System\SFmpq.dll
c:\program files\mm.BOT\Config\System\staredit.exe
c:\program files\mm.BOT\Config\System\Storm.dll
c:\program files\mm.BOT\Documents\Htm\CharTut.htm
c:\program files\mm.BOT\Documents\Htm\FAQ.htm
c:\program files\mm.BOT\Documents\Htm\img\automap.jpg
c:\program files\mm.BOT\Documents\Htm\img\bar.jpg
c:\program files\mm.BOT\Documents\Htm\img\coldskills.jpg
c:\program files\mm.BOT\Documents\Htm\img\controls1.jpg
c:\program files\mm.BOT\Documents\Htm\img\controls2.jpg
c:\program files\mm.BOT\Documents\Htm\img\controls3.jpg
c:\program files\mm.BOT\Documents\Htm\img\controls4.jpg
c:\program files\mm.BOT\Documents\Htm\img\Desktop.jpg
c:\program files\mm.BOT\Documents\Htm\img\favicon.ico
c:\program files\mm.BOT\Documents\Htm\img\fireskills.jpg
c:\program files\mm.BOT\Documents\Htm\img\lightskills.jpg
c:\program files\mm.BOT\Documents\Htm\img\merc_main.jpg
c:\program files\mm.BOT\Documents\Htm\img\mmbot_configbanner.jpg
c:\program files\mm.BOT\Documents\Htm\img\mmbot_configbanner2.jpg
c:\program files\mm.BOT\Documents\Htm\img\mmbot_configbanner3.jpg
c:\program files\mm.BOT\Documents\Htm\img\mmbotlogo.jpg
c:\program files\mm.BOT\Documents\Htm\img\Notepad.ico
c:\program files\mm.BOT\Documents\Htm\img\Pindle.jpg
c:\program files\mm.BOT\Documents\Htm\img\Program.ico
c:\program files\mm.BOT\Documents\Htm\img\Screenshot054.jpg
c:\program files\mm.BOT\Documents\Htm\img\Screenshot065.jpg
c:\program files\mm.BOT\Documents\Htm\img\Screenshot072.jpg
c:\program files\mm.BOT\Documents\Htm\img\Screenshot090.jpg
c:\program files\mm.BOT\Documents\Htm\img\Screenshot101.jpg
c:\program files\mm.BOT\Documents\Htm\img\Screenshot169.jpg
c:\program files\mm.BOT\Documents\Htm\img\skillskeys.jpg
c:\program files\mm.BOT\Documents\Htm\img\SoulSpawn.jpg
c:\program files\mm.BOT\Documents\Htm\img\stats_ctaswitch.jpg
c:\program files\mm.BOT\Documents\Htm\img\Thumbs.db
c:\program files\mm.BOT\Documents\Htm\img\Update.ico
c:\program files\mm.BOT\Documents\Htm\img\video.jpg
c:\program files\mm.BOT\Documents\Htm\Installation.htm
c:\program files\mm.BOT\Documents\Htm\KeysSwapping.htm
c:\program files\mm.BOT\Documents\Htm\LMenu.htm
c:\program files\mm.BOT\Documents\Htm\MainPage.htm
c:\program files\mm.BOT\Documents\Htm\MercTut.htm
c:\program files\mm.BOT\Documents\Htm\MySorce.htm
c:\program files\mm.BOT\Documents\Htm\PKID.ByGroups.htm
c:\program files\mm.BOT\Documents\Htm\PKID.ByItems.htm
c:\program files\mm.BOT\Documents\Htm\PkIdListing.htm
c:\program files\mm.BOT\Documents\Htm\PkIdSamples.htm
c:\program files\mm.BOT\Documents\Htm\PkIdSyntax.htm
c:\program files\mm.BOT\Documents\Htm\SeqCommands.htm
c:\program files\mm.BOT\Documents\Htm\SeqExamples.htm
c:\program files\mm.BOT\Documents\img\favicon.ico
c:\program files\mm.BOT\Documents\img\Home.ico
c:\program files\mm.BOT\Documents\img\Notepad.ico
c:\program files\mm.BOT\Documents\img\Program.ico
c:\program files\mm.BOT\Documents\img\Update.ico
c:\program files\mm.BOT\Documents\mm.BOT.History.txt
c:\program files\mm.BOT\Logs\_STATS.ini
c:\program files\mm.BOT\Logs\ArchiveCurrent.exe
c:\program files\mm.BOT\Logs\Compiler.txt
c:\program files\mm.BOT\Logs\DeleteCurrent.exe
c:\program files\mm.BOT\Logs\Events_Bot.txt
c:\program files\mm.BOT\Logs\SearchInLogs.exe
c:\program files\mm.BOT\mm.BOT.546.exe
c:\program files\mm.BOT\mm.Bot.chm
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\CharTut.htm
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\FAQ.htm
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\automap.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\bar.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\coldskills.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\controls1.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\controls2.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\controls3.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\controls4.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Desktop.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\favicon.ico
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\fireskills.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\lightskills.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\merc_main.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\mmbotlogo.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Notepad.ico
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Pindle.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Program.ico
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot054.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot065.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot072.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot090.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot101.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot169.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\skillskeys.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\SoulSpawn.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\stats_ctaswitch.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Thumbs.db
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Update.ico
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\video.jpg
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\Installation.htm
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\KeysSwapping.htm
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\LMenu.htm
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\MainPage.htm
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\MercTut.htm
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\MySorce.htm
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\PKID.ByGroups.htm
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\PKID.ByItems.htm
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\PkIdListing.htm
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\PkIdSamples.htm
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\PkIdSyntax.htm
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\SeqCommands.htm
c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\SeqExamples.htm
c:\program files\mm.BOT\mm.BOT.MAN\Documents\mm.BOT.History.txt
c:\program files\mm.BOT\mm.BOT.MAN\mm.BOT.MANUAL.htm
c:\program files\mm.BOT\mm.BOT.MANUAL.htm
c:\program files\mm.BOT\mmbot_config.exe
c:\program files\mm.BOT\mmbot_configinfo.ini
c:\program files\mm.BOT\Scripts\Example.au3
c:\program files\mm.BOT\Scripts\mm.BOT.Include.au3
c:\program files\mm.BOT\Tools\ImportantRead.txt
c:\program files\mm.BOT\Tools\mm.FList\mm.FList.exe
c:\program files\mm.BOT\Tools\mm.FList\mm.FList.ini
c:\program files\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.exe
c:\program files\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.ini
c:\program files\mm.BOT\Tools\mm.RBlocks\mm.RBlocks.exe
c:\program files\mm.BOT\Update.cli
c:\program files\mm.BOT\Update.exe
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaobvviiuh.sys
c:\windows\system32\Memman.vxd
c:\windows\system32\ntdll64.exe
c:\windows\system32\seneka.dat
c:\windows\system32\senekadf.dat
c:\windows\system32\senekafmxgkivb.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\senekapewbtqlo.dll
c:\windows\system32\senekawahsthof.dll
c:\windows\system32\skinboxer43.dll
c:\windows\system32\upirftmc.dll
c:\windows\system32\win32hlp.cnf
c:\windows\system32\zvsret.dll
D:\install.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SENEKA
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.
2009-01-05 23:33 . 2009-01-05 23:33 <DIR> d-------- c:\program files\Avira
2009-01-05 23:33 . 2009-01-05 23:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-05 07:04 . 2009-01-05 07:04 111,616 --a--c--- c:\windows\system32\dllcache\userinit.exe
2009-01-04 02:03 . 2008-10-30 10:50 172,840 --a------ c:\windows\system32\Wintab32.dll
2009-01-04 02:03 . 2008-10-06 11:53 15,656 --a------ c:\windows\system32\drivers\wacmoumonitor.sys
2009-01-03 15:19 . 2009-01-03 15:19 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-03 15:19 . 2009-01-03 15:19 <DIR> d-------- c:\documents and settings\ez\Application Data\SUPERAntiSpyware.com
2009-01-03 15:19 . 2009-01-03 15:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-03 10:35 . 2009-01-03 10:35 <DIR> d-------- C:\VundoFix Backups
2009-01-03 09:25 . 2002-12-29 01:14 81,920 --a------ c:\windows\system32\Startup.cpl
2009-01-03 08:53 . 2009-01-03 08:53 <DIR> d-------- c:\documents and settings\ez\Application Data\VirusRemover2008
2009-01-02 16:04 . 2009-01-02 16:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development
2008-12-30 23:06 . 2008-12-30 23:06 <DIR> d-------- c:\documents and settings\ez\Application Data\acccore
2008-12-28 19:11 . 2008-12-28 19:11 <DIR> d-------- c:\program files\Will
2008-12-24 10:10 . 2008-12-24 10:10 <DIR> d-------- c:\program files\clisp-2.47
2008-12-23 22:45 . 2008-12-23 22:45 <DIR> d-------- c:\program files\Viewpoint
2008-12-23 22:45 . 2008-12-23 22:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-23 22:45 . 2008-12-23 22:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2008-12-23 22:44 . 2008-12-23 22:44 <DIR> d-------- c:\program files\Common Files\AOL
2008-12-23 22:44 . 2008-12-23 22:48 <DIR> d-------- c:\program files\AIM6
2008-12-23 22:44 . 2008-12-30 23:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2008-12-23 22:44 . 2008-12-23 22:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL
2008-12-23 22:44 . 2008-12-23 22:48 456 --ah----- C:\IPH.PH
2008-12-22 22:32 . 2009-01-04 18:47 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-22 22:32 . 2008-12-22 22:32 1,409 --a------ c:\windows\QTFont.for
2008-12-20 17:45 . 2008-12-20 17:45 <DIR> d-------- c:\program files\Advanced Batch Converter
2008-12-19 16:55 . 2008-12-26 16:26 <DIR> d-------- c:\documents and settings\ez\Application Data\IMVU
2008-12-19 16:54 . 2008-12-24 10:34 <DIR> d-------- c:\documents and settings\ez\Application Data\IMVUClient
2008-12-17 20:13 . 2008-12-17 20:13 <DIR> d-------- c:\program files\HexCmp
2008-12-17 20:10 . 2008-12-17 20:10 <DIR> d-------- c:\program files\DiffMerge
2008-12-14 14:24 . 2008-12-14 14:24 <DIR> d-------- C:\MinGW
2008-12-14 14:24 . 2008-12-14 14:24 41 --a------ c:\windows\MinGW.INI
2008-12-14 13:45 . 2008-12-14 13:45 <DIR> d-------- C:\Tcl
2008-12-12 23:20 . 2008-12-12 23:20 <DIR> d-------- C:\ijji
2008-12-12 23:18 . 2008-12-12 23:18 <DIR> d-------- c:\program files\NHN USA
2008-12-12 23:18 . 2008-06-17 19:28 710,064 --a------ c:\windows\system32\ijjiSetup.exe
2008-12-12 23:18 . 2008-04-23 14:02 157,152 --a------ c:\windows\system32\PubPlugin.dll
2008-12-12 23:18 . 2008-06-11 23:01 58,800 --a------ c:\windows\system32\ijjiPlugin2.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 05:07 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
2009-01-08 05:07 --------- d-----w c:\documents and settings\ez\Application Data\WTablet
2009-01-08 05:01 --------- d-----w c:\program files\Taskbar Shuffle
2009-01-08 05:00 --------- d-----w c:\program files\AVG8
2009-01-08 04:58 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-08 03:59 --------- d-----w c:\program files\Mozilla Firefox 3
2009-01-05 14:04 111,616 ----a-w c:\windows\system32\userinit.exe
2009-01-04 22:02 --------- d-----w c:\documents and settings\ez\Application Data\gtk-2.0
2009-01-04 18:48 --------- d-----w c:\documents and settings\ez\Application Data\uTorrent
2009-01-04 09:04 --------- d-----w c:\program files\Tablet
2009-01-03 23:27 --------- d-----w c:\program files\Folding@Home
2009-01-03 22:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-03 20:04 --------- d-----w c:\program files\Trillian
2008-12-30 21:51 --------- d-----w c:\program files\Starcraft
2008-12-18 05:45 --------- d-----w c:\program files\Gunz
2008-12-17 18:12 --------- d-----w c:\documents and settings\ez\Application Data\Hamachi
2008-12-16 22:36 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-12-16 22:27 --------- d-----w c:\program files\Diablo II
2008-12-14 04:28 --------- d-----w c:\program files\Notepad++
2008-12-13 08:20 --------- d--h--w c:\documents and settings\ez\Application Data\ijjigame
2008-12-13 06:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-13 02:15 --------- d-----w c:\documents and settings\ez\Application Data\OpenOffice.org2
2008-12-06 19:12 --------- d-----w c:\program files\JCreatorV4LE
2008-12-04 07:41 --------- d-----w c:\program files\Yahoo!
2008-12-04 02:54 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-04 02:54 --------- d-----w c:\program files\Sun
2008-12-04 02:53 --------- d-----w c:\program files\Java
2008-11-26 14:16 4,096 ----a-w c:\windows\system32\drivers\nocashio.sys
2008-11-22 21:44 1,032,582 ----a-w c:\windows\system32\alleg42.dll
2008-11-18 06:45 --------- d-----w c:\program files\scilab-5.0.3
2008-11-16 00:41 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-16 00:07 --------- d-----w c:\program files\BroodWarAi Project
2008-11-15 01:28 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-09 11:02 --------- d-----w c:\program files\RelevantKnowledge
2008-10-30 18:13 2,749,224 ----a-w c:\windows\system32\Wacom_Tablet.exe
2008-10-30 18:00 182,056 ----a-w c:\windows\system32\Wacom_Tablet.dll
2007-09-03 18:43 428 ----a-w c:\documents and settings\ez\Application Data\hexplorer.dat
2007-09-03 18:43 4 ----a-w c:\documents and settings\ez\Application Data\mclip.dat
2007-01-25 10:52 65,536 ----a-w c:\program files\Common Files\NMSAccessU.exe
2004-12-02 00:34 716 ---ha-w c:\documents and settings\All Users\Application Data\pb7msys.dat
2008-04-17 08:41 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-04-17 08:41 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-17 08:41 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-04-17 08:41 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-04-17 08:41 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-10-02 07:13 88 --sh--r c:\windows\system32\4F57F3EF13.sys
2008-10-02 07:13 3,608 --sha-w c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2003-03-31 05:00 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\ServicePackFiles\i386\tcpip.sys
2006-04-20 04:51 359808 1dbf125862891817f374f407626967f4 c:\windows\system32\dllcache\tcpip.sys
2006-04-20 04:51 359808 b4e29943b4b04bd5e7381546848e6669 c:\windows\system32\drivers\tcpip.sys
2003-03-31 05:00 22016 e931e0a2b8bf0019db902e98d03662cb c:\windows\$NtServicePackUninstall$\userinit.exe
2004-08-03 23:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\ServicePackFiles\i386\userinit.exe
2009-01-05 07:04 111616 67412a22840f827b42bf5c7df8ea16f5 c:\windows\system32\userinit.exe
2009-01-05 07:04 111616 67412a22840f827b42bf5c7df8ea16f5 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2007-06-16 827392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"JMB36X Configure"="c:\windows\System32\JMRaidTool.exe" [2006-06-28 352256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]
c:\documents and settings\ez\Start Menu\Programs\Startup\
DeskPins.lnk - c:\program files\DeskPins\DeskPins.exe [2004-05-02 62464]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CSCD"= camcodec.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^ez^Start Menu^Programs^Startup^Last.fm Helper.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00Hotkeys]
--a------ 2006-12-01 17:13 45056 c:\program files\Qliner Hotkeys\HotKeys.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2008-02-20 07:33 963072 c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 02:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a------ 2001-08-23 05:00 44032 c:\windows\ime\imkr6_1\imekrmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 21:32 208952 c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-03 21:31 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 21:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 21:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-03-24 19:03 3587120 c:\program files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-02-13 19:05 1519616 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\windows\Network Diagnostic\xpnetdiag.exe"= c:\windows\Network Diagnostic\xpnetdiag.exe:192.168.1.0/255.255.255.0:Enabled:@xpsp3res.dll,-20000
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Autodesk\\Maya 8.5 Personal Learning Edition\\bin\\maya.exe"=
"c:\\Documents and Settings\\ez\\Desktop\\Main\\Game Files\\Cave Story Deluxe\\dedicated\\Dedicated.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Gunz\\Gunz.exe"=
"c:\\Program Files\\Soldat\\Soldat.exe"=
"c:\\Program Files\\Miro\\Miro_Downloader.exe"=
"c:\\Documents and Settings\\ez\\Desktop\\Main\\Game Files\\ROM\\zsnesw142\\zsnesw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5000:TCP"= 5000:TCP:AresChatServer
--- Other Services/Drivers In Memory ---
*Deregistered* - AegisP
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AntiVirScheduler
*Deregistered* - AntiVirService
*Deregistered* - Aspi32
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avgio
*Deregistered* - avgntflt
*Deregistered* - avipbb
*Deregistered* - Beep
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - hamachi
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - McAfeeFramework
*Deregistered* - mcdbus
*Deregistered* - McTaskManager
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NaiAvTdi1
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NMSAccessU
*Deregistered* - Npfs
*Deregistered* - npkcmsvc
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - PartMgr
*Deregistered* - PenClass
*Deregistered* - PnkBstrA
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - ProtexisLicensing
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SASDIFSV
*Deregistered* - SASKUTIL
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - Sentinel
*Deregistered* - SentinelKeysServer
*Deregistered* - SentinelProtectionServer
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - ssmdrv
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TabletServiceWacom
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - Viewpoint Manager Service
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - wacomvhid
*Deregistered* - WacomVKHid
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WinVNC4
*Deregistered* - WmXlCore
*Deregistered* - WS2IFSL
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder
2009-01-05 c:\windows\Tasks\0640.job
- c:\documents and settings\ez\Desktop\Main\Text Files\0640.txt [2008-11-28 10:50]
2008-08-31 c:\windows\Tasks\229.job
- c:\documents and settings\ez\Desktop\Main\Text Files\229.txt [2008-08-31 09:03]
2009-01-07 c:\windows\Tasks\amhdrfty.job
- c:\windows\system32\rundll32.exe [2004-08-03 23:56]
2009-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1844823847-839522115-1005.job
- c:\documents and settings\ez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 01:17]
.
- - - - ORPHANS REMOVED - - - -
BHO-{69085d99-c561-4800-8ce8-4ec8804fc6f5} - c:\windows\system32\zvsret.dll
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\ez\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\ez\Application Data\Mozilla\Firefox\Profiles\qlfy4h7m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.staredit.net/?p=index|http://garbeld.deviantart.com/|http://plushandblood.informe.com/index.php|http://conceptart.org/forums/|http://www.plushandblood.com/Chat.php|chrome://quicknote/content/quicknote.xhtml
FF - plugin: c:\documents and settings\ez\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox 3\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox 3\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox 3\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 22:13:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-329068152-1844823847-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{16FC62B2-8AFB-457E-EADC-12372DB45CA9}*NULL*]
"haolhebpmoeeheii"=hex:6b,61,6c,61,6f,67,63,61,61,61,6a,61,6a,6b,6e,64,66,70,\
63,6b,68,69,00,7f
"eaijajfmjg"=hex:66,61,67,6b,70,6b,61,68,69,69,61,65,00,31
"danjdjca"=hex:64,62,6d,6c,63,63,70,68,68,70,64,64,62,6b,63,64,6d,67,6a,66,62,\
6c,64,70,6f,6f,6e,6c,6b,6a,63,64,67,67,6f,66,64,6a,68,69,00,00
"iaanachnfkabolimfd"=hex:6a,61,65,6f,70,68,65,6a,6c,6f,6c,69,68,6b,68,6a,69,6a,\
6d,6d,00,d0
[HKEY_LOCAL_MACHINE\software\Classes\ppifile\DefaultIcon]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\system32\\msppcnfg.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\ppifile\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0]
@DACL=(02 0000)
@="FlashAccessibility"
[HKEY_LOCAL_MACHINE\software\JMICRON Technologies, Inc.\JRAID]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE UserData NT\RegBackup]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE.HKCUZoneInfo\RegBackup]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.UserAgent\RegBackup]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\11.0]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\9.0]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimDllExclusionList]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimDllInclusionList]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimExclusionList]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimInclusionList]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{13A7995E-7D8F-45B4-9C77-819265225763}]
@DACL=(02 0000)
"Priority"=dword:00000001
"AutoInsert"=dword:00000001
"Name"="WMPlayer Spectrum Analyzer DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{95037DA1-6ED9-4B27-8CFF-9AD3DFB0B2F2}]
@DACL=(02 0000)
"Priority"=dword:fffffffb
"AutoInsert"=dword:00000001
"Name"="WMPlayer SRSWow DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{974BF3BF-C9AE-4476-8003-5FE544DF458C}]
@DACL=(02 0000)
"Priority"=dword:fffffffe
"AutoInsert"=dword:00000001
"Name"="WMPlayer Video Processing DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{B2DBA270-9F49-4513-AC13-76496D6EBA3A}]
@DACL=(02 0000)
"Priority"=dword:00000002
"AutoInsert"=dword:00000000
"Name"="Speaker Enhancement DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D01BC8E2-70AD-4976-9612-21B37ED5C8E8}]
@DACL=(02 0000)
"Priority"=dword:00000003
"AutoInsert"=dword:00000001
"Name"="WMPlayer Equalizer DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D7E9C0B4-0E4D-46B4-BC46-1D0222F92C6F}]
@DACL=(02 0000)
"Priority"=dword:fffffffc
"AutoInsert"=dword:00000001
"Name"="Seamless Audio DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{E5A8C40E-654B-44D4-ACBB-DBE6D3B3333B}]
@DACL=(02 0000)
"Priority"=dword:fffffffd
"AutoInsert"=dword:00000001
"Name"="Volume Normalization DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{FB02E8EF-ACFE-4CC0-96DF-8B5C7098272C}]
@DACL=(02 0000)
"Priority"=dword:fffffffe
"AutoInsert"=dword:00000001
"Name"="WMPlayer Time Compression DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Automenu]
@DACL=(02 0000)
"classid"="clsid:6B28F900-8D64-4B80-9963-CC52DDD1FBB4"
"visible"="false"
"tabstop"="false"
"width"="1"
"height"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\BalanceSlider]
@DACL=(02 0000)
"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"
"toolTip"="res://wmploc.dll/RT_STRING/#1845"
"min"="-100"
"max"="100"
"value"="wmpprop:player.settings.balance"
"value_onchange"="player.settings.balance=value;"
"accName"="res://wmploc.dll/RT_STRING/#2112"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\browser]
@DACL=(02 0000)
"classid"="clsid:8856F961-340A-11D0-A96B-00C04FD705A2"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Button]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2114"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup]
@DACL=(02 0000)
"classid"="clsid:AE3B6831-25A9-11d3-BD41-00C04F6EA5AE"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CloseButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"upToolTip"="res://wmploc.dll/RT_STRING/#1812"
"onclick"="view.close();"
"accName"="res://wmploc.dll/RT_STRING/#2134"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2135"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CurrentPositionText]
@DACL=(02 0000)
"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
"tabStop"="true"
"justification"="right"
"value"="wmpprop:player.controls.currentPositionString"
"accName"="res://wmploc.dll/RT_STRING/#2103"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CustomSlider]
@DACL=(02 0000)
"classid"="clsid:95F45AA3-ED0A-11D2-BA67-0000F80855E6"
"cursor"="hand"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\DropDownPlaylist]
@DACL=(02 0000)
"classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70"
"playlistItemsVisible"="false"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\DurationText]
@DACL=(02 0000)
"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
"tabStop"="true"
"justification"="right"
"value"="wmpprop:player.currentMedia.DurationString"
"accName"="res://wmploc.dll/RT_STRING/#2104"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\EditBox]
@DACL=(02 0000)
"classid"="clsid:6342FCED-25EA-4033-BDDB-D049A14382D3"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Bars]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\EqualizerSettings]
@DACL=(02 0000)
"classid"="clsid:93EB32F5-87B1-45ad-ACC6-0F2483DB83BB"
"tabStop"="false"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\FFWDButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.fastforward"
"upToolTip"="res://wmploc.dll/RT_STRING/#1804"
"onclick"="player.controls.FastForward()"
"accName"="res://wmploc.dll/RT_STRING/#2120"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2121"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ImageButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"cursor"="hand"
"accName"="res://wmploc.dll/RT_STRING/#2140"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ItemsPlaylist]
@DACL=(02 0000)
"classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70"
"backgroundcolor"="black"
"foregroundcolor"="white"
"columnsVisible"="false"
"columns"="name=Name;Duration=Time"
"dropDownVisible"="false"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\LibraryTree]
@DACL=(02 0000)
"classid"="clsid:D9DE732A-AEE9-4503-9D11-5605589977A8"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ListBox]
@DACL=(02 0000)
"classid"="clsid:FC1880CF-83B9-43A7-A066-C44CE8C82583"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\menu]
@DACL=(02 0000)
"classid"="clsid:BAB3768B-8883-4AEC-9F9B-E14C947913EF"
"visible"="false"
"tabstop"="false"
"width"="1"
"height"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\MinimizeButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"upToolTip"="res://wmploc.dll/RT_STRING/#1811"
"onclick"="view.minimize();"
"accName"="res://wmploc.dll/RT_STRING/#2132"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2133"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\MuteButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"upToolTip"="res://wmploc.dll/RT_STRING/#1807"
"downToolTip"="res://wmploc.dll/RT_STRING/#1808"
"sticky"="true"
"down"="wmpprop:player.settings.mute"
"onClick"="player.settings.mute=down;"
"accName"="res://wmploc.dll/RT_STRING/#2130"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2131"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\NextButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.next"
"upToolTip"="res://wmploc.dll/RT_STRING/#1806"
"onclick"="player.controls.Next()"
"accName"="res://wmploc.dll/RT_STRING/#2124"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2125"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PauseButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.pause"
"upToolTip"="res://wmploc.dll/RT_STRING/#1801"
"onclick"="player.controls.pause()"
"accName"="res://wmploc.dll/RT_STRING/#2116"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PlayButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.play"
"upToolTip"="res://wmploc.dll/RT_STRING/#1800"
"onclick"="player.controls.play()"
"accName"="res://wmploc.dll/RT_STRING/#2115"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Playlist]
@DACL=(02 0000)
"classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\plugin]
@DACL=(02 0000)
"classid"="clsid:AA1AC37B-49A8-4B41-AF69-B0176C5FFC33"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PopUp]
@DACL=(02 0000)
"classid"="clsid:FC1880CF-83B9-43A7-A066-C44CE8C82583"
"popup"="true"
"visible"="false"
"backgroundColor"="menu"
"foregroundColor"="menutext"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PrevButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.previous"
"upToolTip"="res://wmploc.dll/RT_STRING/#1805"
"onclick"="player.controls.Previous()"
"accName"="res://wmploc.dll/RT_STRING/#2126"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2127"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ProgressBar]
@DACL=(02 0000)
"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\RepeatButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"upToolTip"="res://wmploc.dll/RT_STRING/#1816"
"downToolTip"="res://wmploc.dll/RT_STRING/#1817"
"sticky"="true"
"down"="jscript:player.settings.GetMode(\"loop\");"
"onClick"="player.settings.setMode(\"loop\", down);"
"accName"="res://wmploc.dll/RT_STRING/#2138"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2139"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ReturnButton]
@DACL=(02 0000)
"upToolTip"="res://wmploc.dll/RT_STRING/#1813"
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"onclick"="view.returnToMediaCenter();"
"accName"="res://wmploc.dll/RT_STRING/#2128"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2129"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\REWButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.fastreverse"
"upToolTip"="res://wmploc.dll/RT_STRING/#1803"
"onclick"="player.controls.FastReverse()"
"accName"="res://wmploc.dll/RT_STRING/#2122"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2123"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\SeekSlider]
@DACL=(02 0000)
"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"
"toolTip"="res://wmploc.dll/RT_STRING/#1809"
"min"="0"
"max"="wmpprop:player.currentmedia.duration"
"value"="wmpprop:player.controls.currentposition"
"ondragend"="player.controls.currentposition=value;"
"foregroundProgress"="wmpprop:player.network.downloadProgress"
"useForegroundProgress"="true"
"accName"="res://wmploc.dll/RT_STRING/#2109"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ShuffleButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"upToolTip"="res://wmploc.dll/RT_STRING/#1814"
"downToolTip"="res://wmploc.dll/RT_STRING/#1815"
"sticky"="true"
"down"="jscript:player.settings.GetMode(\"shuffle\");"
"onClick"="player.settings.setMode(\"shuffle\", down);"
"accName"="res://wmploc.dll/RT_STRING/#2136"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2137"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Slider]
@DACL=(02 0000)
"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\StatusText]
@DACL=(02 0000)
"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
"tabStop"="true"
"value"="wmpprop:player.status"
"accName"="res://wmploc.dll/RT_STRING/#2102"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\StopButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.stop"
"upToolTip"="res://wmploc.dll/RT_STRING/#1802"
"onclick"="player.controls.stop()"
"accName"="res://wmploc.dll/RT_STRING/#2118"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2119"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\taskcenter]
@DACL=(02 0000)
"classid"="clsid:395BF287-6477-495f-8427-2C09A23C3248"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Text]
@DACL=(02 0000)
"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
"tabStop"="false"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\TrackNameText]
@DACL=(02 0000)
"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
"tabStop"="true"
"value"="wmpprop:player.currentmedia.name"
"accName"="res://wmploc.dll/RT_STRING/#2105"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Video]
@DACL=(02 0000)
"classid"="clsid:61CECF11-FC3A-11D2-A1CD-005004602752"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\VideoSettings]
@DACL=(02 0000)
"classid"="clsid:AE7BFAFE-DCC8-4a73-92C8-CC300CA88859"
"tabStop"="false"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\VolumeSlider]
@DACL=(02 0000)
"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"
"min"="0"
"max"="100"
"value"="wmpprop:player.settings.volume"
"value_onchange"="if (value!=player.settings.volume){player.settings.volume=value;player.settings.mute=f
alse;}"
"toolTip"="res://wmploc.dll/RT_STRING/#1810"
"accName"="res://wmploc.dll/RT_STRING/#2110"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2111"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\WMPEffects]
@DACL=(02 0000)
"classid"="clsid:47DEA830-D619-4154-B8D8-6B74845D6A2D"
"tabStop"="false"
"width"="250"
"height"="200"
"horizontalAlignment"="stretch"
"verticalAlignment"="stretch"
"currentEffectType"="wmpprop:mediacenter.effectType"
"currentPreset"="wmpprop:mediacenter.effectPreset"
"currentEffectType_onchange"="mediacenter.effectType = currentEffectType;"
"currentPreset_onchange"="mediacenter.effectPreset = currentPreset;"
"onclick"="next();"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\WMPVideo]
@DACL=(02 0000)
"classid"="clsid:61CECF11-FC3A-11D2-A1CD-005004602752"
"horizontalAlignment"="stretch"
"verticalAlignment"="stretch"
"zoom"="wmpprop:mediacenter.videoZoom"
"stretchToFit"="wmpprop:mediacenter.videoStretchToFit"
"backgroundColor"="black"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Services]
@DACL=(02 0000)
"NoServices"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Services\MediaGuide]
@DACL=(02 0000)
"FriendlyName"="Media Guide"
"ColorPlayer"="#0063B0"
"ImageLargeURL"="http://images.metaservices.microsoft.com/svcswitch/WindowsMediaPlayer11_30x30.png"
"ImageMenuURL"="http://images.metaservices.microsoft.com/svcswitch/wm_com_v_rgb_15x15.png"
"Task1ButtonText"="Media Guide"
"Task1ButtonTip"="Media Guide"
"Type"=dword:00000002
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Setup\Installed Versions]
@DACL=(02 0000)
"wmp.dll"=hex:00,00,0b,00,19,14,59,16
"wmploc.dll"=hex:00,00,0b,00,19,14,59,16
"wmplayer.exe"=hex:00,00,0b,00,19,14,59,16
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllInclusionList]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\chrome.exe]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\FIREFOX.EXE]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\Songbird.exe]
@DACL=(02 0000)
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\xulrunner.exe]
@DACL=(02 0000)
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\SmartPlaylist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{0776F107-F5A6-404B-9A78-7027FA6EAADD}]
@DACL=(02 0000)
"FriendlyName"="Windows Live Messenger Music Plugin"
"Description"="Changes your personal message in Windows Live Messenger to show the currently playing song."
"Capabilities"=dword:40000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\MPPRE10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\mppre10.cat"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\WMDM10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\wmdm10.cat"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
@DACL=(02 0000)
"FriendlyName"="DirectX"
"ComponentGUID"="{44BBA855-CC51-11CF-AAFA-00AA00B6015C}"
"Version"=dword:00040009
"Sub-Version"=dword:00000388
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\\dxxp.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\\dxxp.cat"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\WPD10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\wpd10.cat"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.cat"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AA936DF4-2B08-4B1F-B071-72192E287704}]
@DACL=(02 0000)
"FriendlyName"="DirectX BDA"
"ComponentGUID"="{AA936DF4-2B08-4B1F-B071-72192E287704}"
"Version"=dword:00040009
"Sub-Version"=dword:00000388
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AA936DF4-2B08-4B1F-B071-72192E287704}\\dxbda.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AA936DF4-2B08-4B1F-B071-72192E287704}\\dx9bda.cat"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\WMFSDK10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\wmfsdk10.cat"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\DRM10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\drm10.cat"
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.\Realtek High Definition Audio Driver]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\relevantknowledge\rlls.dll
.
Completion time: 2009-01-07 22:16:59
ComboFix-quarantined-files.txt 2009-01-08 05:15:44
Pre-Run: 11,645,476,864 bytes free
Post-Run: 11,717,521,408 bytes free
1016 --- E O F --- 2007-07-10 02:16:26